尝试在Azure AKS中设置istio以及aad-pod身份:https://github.com/Azure/aad-pod-identity
工作原理是我们的广告连播从以下位置请求令牌: http://169.254.169.254/metadata/identity/oauth2/token?resource=https://vault.azure.net 并且该调用应该从aad-pod-identity击中nmi守护程序集,但是它不起作用。相反,我们从特使那里收到了404响应。
我们尝试使用ServiceEntry,但没有帮助:
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
creationTimestamp: 2018-10-12T11:39:26Z
generation: 1
name: msi-daemonset-address
namespace: default
resourceVersion: "2373004"
selfLink: /apis/networking.istio.io/v1alpha3/namespaces/default/serviceentries/msi-daemonset-address
uid: 78c6a605-ce13-11e8-8985-feb9b8b89337
spec:
addresses:
- 169.254.169.254
location: MESH_INTERNAL
ports:
- name: http
number: 80
protocol: HTTP
有什么想法吗?