Key Vault Secrets Error

Azure / AppConfiguration-KubernetesProvider

Bring your data in Azure App Configuration down to your Kubernetes cluster, available as ConfigMap and Secrets and ready to be consumed by any workload.

MIT License

6 stars 2 forks source link

Key Vault Secrets Error #18

Closed thepaulmacca closed 4 months ago

thepaulmacca commented 4 months ago

When I'm applying key vault secrets (based off the docs example here I'm getting the below error:

W0304 14:14:08.310104       1 appconfigurationprovider_controller.go:261] Fail to update the target ConfigMap or Secret of AzureAppConfigurationProvider 'appconfigurationprovider-example' in 'testing' namespace: Secret "secret-created-by-appconfig-provider" is invalid: data[TestApp:Settings:KeyVaultMessage]: Invalid value: "TestApp:Settings:KeyVaultMessage": a valid config key must consist of alphanumeric characters, '-', '_' or '.' (e.g. 'key.name',  or 'KEY_NAME',  or 'key-name', regex used for validation is '[-._a-zA-Z0-9]+')

Here is my JSON file if it helps

{
  "Settings:KeyVaultMessage": {"uri":"https://<redacted>.vault.azure.net/secrets/Message"}
}

Is it worth mentioning this in the provider docs? Normal key/values are working fine btw

Thanks

zhenlan commented 4 months ago

Invalid value: "TestApp:Settings:KeyVaultMessage": a valid config key must consist of alphanumeric characters, '-', '_' or '.' (e.g. 'key.name', or 'KEY_NAME', or 'key-name'

The error is because the colon : used in your key name Settings:KeyVaultMessage is not a valid character for Kubernetes secret.

While Azure App Configuration accepts almost everything for key names, the users must be aware of how the keys are going to be used and comply with the restrictions of corresponding platforms (which is Kubernetes in this case).

thepaulmacca commented 4 months ago

Do you think it's worth adding something to the docs about this, with suggested examples?

RichardChen820 commented 4 months ago

I was thinking we probably could have a TSG for the Kubernetes Provider, list the frequently encountered error messages, explain more in detail, and give guides to address them.

zhenlan commented 4 months ago

We should try to have error messages self-explanatory as much as possble. I hope most users don't even need to look for documentation. For example, the message in this current one can be improved. But I agree to include those trickier ones that need more explanation in the troubleshooting document.

https://learn.microsoft.com/en-us/azure/azure-app-configuration/quickstart-azure-kubernetes-service#troubleshooting

thepaulmacca commented 4 months ago

That would be good, thanks. I've been following the docs mostly up to this point, but it's clear some things work a bit differently when using the K8s provider

thepaulmacca commented 4 months ago

For some bizarre reason this looks to be working today, with my JSON file above

I'll close this issue now, thanks