search

Azure / terraform-provider-acsengine

Terraform provider for ACS Engine Kubernetes cluster resources.
MIT License
13 stars 9 forks source link

Failed to generate ACS Engine template: error setting keys and certificates in key vault #7

Open adriantodorov opened 5 years ago

adriantodorov commented 5 years ago

Hi Azure Devs,

I am having some issues with creating the ACS cluster after creating the Azure Key Vault manually and setting the main.tf as follows:

provider "acsengine" {}

data "azurerm_resource_group" "resource_group" {
  name     = "${var.resource_group_name}"
  location = "${var.resource_group_location}"
}

data "azurerm_key_vault" "key_vault" {
  name = "${var.key_vault_name}"
  resource_group_name = "${data.azurerm_resource_group.resource_group.name}"
}

data "azurerm_key_vault_secret" "spsecret" {
  name = "spsecret"
  vault_uri = "${data.azurerm_key_vault.key_vault.vault_uri}"
}

resource "acsengine_kubernetes_cluster" "cluster" {
  name                   = "${var.kubernetes_name}"
  resource_group_name    = "${data.azurerm_resource_group.resource_group.name}"
  location               = "${var.resource_group_location}"
  kubernetes_version     = "${var.kubernetes_version}"

  master_profile {
    count        = "${var.master_count}"
    dns_prefix   = "${var.dns_name_prefix}-master"
    vm_size      = "Standard_D2_v2"
  }

  agent_pool_profiles {
    name         = "agentpool1"
    count        = 1
    vm_size      = "Standard_D2_v2"
    os_disk_size = 40
    os_type      = "Windows"
  }

  linux_profile {
    admin_username = "${var.linux_admin_username}"

    ssh {
      key_data = "${var.linux_admin_ssh_publickey}"
    }
  }

  windows_profile {
      admin_username = "${var.windows_admin_username}"
      admin_password = "ThereIsNoPassword123"
  }

  service_principal {
    client_id     = ""
    vault_id      = "${data.azurerm_key_vault.key_vault.id}"
    secret_name   = "${data.azurerm_key_vault_secret.spsecret.name}"
  }
}
Error: Error applying plan:

1 error(s) occurred:

* acsengine_kubernetes_cluster.cluster: 1 error(s) occurred:

* acsengine_kubernetes_cluster.cluster: failed to generate ACS Engine template: error setting keys and certificates in key vault: error setting ca certificate: failed to set secret: keyvault.BaseClient#SetSecret: Failure responding to request: StatusCode=401 -- Original Error: autorest/azure: error response cannot be parsed: "" error: EOF

Do you know what could be the issue with the Keyvault.Baseclient#SetSecret?

Best regards,

Adrian

althafuddin commented 5 years ago

same error here, trying to deploy the acs-engine! Did you find any root cause or resolution?

althafuddin commented 5 years ago

@adriantodorov, I am not sure what are you using under the client id section, but it worked for me by using

service_principal { client_id = "${azuread_application.this.application_id}" - If you create application id manually then use the data provider to getch the client id. vault_id = "${azurerm_key_vault.keyvault.id}" secret_name = "${azurerm_key_vault_secret.spsecret.name}" }