Issue while upgrading the azure aks cluster from 1.23.8 to 1.24.6 and getting error - CustomPrivateDNSZoneMissingPermissionError

Question

I was trying to upgrade the AKS cluster using C#/Pulumi to upgrade the aks cluster version from 1.23.8 to 1.24.6. Getting below error enter image description here

I have tried assigning PrivateDNSZonecontributor, contributor, Networkcontributor permissions for the aksmanaged identity. but no luck. Did any one got above issues? any suggesions/ideas to the resolutions appreciated. Thanks, Praveen

score 0 · Answer 1 · answered Feb 07 '23 at 11:32

0

It seems you are granting the permissions to the wrong identity. You should grant the cluster assigned identity at least the Private DNS Zone Contributor and Network Contributor roles as mentioned here.

To get the identity, use the ID found in the output of az aks show -g <RG> -n <name> --query identity

answered Feb 07 '23 at 11:32

akathimi

1,393
11

I have checked and found that i have assigned roles to aks cluster identity on but we have private links defined in various RGs across the sub, seems it is expecting to assign the read-write access for private links ( linked with private dns zones) . trying still issue not resolved yet. – Praveen Feb 08 '23 at 12:18

Issue while upgrading the azure aks cluster from 1.23.8 to 1.24.6 and getting error - CustomPrivateDNSZoneMissingPermissionError

1 Answers1