0

I have an azure function that i want to deploy to kubernetes. I'm trying to set up it's environment variables and link them to a keyvault, which https://learn.microsoft.com/en-us/azure/azure-functions/functions-app-settings implies i can do by setting AzureWebJobsSecretStorageType to keyvault.

in order to do this, i'm editing the helm chart of my function to look like below:

...
spec:
      containers:
      - env:
        - name: ApplicationInsights__InstrumentationKey
          value: <appinsightsid>
        - name: AzureWebJobsSecretStorageType
          value: keyvault
        - name: AzureWebJobsSecretStorageKeyVaultClientId
          value: <managedidentity with kv permissions id>
        - name: AzureWebJobsSecretStorageKeyVaultUri
          value: <keyvault uri>
        - name: AzureWebJobsStorage
          value: '@Microsoft.KeyVault(SecretUri=<secreturi>)'
        - name: envVar1
          value: '@Microsoft.KeyVault(SecretUri=<secreturi>)'
        - name: envVar2
          value: '@Microsoft.KeyVault(SecretUri=<secreturi>)'
...

this doesn't work at all, and i'm guessing it's how I'm using @Microsoft.KeyVault and how it might not be formatted correctly for helm, or if i need to install something on kubernetes, or something else that i'm missing. The error i'm getting is basically:

A host error has occurred during startup operation 'abbdb89e-3c29-46bd-81fa-d80699bb4b70'. System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.FormatException: No valid combination of account information found. at Azure.Storage.StorageConnectionString.<>c.b__67_0(String err) at Azure.Storage.StorageConnectionString.ParseCore(String connectionString, StorageConnectionString& accountInformation, Action`1 error) at Azure.Storage.StorageConnectionString.Parse(String connectionString) at Azure.Storage.Blobs.BlobServiceClient..ctor(String connectionString, BlobClientOptions options)

any help would be appreciated!

Phil
  • 1,852
  • 2
  • 28
  • 55

1 Answers1

0

The value for the app settings AzureWebJobsSecretStorageType, AzureWebJobsSecretStorageKeyVaultClientId, AzureWebJobsSecretStorageKeyVaultUri are written correctly except the value of AzureWebJobsStorage.

This app setting should be Storage account connection string but not the KeyVault Secret URI as you can refer to this MS Doc for more information.

If you want to specify the Key Vault Secret URI in the App Setting, then you have to use the AzureWebJobsSecretStorageKeyVaultClientSecret and refer this section in the same MS Doc for more information.

  • the links you're giving me are the same ones i gave in my question. I guess i shouldn't have used the AzureWebJobsStorage as my env example, because i would like to reference multiple key vault secrets as different environment variables, not just that one if that helps – Phil Feb 08 '23 at 21:22
  • You can reference the Key vault secrets as environment variables using the app setting `AzureWebJobsSecretStorageKeyVaultClientSecret`. –  Feb 09 '23 at 09:24
  • I'm sorry but i'm still not following how you're planning on supporting multiple env variables with that one setting. Could you take my example and edit it in your comment to show what you're saying? Or provide a link where someone does it? I've updated my comment to show more variables with what i'm looking for – Phil Feb 09 '23 at 16:04
  • Sure @Phil, I'll find relevant example and notify here –  Feb 09 '23 at 16:51