Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Provide a global timeout setting for IMDS probe
See original GitHub issueLibrary or service name.
- Azure.Identity
- Azure.Services.AppAuthentication
Is your feature request related to a problem? Please describe.
We have a job cluster running inside windows containers on top of Azure VMSS. Each job run as a standalone executable. Right after each process launch, the executable authenticate to various azure services using DefaultAzureCredential and AppServiceTokenProvider.
Approximately 5% of jobs failed to authenticate due to IMDS connection timeout. Experiments show that it can sometimes take up to more than 6 seconds to connect to IMDS endpoint in our scenario.
We’ve created a patched version of Azure.Identity and Azure.Services.AppAuthentication to increase the IMDS connection timeout to 30 seconds and the fix solves most of IMDS connection problems.
The IMDS probe timeout is hardcoded as 1s for DefaultAzureCredential, and 3s for AzureServiceTokenProvider. Is it possible to make this timeout configurable? The configuration knob needs to be static because there are multiple components using DefaultAzureCredential and we’d like to configure the value in one place.
Related: https://github.com/Azure/azure-sdk-for-net/issues/19974
Issue Analytics
- State:
- Created 2 years ago
- Comments:9 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Hi @yufeih - This is a common request and we are considering making some changes to the IMDS endpoint discovery, as described here
In the meantime, there is a workaround pod example which waits for the IMDS endpoint to become available at startup. You can find it here
@christothes @schaabs
We are still hitting IMDS connection problems in a windows AKS cluster using the latest Azure.Identity package. It seems https://github.com/Azure/azure-sdk-for-net/pull/24328 added a hardcoded timeout of 1 second to the initial IMDS request, can that timeout be adjusted by an environment variable so we can tweak it to a larger value for apps running inside our cluster?