Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provider Azure complains about missing az cli #380

Open
tuxpeople opened this issue Mar 22, 2024 · 2 comments
Open

Provider Azure complains about missing az cli #380

tuxpeople opened this issue Mar 22, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@tuxpeople
Copy link

I tried to follow the Azure quickstart from here: https://docs.crossplane.io/v1.15/getting-started/provider-azure/#install-the-azure-provider. I wasn't successful, even after updating the providers version (the quickstart has an older version). The ressource can not be created, saying it's missing the az cli. Please advise what I did wrong or if I hit a bug.

Environment
Single-node K3S v1.28.7+k3s1 on Ubuntu 22.04.4 LTS (GNU/Linux 5.15.0-97-generic x86_64)

Steps I did

helm repo update

az group create --name crossplane --location eastus

helm install crossplane \
crossplane-stable/crossplane \
--namespace crossplane-system \
--create-namespace

until kubectl get crd | grep providers.pkg.crossplane.io; do sleep 1; done

cat <<EOF | kubectl apply -f -
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: provider-azure-network
spec:
  package: xpkg.upbound.io/upbound/provider-azure-network:v0.42.1
EOF

kubectl create secret \
generic azure-secret \
-n crossplane-system \
--from-file=creds=./azure-credentials.json

until kubectl get crd | grep providerconfigs.azure.upbound.io; do sleep 1; done

cat <<EOF | kubectl apply -f -
apiVersion: azure.upbound.io/v1beta1
metadata:
  name: default
kind: ProviderConfig
spec:
  credentials:
    source: Secret
    secretRef:
      namespace: crossplane-system
      name: azure-secret
      key: creds
EOF

until kubectl get crd | grep virtualnetworks.network.azure.upbound.io ; do sleep 1; done

cat <<EOF | kubectl create -f -
apiVersion: network.azure.upbound.io/v1beta1
kind: VirtualNetwork
metadata:
  name: crossplane-quickstart-network
spec:
  forProvider:
    addressSpace:
      - 10.0.0.0/16
    location: "East US"
    resourceGroupName: crossplane
EOF

Result

$ kubectl describe virtualnetwork.network.azure.upbound.io/crossplane-quickstart-network
Name:         crossplane-quickstart-network
Namespace:
Labels:       <none>
Annotations:  crossplane.io/external-name: crossplane-quickstart-network
API Version:  network.azure.upbound.io/v1beta1
Kind:         VirtualNetwork
Metadata:
  Creation Timestamp:  2024-03-22T12:21:44Z
  Generation:          2
  Resource Version:    1592
  UID:                 993eb93f-ab1b-40ef-a863-0093273c34e5
Spec:
  Deletion Policy:  Delete
  For Provider:
    Address Space:
      10.0.0.0/16
    Location:             East US
    Resource Group Name:  crossplane
  Init Provider:
  Management Policies:
    *
  Provider Config Ref:
    Name:  default
Status:
  At Provider:
  Conditions:
    Last Transition Time:  2024-03-22T12:21:45Z
    Message:               connect failed: cannot initialize the Terraform plugin SDK async external client: cannot get terraform setup: failed to configure the no-fork Azure client: failed to configure the provider: [{0 unable to build authorizer for Resource Manager API: could not configure AzureCli Authorizer: could not parse Azure CLI version: launching Azure CLI: exec: "az": executable file not found in $PATH  []}]
    Reason:                ReconcileError
    Status:                False
    Type:                  Synced
Events:
  Type     Reason                   Age                   From                                                           Message
  ----     ------                   ----                  ----                                                           -------
  Warning  CannotConnectToProvider  32s (x10 over 4m33s)  managed/network.azure.upbound.io/v1beta1, kind=virtualnetwork  cannot initialize the Terraform plugin SDK async external client: cannot get terraform setup: failed to configure the no-fork Azure client: failed to configure the provider: [{0 unable to build authorizer for Resource Manager API: could not configure AzureCli Authorizer: could not parse Azure CLI version: launching Azure CLI: exec: "az": executable file not found in $PATH  []}]
@tuxpeople tuxpeople added the bug Something isn't working label Mar 22, 2024
@JohanSandblom3
Copy link

I had a similar problem and it turned out to be a malformed secret. Make sure azure-credentials.json contain all data shown in provider-family-azure's quickstart.

Ex (from the quickstart linked above):

{
  "clientId": "5d73973c-1933-4621-9f6a-9642db949768",
  "clientSecret": "24O8Q~db2DFJ123MBpB25hdESvV3Zy8bfeGYGcSd",
  "subscriptionId": "c02e2b27-21ef-48e3-96b9-a91305e9e010",
  "tenantId": "7060afec-1db7-4b6f-a44f-82c9c6d8762a",
  "activeDirectoryEndpointUrl": "https://login.microsoftonline.com",
  "resourceManagerEndpointUrl": "https://management.azure.com/",
  "activeDirectoryGraphResourceId": "https://graph.windows.net/",
  "sqlManagementEndpointUrl": "https://management.core.windows.net:8443/",
  "galleryEndpointUrl": "https://gallery.azure.com/",
  "managementEndpointUrl": "https://management.core.windows.net/"
}

@erkules
Copy link

erkules commented Sep 7, 2024

FYI from the Doku:

az ad sp create-for-rbac \
--sdk-auth \
--role Owner \
--scopes /subscriptions/..

--ask-auth is deprecated. If you omit that option the resulting file misses all the extra informations required in the azure-credentials.json as @JohanSandblom3 mentioned.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@erkules @tuxpeople @JohanSandblom3