Comments (5)
Hi @patst, we couldn't reproduce the error using a UserAssignedMSI bot deployed in an Azure App Service. We are working on deploying the bot to an AKS cluster, and it would be helpful if you could provide the steps you followed to deploy your bot and configure the Azure Workload Identity. Thanks!
@ceciliaavila thanks for your message.
I created a little example app to reproduce the error. See the repository at https://github.com/patst/botbuilder-js-4582
I added some kubernetes manifests in the manifests
folder.
The configuration in the Azure Portal follows the docs provided on the AKS pages (https://learn.microsoft.com/en-us/azure/aks/workload-identity-overview?tabs=dotnet#microsoft-authentication-library-msal )
Hope that helps
I think the main difference is the ManagedIdentity Credentials (used in the AppService) call the IMDB endpoint at 169.254.169.254
which somehow accepts the scope (or uses another?) and the WorkloadIdentityCredentials use https://login.microsoftonline.com
which rejects the invalid scope
from botbuilder-js.
Hi @patst, we couldn't reproduce the error using a UserAssignedMSI bot deployed in an Azure App Service.
We are working on deploying the bot to an AKS cluster, and it would be helpful if you could provide the steps you followed to deploy your bot and configure the Azure Workload Identity.
Thanks!
from botbuilder-js.
I @patst, thanks for the information. We managed to deploy the application in the cluster and enable workload identity, but we are struggling to create the ingress and the service to access the bot. Do you have the steps or the manifests for this?
We are following these two guides, but we are not sure if we are missing something.
https://learn.microsoft.com/en-us/azure/aks/ingress-basic?tabs=azure-cli
https://learn.microsoft.com/en-us/azure/aks/ingress-tls?tabs=azure-cli#create-an-ingress-controller
Thanks!
from botbuilder-js.
I @patst, thanks for the information. We managed to deploy the application in the cluster and enable workload identity, but we are struggling to create the ingress and the service to access the bot. Do you have the steps or the manifests for this? We are following these two guides, but we are not sure if we are missing something. https://learn.microsoft.com/en-us/azure/aks/ingress-basic?tabs=azure-cli https://learn.microsoft.com/en-us/azure/aks/ingress-tls?tabs=azure-cli#create-an-ingress-controller Thanks!
hey @ceciliaavila , thanks for working on it. I added a ingress and service definition to the example repository.
I addition to that, you will need a valid TLS certificate for the ingress. You could use certmanager for that.
What problems are you facing exactly?
Maybe the AKS team can give you a hand on getting the cluster up and running.
from botbuilder-js.
I @patst, thanks for the information. We managed to deploy the application in the cluster and enable workload identity, but we are struggling to create the ingress and the service to access the bot. Do you have the steps or the manifests for this? We are following these two guides, but we are not sure if we are missing something. https://learn.microsoft.com/en-us/azure/aks/ingress-basic?tabs=azure-cli https://learn.microsoft.com/en-us/azure/aks/ingress-tls?tabs=azure-cli#create-an-ingress-controller Thanks!
hey @ceciliaavila , thanks for working on it. I added a ingress and service definition to the example repository.
I addition to that, you will need a valid TLS certificate for the ingress. You could use certmanager for that. What problems are you facing exactly? Maybe the AKS team can give you a hand on getting the cluster up and running.
Hi @patst, thanks for all your help, we were finally able to reproduce the error. We'll be reviewing the fix you proposed.
Thanks!
from botbuilder-js.
Related Issues (20)
- "handleTeamsMessagingExtensionBotMessagePreviewSend" method not hitting in my code. HOT 5
- ChannelAccount cannot accept extensible properties
- Content Type is not set on uploaded blobs
- replyToId not part of token response of oauthprompt HOT 12
- @azure/msal-node and @azure/msal-browser versions are deprecated (both have new major versions)
- Add support for isVisible property in SharePoint Bot Adaptive Card Extension
- 'yarn' command not found while installing 'botbuilder-dialogs' HOT 2
- Cannot catch MemberNotFoundInConversation error when calling getConversationPagedMembers HOT 7
- port: Add zh-cn to supported locales HOT 1
- handleTeamsMessagingExtensionCardButtonClicked method is not working. HOT 11
- Support Federated Identity Credential HOT 2
- Adaptive card reverting back after reacting to it in Teams HOT 1
- CertificateAppCredentials defaults tenant to botframework.com HOT 4
- Support for multi-instance app customization in Teams? HOT 1
- TeamsInfo.getTeamChannels returning 403 Service Error Unknown HOT 2
- Facing FetchError: request to https://login.botframework.com/v1/.well-known/openidconfiguration failed, reason: unable to get local issuer certificate
- Skype is not sending the attachment details along with request object in group chats HOT 6
- `Input.Text` not displaying when used with `isRequired: true` HOT 1
- Update axios in botbuilder-core from 0.28 to 1.6.4 HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from botbuilder-js.