Known issues for Foundry Local on Azure Local

This article describes known limitations and workarounds for Foundry Local on Azure Local during the preview release.

Known issues and workarounds

No automatic API key rotation when Inference API is disabled

Issue: The inference operator doesn't support automatic rotation of API keys.

Workaround: Delete the Kubernetes secret for the deployment. The operator recreates it automatically with new keys.

kubectl delete secret <deployment-name>-api-keys -n foundry-local-operator

Secrets and certificates aren't synced to other namespaces

Problem: API key secrets and TLS certificates aren't automatically distributed to namespaces outside of foundry-local-operator.

Workaround: Install Trust Manager by using the following required flags:

Install Extension

az k8s-extension create \
    --cluster-name <cluster_name> \
    --name azure-cert-manager \
    --resource-group <resource_group> \
    --cluster-type connectedClusters \
    --extension-type Microsoft.CertManagement \
    --scope cluster \
    --release-train stable \
    --config config.enableGatewayAPI=true \
    --config cert-manager.crds.keep=true \
    --config trust-manager.defaultPackage.enabled=false \
    --config trust-manager.secretTargets.enabled=true \
    --config trust-manager.secretTargets.authorizedSecretsAll=tru

Install Helm Chart

helm upgrade --install trust-manager jetstack/trust-manager \
  --namespace cert-manager \
  --set defaultPackage.enabled=false \
  --set secretTargets.enabled=true \
  --set secretTargets.authorizedSecretsAll=true

These flags are required for cross-namespace secret distribution to work correctly. Helm is a supported deployment option, and installation instructions are provided during preview access onboarding.

Related content

• Deploy Foundry Local as an Azure Arc extension
• Configure TLS and authentication for Foundry Local on Azure Local
• What is Foundry Local on Azure Local?