Issue: When you are running the Terraform commands in the Azure portal, you might come across errors that can block the infrastructure deployment. Some of the possible errors are given below.
Error: making Read request on Azure KeyVault Secret slesvmpwd: azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://idmkv88211894240361.vault.azure.net/secrets/slesvmpwd/?api-version=7.1: StatusCode=401 -- Original Error: adal: Refresh request failed. Status Code = '401'. Response body: {"error":{"code":"invalid_request","message":"Required audience parameter not specified"}} Endpoint http://localhost:50342/oauth2/token │ │ with module.server.data.azurerm_key_vault_secret.slesvmpwd, │ on sles15sp2-server/main.tf line 42, in data "azurerm_key_vault_secret" "slesvmpwd": │ 42: data "azurerm_key_vault_secret" "slesvmpwd" { kubernetes_secret.example3: Creation complete after 1s [id=idm/ingress-tls] ╷
│ Error: error detecting capabilities: error PostgreSQL version: dial tcp 52.186.162.130:5432: connect: connection timed out │ │ with module.dbserver.postgresql_database.igaworkflowdb, │ on Azure-PG-Server/main.tf line 217, in resource "postgresql_database" "igaworkflowdb": │ 217: resource "postgresql_database" "igaworkflowdb" { │ az aks get-credentials --resource-group rajj_rg --name cluster-name --overwrite-existing
│ Error: making Read request on Azure KeyVault Secret uawfedbuser: azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://idmkv80357639695488.vault.azure.net/secrets/uawfedbuser/?api-version=7.1: StatusCode=401 -- Original Error: adal: Refresh request failed. Status Code = '401'. Response body: {"error":{"code":"invalid_request","message":"Required audience parameter not specified"}} Endpoint http://localhost:50342/oauth2/token │ │ with module.dbserver.data.azurerm_key_vault_secret.uawfedbuser, │ on Azure-PG-Server/main.tf line 28, in data "azurerm_key_vault_secret" "uawfedbuser": │ 28: data "azurerm_key_vault_secret" "uawfedbuser" { module.dbserver.null_resource.delay: Creation complete after 5m0s [id=5961346882319865424] ╷
│ Error: waiting for creation of Managed Kubernetes Cluster "test-akscluster" (Resource Group "idmtest_rg"): Code="ReconcileStandardLoadBalancerError" Message="Reconcile standard load balancer failed. Details: outboundReconciler retry failed: Category: ClientError; SubCode: PublicIPCountLimitReached; Dependency: Microsoft.Network/PublicIPAddresses; OrginalError: Code=\"PublicIPCountLimitReached\" Message=\"Cannot create more than 10 public IP addresses for this subscription in this region.\" Details=[]; AKSTeam: Networking, Retriable: false." │ │ with module.aks.azurerm_kubernetes_cluster.main, │ on .terraform/modules/aks/main.tf line 10, in resource "azurerm_kubernetes_cluster" "main": │ 10: resource "azurerm_kubernetes_cluster" "main" {
Workaround: To resolve this issue, perform the following steps:
Login to the Azure portal.
(Optional) Locate the Azure Kubernetes cluster configuration file path.
Run the following commands to overwrite the default config file ~/.kube/config.
aks get-credentials --resource-group <resource-group-name> --name <kube-cluster-name> --overwrite-existing
export KUBE_CONFIG_PATH=~/.kube/config
Re-run the Terraform commands. For more information, refer to section “Deploying the Identity Manager Containers” Step 6, 7, 8.