Ingress-azure container won't start - AZURE_AUTH_LOCATION error about application-gateway-kubernetes-ingress HOT 3 CLOSED

@dan-jackson-github the reason we don't have documentation for using service principal directly, with using the AAD-POD-IDENTITY integration for using MSI, was that the support service principal was introduced primarily to support development activities. Is there a specific reason you need to use the service princiapl and not an MSI to access the AG?

from application-gateway-kubernetes-ingress.

hi @asridharan thanks for the response. The reason is I would like to keep the k8s configuration as minimal as possible, introducing aad-pod-identity introduces more complexity and another point of failure, it seems the only thing that is going to use it in my AKS implementation is this ingress controller. I prefer to use service principal approach because that keeps my configuration consistent. I also have no experience with aad-pod-identity, have never seen or supported it before!

What is the reason that service principal support is only intended for development? It seems to be a standard approach in AKS for other areas such as load balancer services, storage access and container registry access. Are we saying you don't recommend this approach for productive use? Is it not secure?

from application-gateway-kubernetes-ingress.

Was this ever answered or set as a supported approach? I also do not understand why a service principal would only be used for development. It's pretty common practice to prefer service principals over MSI in Azure.

Even if it's not supported, it's not clear how to even use this for development purposes anyhow. Please provide some update guidance using service principals here or just remove it, if it's not REALLY supported.

from application-gateway-kubernetes-ingress.