Error with install helm chart (Azure)
EigoOda opened this issue · 2 comments
EigoOda commented
Hi, I am using Azure Kubernetes Service and Azure Keyvault.
I am trying to deploy ,but I have error with install helm chart like that.
(The tenant id registered in secret is correct. )
erros (deployment)
>>> k logs external-secrets-kubernetes-external-secrets-648df568c9-t94t8
> kubernetes-external-secrets@8.1.3 start /app
> ./bin/daemon.js
/app/node_modules/@azure/identity/dist/index.js:541
throw error;
^
Error: Invalid tenant id provided. You can locate your tenant id by following the instructions listed here: https://docs.microsoft.com/partner-center/find-ids-and-domain-names.
at checkTenantId (/app/node_modules/@azure/identity/dist/index.js:539:23)
at new EnvironmentCredential (/app/node_modules/@azure/identity/dist/index.js:821:13)
at new DefaultAzureCredential (/app/node_modules/@azure/identity/dist/index.js:1676:26)
at Object.azureKeyVault (/app/config/azure-config.js:11:24)
at Object.<anonymous> (/app/config/index.js:93:27)
at Module._compile (internal/modules/cjs/loader.js:999:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)
at Module.load (internal/modules/cjs/loader.js:863:32)
at Function.Module._load (internal/modules/cjs/loader.js:708:14)
at Module.require (internal/modules/cjs/loader.js:887:19)
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! kubernetes-external-secrets@8.1.3 start: `./bin/daemon.js`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the kubernetes-external-secrets@8.1.3 start script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm ERR! A complete log of this run can be found in:
npm ERR! /home/node/.npm/_logs/2021-06-23T15_23_42_045Z-debug.log
install command
helm install external-secrets external-secrets/kubernetes-external-secrets -f custom-values.yaml
additional values(custom-values.yaml)
envVarsFromSecret:
AZURE_TENANT_ID:
secretKeyRef: azure-credentials
key: tenantid
AZURE_CLIENT_ID:
secretKeyRef: azure-credentials
key: clientid
AZURE_CLIENT_SECRET:
secretKeyRef: azure-credentials
key: clientsecret
deployed secret
>>> k get secrets azure-credentials -oyaml
apiVersion: v1
data:
clientid: YzM1M2M3ZjEtMDQ4Ni00~~~
clientsecret: N0t1NEVCTC5~~~
tenantid: M2IxN2UxMGItYzV~~~
kind: Secret
type: Opaque
~~~
confirmed
- secret values are correct
- Existing secret values to register to pod like below yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: ubuntu
spec:
replicas: 1
selector:
matchLabels:
run: ubuntu
template:
metadata:
labels:
run: ubuntu
spec:
containers:
- image: ubuntu
name: ubuntu
command: ["/bin/bash", "-c", "sleep 1d"]
env:
- name: AZURE_TENANT_ID
valueFrom:
secretKeyRef:
name: azure-credentials
key: tenantid
- name: AZURE_CLIENT_ID
valueFrom:
secretKeyRef:
name: azure-credentials
key: clientid
- name: AZURE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: azure-credentials
key: clientsecret
samd03 commented
Hey @johnn2690 , I am facing the exact same problem while using the helm charts. It seems like it expects the tenantId and other secrets for Azure Active Directory and not the Azure Key-Vault. I don't understand why. But my intentions are same as yours to use the Azure Key Vault. How did you fix this?