Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exercise 23: Pod does not work. Please help #2

Open
Jamal8548 opened this issue Dec 6, 2022 · 1 comment
Open

Exercise 23: Pod does not work. Please help #2

Jamal8548 opened this issue Dec 6, 2022 · 1 comment

Comments

@Jamal8548
Copy link

Jamal8548 commented Dec 6, 2022
edited
Loading

I have followed the tutorial twice but everytime it is same error. I think there is definitely something is wrong in creation of pod YAML file.

C:\Users\JamalAshraf>kubectl get pods
NAME READY STATUS RESTARTS AGE
quick-start 0/1 CrashLoopBackOff 10 (3m39s ago) 30m

kubectl describe pod quick-start

Events:
Type Reason Age From Message

Normal Scheduled 35m default-scheduler Successfully assigned default/quick-start to aks-nodepool1-10922502-vmss000000
Normal Pulled 35m kubelet Successfully pulled image "ghcr.io/azure/azure-workload-identity/msal-go" in 749.829499ms
Normal Pulled 35m kubelet Successfully pulled image "ghcr.io/azure/azure-workload-identity/msal-go" in 620.854079ms
Normal Pulled 35m kubelet Successfully pulled image "ghcr.io/azure/azure-workload-identity/msal-go" in 690.472489ms
Normal Created 34m (x4 over 35m) kubelet Created container oidc
Normal Started 34m (x4 over 35m) kubelet Started container oidc
Normal Pulled 34m kubelet Successfully pulled image "ghcr.io/azure/azure-workload-identity/msal-go" in 568.875013ms
Normal Pulling 33m (x5 over 35m) kubelet Pulling image "ghcr.io/azure/azure-workload-identity/msal-go"
Normal Pulled 33m kubelet Successfully pulled image "ghcr.io/azure/azure-workload-identity/msal-go" in 619.964693ms
Warning BackOff 25s (x163 over 35m) kubelet Back-off restarting failed container
@miguelaristy
Copy link

This tutorial has some errors:

first, get the KEYVAULT_URL with this

export KEYVAULT_URL="$(az keyvault show -g "${RESOURCE_GROUP}" -n ${KEYVAULT_NAME} --query properties.vaultUri -o tsv)"

and then apply pod like this: its important add this line azure.workload.identity/use: "true"

workload-identity-overview

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
  name: quick-start
  namespace: ${SERVICE_ACCOUNT_NAMESPACE}
  labels:
    azure.workload.identity/use: "true"
spec:
  serviceAccountName: ${SERVICE_ACCOUNT_NAME}
  containers:
    - image: ghcr.io/azure/azure-workload-identity/msal-go
      name: oidc
      env:
      - name: KEYVAULT_URL
        value: ${KEYVAULT_URL}
      - name: SECRET_NAME
        value: ${KEYVAULT_SECRET_NAME}
  nodeSelector:
    kubernetes.io/os: linux
EOF

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@miguelaristy @Jamal8548