NMI Error - failed to get matching identities for pod

[ggujabidze]

Hi everyone.

I can't manage to make aad-pod-identity work, besides the fact that I had followed all the instructions and read almost all issues related to mine. Please help to identify the problem. I'll write below all the necessary information that might be helpful for troubleshooting.

This is identity and identity binding manifests:

When I try to run azure-cli container with the following command:

The request for token times out:

In the meantime, when I check the MIC's log, I can not see any errors:

But there are couple errors in NMI's logs:

I do have already deployed mic-exceptions in default namespace:

And mic pods are also located in default namespace:

This is the ID of Managed Identity of AKS cluster:

And here you can see its name in Azure Console:

And the corresponding Role Assignments on it, I gave it "Managed Identity Operator" on each resource group besides the one where node pools are located (as there I additionally gave "Virtual Machine Contributor" role, according to documentation):

I don't know what else should I check, so I'll really appreciate any help.

[ggujabidze]

I have found the reason of troubles. I've deployed and configured everything correctly, but when I tried to test my configuration, I created separate Resource Group for test/temporary Managed Identity and I forgot to add "Managed Identity Operator" role on this new RG, hence system was unable to retrieve token. It's funny that I've lost about 2 days, troubleshooting this case ))

I was unable to find close option for this discussion, so please be informed, that it is no more relevant, as I fixed it myself.