diff --git a/deploy/azuredeploy.json b/deploy/azuredeploy.json index 44ca5bf1e..21325f5e0 100644 --- a/deploy/azuredeploy.json +++ b/deploy/azuredeploy.json @@ -1,5 +1,5 @@ { - "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "aksServicePrincipalAppId": { @@ -331,6 +331,7 @@ "resgpguid": "[substring(replace(guid(resourceGroup().id), '-', ''), 0, 4)]", "vnetName": "[concat('virtualnetwork' , variables('resgpguid'))]", "applicationGatewayName": "[concat('applicationgateway' , variables('resgpguid'))]", + "wafPolicyName": "[concat('appgwwafpolicy' , variables('resgpguid'))]", "identityName": "[concat('appgwContrIdentity' , variables('resgpguid'))]", "applicationGatewayPublicIpName": "[concat('appgwpublicip' , variables('resgpguid'))]", "kubernetesSubnetName": "kubesubnet", @@ -341,28 +342,24 @@ "applicationGatewaySubnetId": "[concat(variables('vnetID'),'/subnets/', variables('applicationGatewaySubnetName'))]", "applicationGatewayPublicIpId": "[resourceId('Microsoft.Network/publicIPAddresses',variables('applicationGatewayPublicIpName'))]", "applicationGatewayId": "[resourceId('Microsoft.Network/applicationGateways', variables('applicationGatewayName'))]", + "wafPolicyResourceId": "[resourceId('Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies', variables('wafPolicyName'))]", "identityId": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', variables('identityName'))]", "aksClusterId": "[resourceId('Microsoft.ContainerService/managedClusters', variables('aksClusterName'))]", "networkContributorRole": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", "contributorRole": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", - "managedIdentityOperatorRole": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'f1a07417-d97a-45cb-824c-7a7467783830')]", - "readerRole": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", - "webApplicationFirewallConfiguration": { - "enabled": "true", - "firewallMode": "Detection" - } + "managedIdentityOperatorRole": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'f1a07417-d97a-45cb-824c-7a7467783830')]" }, "resources": [ { "type": "Microsoft.ManagedIdentity/userAssignedIdentities", "name": "[variables('identityName')]", - "apiVersion": "2015-08-31-PREVIEW", + "apiVersion": "2023-01-31", "location": "[resourceGroup().location]" }, { "type": "Microsoft.Network/virtualNetworks", "name": "[variables('vnetName')]", - "apiVersion": "2018-08-01", + "apiVersion": "2024-07-01", "location": "[resourceGroup().location]", "properties": { "addressSpace": { @@ -380,7 +377,15 @@ { "name": "[variables('applicationGatewaySubnetName')]", "properties": { - "addressPrefix": "[parameters('applicationGatewaySubnetAddressPrefix')]" + "addressPrefix": "[parameters('applicationGatewaySubnetAddressPrefix')]", + "delegations": [ + { + "name": "Microsoft.Network/applicationGateways", + "properties": { + "serviceName": "Microsoft.Network/applicationGateways" + } + } + ] } } ] @@ -389,7 +394,7 @@ { "type": "Microsoft.Network/publicIPAddresses", "name": "[variables('applicationGatewayPublicIpName')]", - "apiVersion": "2018-08-01", + "apiVersion": "2024-07-01", "location": "[resourceGroup().location]", "sku": { "name": "Standard" @@ -401,7 +406,7 @@ { "type": "Microsoft.Network/applicationGateways", "name": "[variables('applicationGatewayName')]", - "apiVersion": "2018-08-01", + "apiVersion": "2024-07-01", "location": "[resourceGroup().location]", "tags": { "managed-by-k8s-ingress": "true" @@ -481,6 +486,8 @@ { "name": "rule1", "properties": { + "RuleType": "Basic", + "priority": 10, "httpListener": { "id": "[concat(variables('applicationGatewayId'), '/httpListeners/httpListener')]" }, @@ -493,13 +500,42 @@ } } ], - "webApplicationFirewallConfiguration": "[if(equals(parameters('applicationGatewaySku'), 'WAF_v2'), variables('webApplicationFirewallConfiguration'), json('null'))]" + "firewallPolicy": "[if(equals(parameters('applicationGatewaySku'), 'WAF_v2'), json(concat('{\"id\": \"', variables('wafPolicyResourceId'), '\"}')), json('null'))]" }, "dependsOn": [ "[concat('Microsoft.Network/virtualNetworks/', variables('vnetName'))]", - "[concat('Microsoft.Network/publicIPAddresses/', variables('applicationGatewayPublicIpName'))]" + "[concat('Microsoft.Network/publicIPAddresses/', variables('applicationGatewayPublicIpName'))]", + "[variables('wafPolicyName')]" ] }, + { + "apiVersion": "2023-11-01", + "type": "Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies", + "name": "[variables('wafPolicyName')]", + "location": "[resourceGroup().location]", + "tags": {}, + "condition": "[equals(parameters('applicationGatewaySku'), 'WAF_v2')]", + "properties": { + "policySettings": { + "mode": "Detection", + "state": "Enabled", + "fileUploadLimitInMb": 100, + "requestBodyCheck": true, + "maxRequestBodySizeInKb": 128 + }, + "managedRules": { + "exclusions": [], + "managedRuleSets": [ + { + "ruleSetType": "OWASP", + "ruleSetVersion": "3.2", + "ruleGroupOverrides": null + } + ] + }, + "customRules": [] + } + }, { "type": "Microsoft.Resources/deployments", "name": "RoleAssignmentDeploymentForKubenetesSp", @@ -563,7 +599,7 @@ "name": "[concat(variables('applicationGatewayName'), '/Microsoft.Authorization/', guid(resourceGroup().id, 'identityappgwaccess'))]", "properties": { "roleDefinitionId": "[variables('contributorRole')]", - "principalId": "[reference(variables('identityId'), '2015-08-31-PREVIEW').principalId]", + "principalId": "[reference(variables('identityId'), '2023-01-31').principalId]", "scope": "[variables('applicationGatewayId')]" } }, @@ -572,8 +608,8 @@ "apiVersion": "2017-05-01", "name": "[guid(resourceGroup().id, 'identityrgaccess')]", "properties": { - "roleDefinitionId": "[variables('readerRole')]", - "principalId": "[reference(variables('identityId'), '2015-08-31-PREVIEW').principalId]", + "roleDefinitionId": "[variables('networkContributorRole')]", + "principalId": "[reference(variables('identityId'), '2023-01-31').principalId]", "scope": "[resourceGroup().id]" } } @@ -588,7 +624,7 @@ { "type": "Microsoft.ContainerService/managedClusters", "name": "[variables('aksClusterName')]", - "apiVersion": "2018-03-31", + "apiVersion": "2025-01-01", "location": "[resourceGroup().location]", "properties": { "kubernetesVersion": "[parameters('kubernetesVersion')]", @@ -642,11 +678,11 @@ }, "identityClientId": { "type": "string", - "value": "[reference(variables('identityID'), '2015-08-31-PREVIEW').clientId]" + "value": "[reference(variables('identityID'), '2023-01-31').clientId]" }, "aksApiServerAddress": { "type": "string", - "value": "[reference(variables('aksClusterId'), '2018-03-31').fqdn]" + "value": "[reference(variables('aksClusterId'), '2025-01-01').fqdn]" }, "aksClusterName": { "type": "string", diff --git a/deploy/azuredeploywindowscluster.json b/deploy/azuredeploywindowscluster.json index 2acff0e8c..8b07ca0c8 100644 --- a/deploy/azuredeploywindowscluster.json +++ b/deploy/azuredeploywindowscluster.json @@ -1,5 +1,5 @@ { - "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "aksServicePrincipalAppId": { @@ -331,6 +331,7 @@ "resgpguid": "[substring(replace(guid(resourceGroup().id), '-', ''), 0, 4)]", "vnetName": "[concat('virtualnetwork' , variables('resgpguid'))]", "applicationGatewayName": "[concat('applicationgateway' , variables('resgpguid'))]", + "wafPolicyName": "[concat('appgwwafpolicy' , variables('resgpguid'))]", "identityName": "[concat('appgwContrIdentity' , variables('resgpguid'))]", "applicationGatewayPublicIpName": "[concat('appgwpublicip' , variables('resgpguid'))]", "kubernetesSubnetName": "kubesubnet", @@ -341,28 +342,24 @@ "applicationGatewaySubnetId": "[concat(variables('vnetID'),'/subnets/', variables('applicationGatewaySubnetName'))]", "applicationGatewayPublicIpId": "[resourceId('Microsoft.Network/publicIPAddresses',variables('applicationGatewayPublicIpName'))]", "applicationGatewayId": "[resourceId('Microsoft.Network/applicationGateways', variables('applicationGatewayName'))]", + "wafPolicyResourceId": "[resourceId('Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies', variables('wafPolicyName'))]", "identityId": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', variables('identityName'))]", "aksClusterId": "[resourceId('Microsoft.ContainerService/managedClusters', variables('aksClusterName'))]", "networkContributorRole": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", "contributorRole": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", - "managedIdentityOperatorRole": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'f1a07417-d97a-45cb-824c-7a7467783830')]", - "readerRole": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", - "webApplicationFirewallConfiguration": { - "enabled": "true", - "firewallMode": "Detection" - } + "managedIdentityOperatorRole": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'f1a07417-d97a-45cb-824c-7a7467783830')]" }, "resources": [ { "type": "Microsoft.ManagedIdentity/userAssignedIdentities", "name": "[variables('identityName')]", - "apiVersion": "2015-08-31-PREVIEW", + "apiVersion": "2023-01-31", "location": "[resourceGroup().location]" }, { "type": "Microsoft.Network/virtualNetworks", "name": "[variables('vnetName')]", - "apiVersion": "2018-08-01", + "apiVersion": "2024-07-01", "location": "[resourceGroup().location]", "properties": { "addressSpace": { @@ -380,7 +377,15 @@ { "name": "[variables('applicationGatewaySubnetName')]", "properties": { - "addressPrefix": "[parameters('applicationGatewaySubnetAddressPrefix')]" + "addressPrefix": "[parameters('applicationGatewaySubnetAddressPrefix')]", + "delegations": [ + { + "name": "Microsoft.Network/applicationGateways", + "properties": { + "serviceName": "Microsoft.Network/applicationGateways" + } + } + ] } } ] @@ -389,7 +394,7 @@ { "type": "Microsoft.Network/publicIPAddresses", "name": "[variables('applicationGatewayPublicIpName')]", - "apiVersion": "2018-08-01", + "apiVersion": "2024-07-01", "location": "[resourceGroup().location]", "sku": { "name": "Standard" @@ -401,7 +406,7 @@ { "type": "Microsoft.Network/applicationGateways", "name": "[variables('applicationGatewayName')]", - "apiVersion": "2018-08-01", + "apiVersion": "2024-07-01", "location": "[resourceGroup().location]", "tags": { "managed-by-k8s-ingress": "true" @@ -480,6 +485,8 @@ "requestRoutingRules": [ { "name": "rule1", + "RuleType": "Basic", + "priority": 10, "properties": { "httpListener": { "id": "[concat(variables('applicationGatewayId'), '/httpListeners/httpListener')]" @@ -493,13 +500,42 @@ } } ], - "webApplicationFirewallConfiguration": "[if(equals(parameters('applicationGatewaySku'), 'WAF_v2'), variables('webApplicationFirewallConfiguration'), json('null'))]" + "firewallPolicy": "[if(equals(parameters('applicationGatewaySku'), 'WAF_v2'), json(concat('{\"id\": \"', variables('wafPolicyResourceId'), '\"}')), json('null'))]" }, "dependsOn": [ "[concat('Microsoft.Network/virtualNetworks/', variables('vnetName'))]", - "[concat('Microsoft.Network/publicIPAddresses/', variables('applicationGatewayPublicIpName'))]" + "[concat('Microsoft.Network/publicIPAddresses/', variables('applicationGatewayPublicIpName'))]", + "[variables('wafPolicyName')]" ] }, + { + "apiVersion": "2023-11-01", + "type": "Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies", + "name": "[variables('wafPolicyName')]", + "location": "[resourceGroup().location]", + "tags": {}, + "condition": "[equals(parameters('applicationGatewaySku'), 'WAF_v2')]", + "properties": { + "policySettings": { + "mode": "Detection", + "state": "Enabled", + "fileUploadLimitInMb": 100, + "requestBodyCheck": true, + "maxRequestBodySizeInKb": 128 + }, + "managedRules": { + "exclusions": [], + "managedRuleSets": [ + { + "ruleSetType": "OWASP", + "ruleSetVersion": "3.2", + "ruleGroupOverrides": null + } + ] + }, + "customRules": [] + } + }, { "type": "Microsoft.Resources/deployments", "name": "RoleAssignmentDeploymentForKubenetesSp", @@ -563,7 +599,7 @@ "name": "[concat(variables('applicationGatewayName'), '/Microsoft.Authorization/', guid(resourceGroup().id, 'identityappgwaccess'))]", "properties": { "roleDefinitionId": "[variables('contributorRole')]", - "principalId": "[reference(variables('identityId'), '2015-08-31-PREVIEW').principalId]", + "principalId": "[reference(variables('identityId'), '2023-01-31').principalId]", "scope": "[variables('applicationGatewayId')]" } }, @@ -572,8 +608,8 @@ "apiVersion": "2017-05-01", "name": "[guid(resourceGroup().id, 'identityrgaccess')]", "properties": { - "roleDefinitionId": "[variables('readerRole')]", - "principalId": "[reference(variables('identityId'), '2015-08-31-PREVIEW').principalId]", + "roleDefinitionId": "[variables('networkContributorRole')]", + "principalId": "[reference(variables('identityId'), '2023-01-31').principalId]", "scope": "[resourceGroup().id]" } } @@ -588,7 +624,7 @@ { "type": "Microsoft.ContainerService/managedClusters", "name": "[variables('aksClusterName')]", - "apiVersion": "2020-02-01", + "apiVersion": "2025-01-01", "location": "[resourceGroup().location]", "properties": { "kubernetesVersion": "[parameters('kubernetesVersion')]", @@ -669,7 +705,7 @@ }, "identityClientId": { "type": "string", - "value": "[reference(variables('identityID'), '2015-08-31-PREVIEW').clientId]" + "value": "[reference(variables('identityID'), '2023-01-31').clientId]" }, "aksApiServerAddress": { "type": "string", diff --git a/docs/annotations.md b/docs/annotations.md index cb34dab2e..fdd5d4248 100644 --- a/docs/annotations.md +++ b/docs/annotations.md @@ -518,13 +518,14 @@ This annotation allows us to specify whether to expose this endpoint on Private 2) For App Gateway that doesn't have a private IP, Ingresses with `appgw.ingress.kubernetes.io/use-private-ip: "true"` will be ignored. This will reflected in the controller logs and ingress events for those ingresses with `NoPrivateIP` warning. - ### Usage + ```yaml appgw.ingress.kubernetes.io/use-private-ip: "true" ``` ### Example + ```yaml apiVersion: networking.k8s.io/v1 kind: Ingress @@ -548,6 +549,7 @@ spec: ``` ## Azure Waf Policy For Path + This annotation allows you to attach an already created WAF policy to the list paths for a host within a Kubernetes Ingress resource being annotated. @@ -558,9 +560,11 @@ Once the policy is created, copy the URI of the policy from the address bar of A ![Creating a WAF policy](./images/waf-policy-1.png) The URI would have the following format: + ```bash /subscriptions//resourceGroups//providers/Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/ ``` + > **Note** 1) Waf policy will only be applied to a listener if ingress rule path is not set or set to "/" or "/*" @@ -571,7 +575,9 @@ appgw.ingress.kubernetes.io/waf-policy-for-path: "/subscriptions/abcd/resourceGr ``` ### Example + The example below will apply the WAF policy + ```yaml apiVersion: networking.k8s.io/v1 kind: Ingress @@ -600,6 +606,7 @@ spec: number: 80 pathType: Exact ``` + Note that the WAF policy will be applied to both `/ad-server` and `/auth` URLs. ## Health Probe Hostname @@ -899,6 +906,7 @@ apiVersion: appgw.ingress.azure.io/v1beta1 kind: AzureApplicationGatewayRewrite metadata: name: my-rewrite-rule-set + namespace: test-ag spec: rewriteRules: - name: rule1 @@ -949,6 +957,7 @@ spec: ``` ## Hostname Extension + This annotation allows to append additional hostnames to the `host` specified in the ingress resource. This applies to all the rules in the ingress resource. ### Usage @@ -980,4 +989,4 @@ spec: name: store-service port: number: 8080 -``` \ No newline at end of file +``` diff --git a/docs/features/agic-reconcile.md b/docs/features/agic-reconcile.md index d4a4c4a8e..bf522dd17 100644 --- a/docs/features/agic-reconcile.md +++ b/docs/features/agic-reconcile.md @@ -23,9 +23,9 @@ Configure from helm install command(first time install) and helm upgrade command ```bash # helm fresh install -helm intall -f helm-config.yaml oci://mcr.microsoft.com/azure-application-gateway/charts/ingress-azure --version 1.7.5 --set reconcilePeriodSeconds=30 +helm intall -f helm-config.yaml oci://mcr.microsoft.com/azure-application-gateway/charts/ingress-azure --version 1.8.0 --set reconcilePeriodSeconds=30 # help upgrade # --reuse-values, when upgrading, reuse the last release's values and merge in any overrides from the command line via --set and -f. -helm upgrade oci://mcr.microsoft.com/azure-application-gateway/charts/ingress-azure --reuse-values --version 1.7.5 --set reconcilePeriodSeconds=30 +helm upgrade oci://mcr.microsoft.com/azure-application-gateway/charts/ingress-azure --reuse-values --version 1.8.0 --set reconcilePeriodSeconds=30 ``` diff --git a/docs/features/appgw-ssl-certificate.md b/docs/features/appgw-ssl-certificate.md index 41665075f..c444ac32b 100644 --- a/docs/features/appgw-ssl-certificate.md +++ b/docs/features/appgw-ssl-certificate.md @@ -14,7 +14,7 @@ Please use [Greenfield Deployment](https://github.com/Azure/application-gateway- To use the new feature, make sure the AGIC version is at least at 1.2.0-rc3 ```bash -helm install oci://mcr.microsoft.com/azure-application-gateway/charts/ingress-azure -f helm-config.yaml --version 1.7.5 --generate-name +helm install oci://mcr.microsoft.com/azure-application-gateway/charts/ingress-azure -f helm-config.yaml --version 1.8.0 --generate-name ``` ## Create a certificate and configure the certificate to AppGw diff --git a/docs/how-tos/deploy-AGIC-with-Workload-Identity-using-helm.md b/docs/how-tos/deploy-AGIC-with-Workload-Identity-using-helm.md index e53745a68..b27986a82 100644 --- a/docs/how-tos/deploy-AGIC-with-Workload-Identity-using-helm.md +++ b/docs/how-tos/deploy-AGIC-with-Workload-Identity-using-helm.md @@ -77,5 +77,5 @@ az aks get-credentials -g "${RESOURCE_GROUP}" -n myAKSCluster helm install ingress-azure \ -f helm-config.yaml \ oci://mcr.microsoft.com/azure-application-gateway/charts/ingress-azure \ - --version 1.7.5 + --version 1.8.0 ``` diff --git a/docs/how-tos/helm-upgrade.md b/docs/how-tos/helm-upgrade.md index f57a0847c..965ff40ef 100644 --- a/docs/how-tos/helm-upgrade.md +++ b/docs/how-tos/helm-upgrade.md @@ -29,7 +29,7 @@ using a Helm repository hosted on MCR. helm upgrade \ odd-billygoat \ oci://mcr.microsoft.com/azure-application-gateway/charts/ingress-azure \ - --version 1.7.5 + --version 1.8.0 ``` ## Rollback diff --git a/docs/how-tos/prevent-agic-from-overwriting.md b/docs/how-tos/prevent-agic-from-overwriting.md index 80a0bb3dc..317f3d8f8 100644 --- a/docs/how-tos/prevent-agic-from-overwriting.md +++ b/docs/how-tos/prevent-agic-from-overwriting.md @@ -62,7 +62,7 @@ Apply the Helm changes: 1. Ensure the `AzureIngressProhibitedTarget` CRD is installed with: ```bash - kubectl apply -f https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/ae695ef9bd05c8b708cedf6ff545595d0b7022dc/crds/AzureIngressProhibitedTarget.yaml + kubectl apply -f https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/refs/heads/master/crds/AzureIngressProhibitedTarget-v1-CRD-v1beta1.yaml ``` 2. Update Helm: diff --git a/docs/setup/install.md b/docs/setup/install.md index df92719b3..cad217e58 100644 --- a/docs/setup/install.md +++ b/docs/setup/install.md @@ -182,7 +182,7 @@ AGIC can be installed by running the following commands: --set armAuth.type=workloadIdentity \ --set armAuth.identityClientID=$IDENTITY_CLIENT_ID \ --set rbac.enabled=true \ - --version 1.7.3 + --version 1.8.0 # on aks cluster with windows node pools helm install ingress-azure \ @@ -192,7 +192,7 @@ AGIC can be installed by running the following commands: --set armAuth.identityClientID=$IDENTITY_CLIENT_ID \ --set rbac.enabled=true \ --set nodeSelector."beta\.kubernetes\.io/os"=linux \ - --version 1.7.3 + --version 1.8.0 ``` ### For existing deployments @@ -209,7 +209,7 @@ AGIC can be upgraded by running the following commands: --set armAuth.type=workloadIdentity \ --set armAuth.identityClientID=$IDENTITY_CLIENT_ID \ --set rbac.enabled=true \ - --version 1.7.3 + --version 1.8.0 # on aks cluster with windows node pools helm upgrade ingress-azure \ @@ -219,7 +219,7 @@ AGIC can be upgraded by running the following commands: --set armAuth.identityClientID=$IDENTITY_CLIENT_ID \ --set rbac.enabled=true \ --set nodeSelector."beta\.kubernetes\.io/os"=linux \ - --version 1.7.3 + --version 1.8.0 ``` ### Install a Sample App diff --git a/docs/troubleshootings/troubleshooting-agic-fails-with-aad-pod-identity-breakingchange.md b/docs/troubleshootings/troubleshooting-agic-fails-with-aad-pod-identity-breakingchange.md index b836e5155..d78a1280a 100644 --- a/docs/troubleshootings/troubleshooting-agic-fails-with-aad-pod-identity-breakingchange.md +++ b/docs/troubleshootings/troubleshooting-agic-fails-with-aad-pod-identity-breakingchange.md @@ -65,15 +65,15 @@ helm repo update # check the latest relese version of AGIC helm search repo -l application-gateway-kubernetes-ingress -# install release 1.7.5 +# install release 1.8.0 helm upgrade \ \ oci://mcr.microsoft.com/azure-application-gateway/charts/ingress-azure - --version 1.7.5 + --version 1.8.0 --reuse-values ``` -***Note:**_ If you're upgrading from v1.0.0 or below, you'll have to delete AGIC and then reinstall with v1.7.5. +***Note:**_ If you're upgrading from v1.0.0 or below, you'll have to delete AGIC and then reinstall with v1.8.0. #### Install the right version of AAD Pod Identity