search

Azure / kubernetes-keyvault-flexvol

Azure keyvault integration with Kubernetes via a Flex Volume
MIT License
253 stars 83 forks source link

Deployment not working - validation failed, resourcegroup is empty #123

Open sukruthakittur opened 4 years ago

sukruthakittur commented 4 years ago

Describe the bug Flex volumes when mounted as a deployment throws an error

Steps To Reproduce Use the below deployment yaml

kind: Deployment
apiVersion: apps/v1
metadata:
  name: nginx-flexkv-deployment
  labels:
    app: nginx-flexkv
spec:
  replicas: 2
  selector:
    matchLabels:
      app: nginx-flexkv
  template:
    metadata:
      labels:
        app: nginx-flexkv
    spec:
      containers:
      - name: nginx-flexkv
        image: nginx
        volumeMounts:
        - name: eekv
          mountPath: /kvmnt
          readOnly: true
      volumes:
      - name: eekv
        flexVolume:
          driver: "azure/kv"
          secretRef:
            name: eecreds
          options: 
            usepodidentity: "false"
            keyvaultname: "myvault"
            keyvaultobjectnames: user-name; password           # list of KeyVault object names (semi-colon separated)
            keyvaultobjecttypes: secret; secret            # list of KeyVault object types: secret, key or cert (semi-colon separated)
            # keyvaultobjectversions: ""          # [OPTIONAL] list of KeyVault object versions (semi-colon separated), will get latest if empty
            resourcegroup: "myresourcegroup"       # the resource group of the KeyVault
            subscriptionid: "mysubid"             # the subscription ID of the KeyVault
            tenantid: "mytenid"                   # the tenant ID of the KeyVault

Expected behavior Should mount volume

Key Vault FlexVolume version Latest

Access mode: service principal or pod identity Service Principal

Kubernetes version Client Version: v1.15.3 Server Version: v1.14.6

Additional context Error: MountVolume.SetUp failed for volume "eekv" : mount command failed, status: Failure, reason: validation failed, resourcegroup is empty

The logs from agent node also gives the same error. I couldnt find anything else. I looked at issue #64 and using the same deployment yaml.

sukruthakittur commented 4 years ago

Figured out the issue. The problem was that there was space between 2 secrets in "keyvaultobjectnames" and "keyvaultobjecttypes". The parser probably didnt like it, and manifested the issue as "resourcegroup is empty".

ritazh commented 4 years ago

Thanks @sukruthakittur! Will make sure to address this in the next release.