Conversation
jadarsie
approved these changes
Feb 2, 2026
haofan-ms
added a commit
that referenced
this pull request
Feb 3, 2026
* fix: Update Token Audience Configuration for Azure Stack * update test for Windows nodes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Reason for Change:
Issue Fixed:
Fix PR fixes a cluster upgrade regression introduced in AKS Engine v0.84.0.
The upgrade operation will succeed, but when user runs "kubectl describe nodes" command, they will see “node.kubernetes.io/network-unavailable” node taint in all Linux nodes.
The regression root case is Kubernetes’s lack of permissions to manage the Azure route table resource.
The regression is fixed by ensuring that the cloud details (azurestackcloud.json) contains the appropriate “token audience” property.
Credit Where Due:
Does this change contain code from or inspired by another project?
If "Yes," did you notify that project's maintainers and provide attribution?
Requirements:
Notes: