terraform-provider-flux icon indicating copy to clipboard operation
terraform-provider-flux copied to clipboard

Published 20 hours ago verified publisher icon fluxcd

Error deploying Flux on AKS via Terraform provider: Certificate verification failure

Open mbaykara opened this issue 11 months ago • 0 comments

Describe the bug

I'm encountering a certificate verification error when attempting to deploy Flux on AKS using the Terraform provider.

Steps to reproduce


    flux = {
      source  = "fluxcd/flux"
      version = "1.2.3"
    }

provider "flux" {
  kubernetes = {
    host                   = module.aks.host
    client_certificate     = base64decode(module.aks.admin_client_certificate)
    client_key             = base64decode(module.aks.admin_client_key)
    cluster_ca_certificate = base64decode(module.aks.admin_cluster_ca_certificate)
  }
  git = {
    url = "ssh://git@${var.git_host}/${var.git_owner}/${var.flux_git_repo}"
    ssh = {
      username    = "git"
      private_key = var.ssh_private_key
    }
  }
}


resource "flux_bootstrap_git" "this" {
  path    = var.target_path
  version = "v2.2.3"
  components_extra = [
    "image-reflector-controller",
    "image-automation-controller"
  ]
}

Expected behavior

Terraform terminated without error

Screenshots and recordings

 Error: Bootstrap run error
│ 
│   with flux_bootstrap_git.this,
│   on flux.tf line 17, in resource "flux_bootstrap_git" "this":
│   17: resource "flux_bootstrap_git" "this" {
│ 
│ CustomResourceDefinition/alerts.notification.toolkit.fluxcd.io dry-run failed: Get "https://aks-0qp2b7k1.hcp.westeurope.azmk8s.io:443/api?timeout=32s": tls: failed to verify certificate: x509: “apiserver” certificate is not
│ trusted

OS / Distro

Azure AKS v1.28.3

Flux version

v2.0.0 and v2.1.3

Flux check

► checking prerequisites ✔ Kubernetes 1.28.3 >=1.26.0-0 ► checking version in cluster ✗ checking failed: customresourcedefinitions.apiextensions.k8s.io "gitrepositories.source.toolkit.fluxcd.io" not found ► checking controllers ✗ no controllers found in the 'flux-system' namespace with the label selector 'app.kubernetes.io/part-of=flux' ► checking crds ✗ no crds found with the label selector 'app.kubernetes.io/part-of=flux' ✗ check failed

Git provider

Github

Container Registry provider

No response

Additional context

No response

Code of Conduct

  • [X] I agree to follow this project's Code of Conduct

More

If I execute bootstrap from my local terminal, it installs Flux without any warnings or issues.

mbaykara avatar Mar 02 '24 21:03 mbaykara