How to configure FluxCD in AKS to use service principal to pull from AzureDevops repo?

Question

During the setup of a AKS cluster (with terraform, but I don't think it's relevant in this context) I want to enable and configure the flux extension.

Flux should, of course, pull the yaml-files from some Azure DevOps Repo. In my case, I am trying to use a Service Principal to authenticate against Devops. I gave already the Reader rights (I tried also Contributor) on the Repo. I created a client secret and as the username I used the appliation (client) ID of the service principal.

In the flux configuration I tried to add this values as HTTPS User and HTTPS Key.

I tried also to add these credentials as secrets in Kubernetes and configured flux to use this secret, but unsuccessful.

kubectl create secret generic spsecret --namespace=fluxtest --from-literal=username=<CLIENT_ID> --from-literal=password=<SECRET>

This is the message I am getting.

Does anybody see what am I missing here? Did I misunderstood the whole concept? If you need more information, please ask.

Answer 1

When I tried to do the same in my environment using a service principal, I encountered the same error. Providing Azure git repos credentials resolved the issue. I followed the steps below to pass the HTTPS username and key.

Firstly, I navigated to the Azure Git repository and clicked on 'Clone' to generate Git credentials.

I made a note of the generated username and password.

Next, In GitOps, while creating or editing the configuration, I entered the username and password copied from the previous step in place of HTTPS user and HTTPS key.

Once the configuration was created, I verified the details.