How to use a managed identity with the azure sdk running in an aks cluster?
I would like to use a managed identity to query logs from azure Log Analytics using the
com.azure.monitor.query.LogsQueryClient
from the com.azure:azure-monitor-query Java sdk library.
My application is running on a pod inside of an aks cluster.
I tried to follow this documentation: https://zcusa.951200.xyz/en-us/azure/aks/use-azure-ad-pod-identity
I created a managed identity and created an AzureIdentity resource in my cluster for this identity.
I linked the pod with the label "aadpodidbinding" to the azure identity.
In my application I did configure my LogQueryClient with a managedIdentityCredential `
new ManagedIdentityCredentialBuilder().clientId(<<Client-id of the managed identity resource>>).build()
Running my application it still fails to authenticate:
2024-10-18 09:46:46,255 WARN [com.mic.aad.msa.ManagedIdentityApplication] (Thread-23) [] [Correlation ID: 8bf1b0e5-8c50-4a16-b88c-d6bd6fab8bfb] Execution of class com.microsoft.aad.msal4j.AcquireTokenByManagedIdentitySupplier failed: [Managed Identity] Unexpected exception occurred when parsing the response, HttpStatusCode: 404, Error message: com.fasterxml.jackson.core.JsonParseException: Unrecognized token 'no': was expecting (JSON String, Number, Array, Object or token 'null', 'true' or 'false') at [Source: REDACTED (
StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION
disabled); line: 1, column: 3]2024-10-18 09:46:46,255 ERROR [com.azu.ide.ManagedIdentityCredential] (Thread-23) [] Azure Identity => ERROR in getToken() call for scopes [https://api.loganalytics.io/.default]: Managed Identity authentication is not available.2024-10-18 09:46:46,256 ERROR [com.azu.cor.imp.AccessTokenCache] (executor-thread-64) [] {"az.sdk.message":"Failed to acquire a new access token.","exception":"Managed Identity authentication is not available."}
what are the single steps needed for using a managed identity with a java sdk client inside a aks deployment?