external-secrets/kubernetes-external-secrets

Error with install helm chart (Azure)

EigoOda opened this issue · 2 comments

Hi, I am using Azure Kubernetes Service and Azure Keyvault.
I am trying to deploy ,but I have error with install helm chart like that.
(The tenant id registered in secret is correct. )

erros (deployment)

>>> k logs external-secrets-kubernetes-external-secrets-648df568c9-t94t8

> kubernetes-external-secrets@8.1.3 start /app
> ./bin/daemon.js

/app/node_modules/@azure/identity/dist/index.js:541
        throw error;
        ^

Error: Invalid tenant id provided. You can locate your tenant id by following the instructions listed here: https://docs.microsoft.com/partner-center/find-ids-and-domain-names.
    at checkTenantId (/app/node_modules/@azure/identity/dist/index.js:539:23)
    at new EnvironmentCredential (/app/node_modules/@azure/identity/dist/index.js:821:13)
    at new DefaultAzureCredential (/app/node_modules/@azure/identity/dist/index.js:1676:26)
    at Object.azureKeyVault (/app/config/azure-config.js:11:24)
    at Object.<anonymous> (/app/config/index.js:93:27)
    at Module._compile (internal/modules/cjs/loader.js:999:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)
    at Module.load (internal/modules/cjs/loader.js:863:32)
    at Function.Module._load (internal/modules/cjs/loader.js:708:14)
    at Module.require (internal/modules/cjs/loader.js:887:19)
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! kubernetes-external-secrets@8.1.3 start: `./bin/daemon.js`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the kubernetes-external-secrets@8.1.3 start script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/node/.npm/_logs/2021-06-23T15_23_42_045Z-debug.log

install command

helm install external-secrets external-secrets/kubernetes-external-secrets -f custom-values.yaml

additional values(custom-values.yaml)

envVarsFromSecret:
  AZURE_TENANT_ID:
    secretKeyRef: azure-credentials
    key: tenantid
  AZURE_CLIENT_ID:
    secretKeyRef: azure-credentials
    key: clientid
  AZURE_CLIENT_SECRET:
    secretKeyRef: azure-credentials
    key: clientsecret

deployed secret

>>> k get secrets azure-credentials -oyaml
apiVersion: v1
data:
  clientid: YzM1M2M3ZjEtMDQ4Ni00~~~
  clientsecret: N0t1NEVCTC5~~~
  tenantid: M2IxN2UxMGItYzV~~~
kind: Secret
type: Opaque
~~~

confirmed

  • secret values are correct
  • Existing secret values to register to pod like below yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: ubuntu
spec:
  replicas: 1
  selector:
    matchLabels:
      run: ubuntu
  template:
    metadata:
      labels:
        run: ubuntu
    spec:
      containers:
      - image: ubuntu
        name: ubuntu
        command: ["/bin/bash", "-c", "sleep 1d"]
        env:
        - name: AZURE_TENANT_ID
          valueFrom:
            secretKeyRef:
              name: azure-credentials
              key: tenantid
        - name: AZURE_CLIENT_ID
          valueFrom:
            secretKeyRef:
              name: azure-credentials
              key: clientid
        - name: AZURE_CLIENT_SECRET
          valueFrom:
            secretKeyRef:
              name: azure-credentials
              key: clientsecret

Hey @johnn2690 , I am facing the exact same problem while using the helm charts. It seems like it expects the tenantId and other secrets for Azure Active Directory and not the Azure Key-Vault. I don't understand why. But my intentions are same as yours to use the Azure Key Vault. How did you fix this?

@samd03
I didn't solve this problem.
Because, I am using Sealed-secrets for manage kubernetes secrests. It is simple and easy to isntall and setup.