0

During the setup of a AKS cluster (with terraform, but I don't think it's relevant in this context) I want to enable and configure the flux extension.

Flux should, of course, pull the yaml-files from some Azure DevOps Repo. In my case, I am trying to use a Service Principal to authenticate against Devops. I gave already the Reader rights (I tried also Contributor) on the Repo. I created a client secret and as the username I used the appliation (client) ID of the service principal.

enter image description here

enter image description here

In the flux configuration I tried to add this values as HTTPS User and HTTPS Key.

enter image description here

I tried also to add these credentials as secrets in Kubernetes and configured flux to use this secret, but unsuccessful.

kubectl create secret generic spsecret --namespace=fluxtest --from-literal=username=<CLIENT_ID> --from-literal=password=<SECRET>

enter image description here

This is the message I am getting.

enter image description here

Does anybody see what am I missing here? Did I misunderstood the whole concept? If you need more information, please ask.

Luka Klarić
  • 323
  • 2
  • 16

1 Answers1

0

When I tried to do the same in my environment using a service principal, I encountered the same error. Providing Azure git repos credentials resolved the issue. I followed the steps below to pass the HTTPS username and key.

Firstly, I navigated to the Azure Git repository and clicked on 'Clone' to generate Git credentials.

enter image description here

enter image description here

enter image description here

I made a note of the generated username and password.

Next, In GitOps, while creating or editing the configuration, I entered the username and password copied from the previous step in place of HTTPS user and HTTPS key.

enter image description here

Once the configuration was created, I verified the details.

enter image description here

HowAreYou
  • 605
  • 2
  • 6
  • I can follow your steps, but in this case you created git credentials with your user and not the service principal, so these git credentials are associated with your user and not the service principal. I also can create a private key within flux, it provides me a public key and I can login to azure devops, store the public key under the ssh keys. But authentication will still be associated with my user. – Luka Klarić Jun 18 '23 at 08:11
  • @LukaKlarić, Would it be possible for you to share any reference documents that you followed during the configuration setup of git clone using service principal? – HowAreYou Jun 19 '23 at 04:00