Guard installation in Azure - steps review


#1

Hi,

My goal is to install Guard in Azure.
I use the following documentations:

  1. https://appscode.com/products/guard/0.2.1/setup/install/

Step 1: Download version #0.2.0

Result: guard cli works.

Step 2: Initialize PKI
guard init ca
guard init server --ips=10.0.0.96 #change IP
guard init client appscode -o github
guard init client appscode.com -o google
guard init client qacode -o appscode
guard init client -o gitlab
guard init client -o azure #this what i need but i doing the step by step from the document
guard init client appscode -o ldap

Results: crt & keys created in /home/%USERNAME%/.guard/pki

Step 3:
Go to the supported authenticator link

Step 4:
guard get installer --auth-providers=azure --azure.client-id= --azure.tenant-id= --azure.client-secret= > installer.yaml

edit the installer (change the ip to 10.0.0.96 )

step 5:
than: kubectl create -f installer.yaml

Step 6:
Configure Azure Active Directory App (as the document shows)

Step 7:
kubectl config set-credentials --auth-provider=azure --auth-provider-arg=environment=AzurePublicCloud --auth-provider-arg=client-id= --auth-provider-arg=tenant-id= --auth-provider-arg=apiserver-id=

Step 8:
kubectl get pods --user

Login (see the same application that created in step 6)

Get the error: **** error: the server doesn’t have a resource type β€œpods”

Back to the first link: Configure Kubernetes API Server

Running the command:
guard get webhook-config client -o azure --addr=10.0.0.96:443

Getting error: 1111 webhok_config.go:64] Client certificate not found in /home/oronboni/.guard/pki. Run guard init client client -p azure

Will appreciate any assistance.
Willing to fix the documentation if needed.

Thank you.


#2

I suggest to use version #0.2.1. Also delete the previous guard version from the pc.

So far your set up steps are ok. You need to set the webhook config https://appscode.com/products/guard/0.2.1/setup/install/#configure-kubernetes-api-server.

Let me know if face any problem in guard version 0.2.1.


#3

Thank you very much for your response.

When i run the command:
sudo guard get webhook-config appscode -o github --addr=10.0.0.96:443
I get the config file (but when i replace the config file with the one in K8S master it fails)

Any command that relate to azure fails:
guard get webhook-config oron -o azure --addr=10.0.0.96:443
F1015 10:28:43.343692 850 webhok_config.go:64] Client certificate not found in /home/oronboni/.guard/pki. Run guard init client oron -p azure

When i replace oron with ca i get the following error:
F1015 10:29:40.881975 898 webhok_config.go:64] Client certificate not found in /home/oronboni/.guard/pki. Run guard init client ca -p azure

Can you please write an example how i get kube config with relevant for azure ?


#4

This steps worked for me:

$ guard init ca
CA certificate found at /home/ac/.guard/pki. Do you want to overwrite? [yes/No]
yes
Wrote ca certificates in  /home/ac/.guard/pki                                                                                                                                                                                                  
$ guard init client -o azure
Client certificate found at /home/ac/.guard/pki. Do you want to overwrite? [yes/No]
yes
Wrote client certificates in  /home/ac/.guard/pki                                                                                                                                                                                                
$ guard get webhook-config -o azure --addr=10.0.0.96:443

#5

Not for me (same syntax)


#6

can you check the guard version?

$ guard version

also can you give me output of this command:

$ tree $HOME/.guard/pki/

#7

guard version
I1015 13:01:43.295126 2329 logs.go:19] FLAG: --alsologtostderr=β€œfalse”
I1015 13:01:43.296142 2329 logs.go:19] FLAG: --analytics=β€œtrue”
I1015 13:01:43.296242 2329 logs.go:19] FLAG: --help=β€œfalse”
I1015 13:01:43.296697 2329 logs.go:19] FLAG: --log_backtrace_at=":0"
I1015 13:01:43.298584 2329 logs.go:19] FLAG: --log_dir=""
I1015 13:01:43.299060 2329 logs.go:19] FLAG: --logtostderr=β€œfalse”
I1015 13:01:43.309987 2329 logs.go:19] FLAG: --short=β€œfalse”
I1015 13:01:43.311103 2329 logs.go:19] FLAG: --stderrthreshold=β€œ0”
I1015 13:01:43.320416 2329 logs.go:19] FLAG: --v=β€œ0”
I1015 13:01:43.321463 2329 logs.go:19] FLAG: --vmodule=""
Version = 0.2.1
VersionStrategy = tag
Os = linux
Arch = amd64
CommitHash = 518bdbef715ee19d4acbd6be1f343dd7d37f7623
GitBranch = HEAD
GitTag = 0.2.1
CommitTimestamp = 2018-07-10T04:32:58

tree $HOME/.guard/pki/
/home/oronboni/.guard/pki/
β”œβ”€β”€ appscode.com@google.crt
β”œβ”€β”€ appscode.com@google.key
β”œβ”€β”€ appscode@github.crt
β”œβ”€β”€ appscode@github.key
β”œβ”€β”€ appscode@ldap.crt
β”œβ”€β”€ appscode@ldap.key
β”œβ”€β”€ azure@azure.crt
β”œβ”€β”€ azure@azure.key
β”œβ”€β”€ ca.crt
β”œβ”€β”€ ca.key
β”œβ”€β”€ gitlab@gitlab.crt
β”œβ”€β”€ gitlab@gitlab.key
β”œβ”€β”€ qacode@appscode.crt
β”œβ”€β”€ qacode@appscode.key
β”œβ”€β”€ server.crt
└── server.key


#8

I think I figured out the cause of this problem. When you run previous command guard will search for client@azure.crt, but they don’t exist. That why it causes this error.

Please run this command instead:

guard get webhook-config -o azure --addr=10.0.0.96:443

I think that will solve your problem.


#9

You are correct works.
Thank you.