Guard installation in Azure - steps review



My goal is to install Guard in Azure.
I use the following documentations:


Step 1: Download version #0.2.0

Result: guard cli works.

Step 2: Initialize PKI
guard init ca
guard init server --ips= #change IP
guard init client appscode -o github
guard init client -o google
guard init client qacode -o appscode
guard init client -o gitlab
guard init client -o azure #this what i need but i doing the step by step from the document
guard init client appscode -o ldap

Results: crt & keys created in /home/%USERNAME%/.guard/pki

Step 3:
Go to the supported authenticator link

Step 4:
guard get installer --auth-providers=azure --azure.client-id= --azure.tenant-id= --azure.client-secret= > installer.yaml

edit the installer (change the ip to )

step 5:
than: kubectl create -f installer.yaml

Step 6:
Configure Azure Active Directory App (as the document shows)

Step 7:
kubectl config set-credentials --auth-provider=azure --auth-provider-arg=environment=AzurePublicCloud --auth-provider-arg=client-id= --auth-provider-arg=tenant-id= --auth-provider-arg=apiserver-id=

Step 8:
kubectl get pods --user

Login (see the same application that created in step 6)

Get the error: **** error: the server doesn’t have a resource type β€œpods”

Back to the first link: Configure Kubernetes API Server

Running the command:
guard get webhook-config client -o azure --addr=

Getting error: 1111 webhok_config.go:64] Client certificate not found in /home/oronboni/.guard/pki. Run guard init client client -p azure

Will appreciate any assistance.
Willing to fix the documentation if needed.

Thank you.


I suggest to use version #0.2.1. Also delete the previous guard version from the pc.

So far your set up steps are ok. You need to set the webhook config

Let me know if face any problem in guard version 0.2.1.


Thank you very much for your response.

When i run the command:
sudo guard get webhook-config appscode -o github --addr=
I get the config file (but when i replace the config file with the one in K8S master it fails)

Any command that relate to azure fails:
guard get webhook-config oron -o azure --addr=
F1015 10:28:43.343692 850 webhok_config.go:64] Client certificate not found in /home/oronboni/.guard/pki. Run guard init client oron -p azure

When i replace oron with ca i get the following error:
F1015 10:29:40.881975 898 webhok_config.go:64] Client certificate not found in /home/oronboni/.guard/pki. Run guard init client ca -p azure

Can you please write an example how i get kube config with relevant for azure ?


This steps worked for me:

$ guard init ca
CA certificate found at /home/ac/.guard/pki. Do you want to overwrite? [yes/No]
Wrote ca certificates in  /home/ac/.guard/pki                                                                                                                                                                                                  
$ guard init client -o azure
Client certificate found at /home/ac/.guard/pki. Do you want to overwrite? [yes/No]
Wrote client certificates in  /home/ac/.guard/pki                                                                                                                                                                                                
$ guard get webhook-config -o azure --addr=


Not for me (same syntax)


can you check the guard version?

$ guard version

also can you give me output of this command:

$ tree $HOME/.guard/pki/


guard version
I1015 13:01:43.295126 2329 logs.go:19] FLAG: --alsologtostderr=β€œfalse”
I1015 13:01:43.296142 2329 logs.go:19] FLAG: --analytics=β€œtrue”
I1015 13:01:43.296242 2329 logs.go:19] FLAG: --help=β€œfalse”
I1015 13:01:43.296697 2329 logs.go:19] FLAG: --log_backtrace_at=":0"
I1015 13:01:43.298584 2329 logs.go:19] FLAG: --log_dir=""
I1015 13:01:43.299060 2329 logs.go:19] FLAG: --logtostderr=β€œfalse”
I1015 13:01:43.309987 2329 logs.go:19] FLAG: --short=β€œfalse”
I1015 13:01:43.311103 2329 logs.go:19] FLAG: --stderrthreshold=β€œ0”
I1015 13:01:43.320416 2329 logs.go:19] FLAG: --v=β€œ0”
I1015 13:01:43.321463 2329 logs.go:19] FLAG: --vmodule=""
Version = 0.2.1
VersionStrategy = tag
Os = linux
Arch = amd64
CommitHash = 518bdbef715ee19d4acbd6be1f343dd7d37f7623
GitBranch = HEAD
GitTag = 0.2.1
CommitTimestamp = 2018-07-10T04:32:58

tree $HOME/.guard/pki/
β”œβ”€β”€ appscode@github.crt
β”œβ”€β”€ appscode@github.key
β”œβ”€β”€ appscode@ldap.crt
β”œβ”€β”€ appscode@ldap.key
β”œβ”€β”€ azure@azure.crt
β”œβ”€β”€ azure@azure.key
β”œβ”€β”€ ca.crt
β”œβ”€β”€ ca.key
β”œβ”€β”€ gitlab@gitlab.crt
β”œβ”€β”€ gitlab@gitlab.key
β”œβ”€β”€ qacode@appscode.crt
β”œβ”€β”€ qacode@appscode.key
β”œβ”€β”€ server.crt
└── server.key


I think I figured out the cause of this problem. When you run previous command guard will search for client@azure.crt, but they don’t exist. That why it causes this error.

Please run this command instead:

guard get webhook-config -o azure --addr=

I think that will solve your problem.


You are correct works.
Thank you.