如何连接HCP向AKS集群进行身份验证以部署Helm和K8资源?

问题描述 投票:0回答:1

我正在尝试在我的 AKS 集群上部署一些 Helm Chart 和 K8 资源。

我正在尝试以下提供程序配置。我从 Terraform 示例

获得了以下提供程序配置 
data "azurerm_kubernetes_cluster" "info" {
  depends_on          = [module.aks]
  name                = "${var.app}-${var.environment_prefix}-aks"
  resource_group_name = module.resource_group.name
}

provider "helm" {
  kubernetes {
    host                   = data.azurerm_kubernetes_cluster.info.kube_config.0.host
    client_certificate     = base64decode(data.azurerm_kubernetes_cluster.info.kube_config.0.client_certificate)
    client_key             = base64decode(data.azurerm_kubernetes_cluster.info.kube_config.0.client_key)
    cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.info.kube_config.0.cluster_ca_certificate)
  }
}



provider "kubernetes" {
  host                   = data.azurerm_kubernetes_cluster.info.kube_config.0.host
  client_certificate     = base64decode(data.azurerm_kubernetes_cluster.info.kube_config.0.client_certificate)
  client_key             = base64decode(data.azurerm_kubernetes_cluster.info.kube_config.0.client_key)
  cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.info.kube_config.0.cluster_ca_certificate)
}

舵图示例

resource "helm_release" "soc_loki" {
  name       = "loki"
  repository = "https://grafana.github.io/helm-charts"
  chart      = "loki"
  version    = "6.22.0"
  namespace  = "soc-loki"

  values = [
    "${file("./helm_charts_values/loki/values.yaml")}",
    "${file("./helm_charts_values/loki/env/${var.environment_prefix}.yaml")}"
  ]
}

每次我在 HCP 上运行 Terraform apply 时,都会显示此错误 

Error: Kubernetes cluster unreachable: the server has asked for the client to provide credentials
。是否依赖于 AKS 身份验证?我正在使用
Entra ID authentication with Azure RBAC

kubernetes terraform kubernetes-helm azure-aks
1个回答
0
投票

由于我使用带有支架的 Azure AD,所以我需要使用 kube_admin_config。

下面的提供商配置对我有用

data "azurerm_kubernetes_cluster" "info" {
  depends_on          = [module.aks]
  name                = "${var.app}-${var.environment_prefix}-aks"
  resource_group_name = module.resource_group.name
}

provider "helm" {
  kubernetes {
    host                   = data.azurerm_kubernetes_cluster.info.kube_admin_config.0.host
    cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.info.kube_admin_config.0.cluster_ca_certificate)
    client_certificate     = base64decode(data.azurerm_kubernetes_cluster.info.kube_admin_config.0.client_certificate)
    client_key             = base64decode(data.azurerm_kubernetes_cluster.info.kube_admin_config.0.client_key)
  }
}

provider "kubernetes" {
  host                   = data.azurerm_kubernetes_cluster.info.kube_admin_config.0.host
  cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.info.kube_admin_config.0.cluster_ca_certificate)
  client_certificate     = base64decode(data.azurerm_kubernetes_cluster.info.kube_admin_config.0.client_certificate)
  client_key             = base64decode(data.azurerm_kubernetes_cluster.info.kube_admin_config.0.client_key)
}
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.