docker-kubernetes-course icon indicating copy to clipboard operation
docker-kubernetes-course copied to clipboard

Published 20 hours ago verified publisher icon HoussemDellai

Exercise 23: Pod does not work. Please help

Open Jamal8548 opened this issue 2 years ago • 1 comments

I have followed the tutorial twice but everytime it is same error. I think there is definitely something is wrong in creation of pod YAML file.

C:\Users\JamalAshraf>kubectl get pods NAME READY STATUS RESTARTS AGE quick-start 0/1 CrashLoopBackOff 10 (3m39s ago) 30m

kubectl describe pod quick-start

Events: Type Reason Age From Message

Normal Scheduled 35m default-scheduler Successfully assigned default/quick-start to aks-nodepool1-10922502-vmss000000 Normal Pulled 35m kubelet Successfully pulled image "ghcr.io/azure/azure-workload-identity/msal-go" in 749.829499ms Normal Pulled 35m kubelet Successfully pulled image "ghcr.io/azure/azure-workload-identity/msal-go" in 620.854079ms Normal Pulled 35m kubelet Successfully pulled image "ghcr.io/azure/azure-workload-identity/msal-go" in 690.472489ms Normal Created 34m (x4 over 35m) kubelet Created container oidc Normal Started 34m (x4 over 35m) kubelet Started container oidc Normal Pulled 34m kubelet Successfully pulled image "ghcr.io/azure/azure-workload-identity/msal-go" in 568.875013ms Normal Pulling 33m (x5 over 35m) kubelet Pulling image "ghcr.io/azure/azure-workload-identity/msal-go" Normal Pulled 33m kubelet Successfully pulled image "ghcr.io/azure/azure-workload-identity/msal-go" in 619.964693ms Warning BackOff 25s (x163 over 35m) kubelet Back-off restarting failed container

Jamal8548 avatar Dec 06 '22 11:12 Jamal8548

This tutorial has some errors:

first, get the KEYVAULT_URL with this

export KEYVAULT_URL="$(az keyvault show -g "${RESOURCE_GROUP}" -n ${KEYVAULT_NAME} --query properties.vaultUri -o tsv)"

and then apply pod like this: its important add this line azure.workload.identity/use: "true"

workload-identity-overview

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
  name: quick-start
  namespace: ${SERVICE_ACCOUNT_NAMESPACE}
  labels:
    azure.workload.identity/use: "true"
spec:
  serviceAccountName: ${SERVICE_ACCOUNT_NAME}
  containers:
    - image: ghcr.io/azure/azure-workload-identity/msal-go
      name: oidc
      env:
      - name: KEYVAULT_URL
        value: ${KEYVAULT_URL}
      - name: SECRET_NAME
        value: ${KEYVAULT_SECRET_NAME}
  nodeSelector:
    kubernetes.io/os: linux
EOF

miguelaristy avatar May 17 '23 02:05 miguelaristy