Problem
The initial deployment of Terraform Enterprise (TFE) Flexible Deployment Options (FDO) on Microsoft Azure (AKS) fails with NOAUTH Authentication required.
This can be seen in the installation logs:
kubectl logs <pod_name> -n <namespace>
Prerequisites
- Terraform Enterprise (TFE) Flexible Deployment Options (FDO) in Active-Active mode
- Deployment on Microsoft Azure (AKS)
Cause
- For installation on Microsoft Azure, it's mandatory to specify the Access Key as a
TFE_REDIS_PASSWORD
Solution:
-
In your YAML configuration file, set the following parameters and re-deploy TFE FDO.
For configuration using default, non-SSL port 6379
TFE_REDIS_HOST: "HOSTNAME_OF_YOUR_REDIS_CACHE"
TFE_REDIS_USE_AUTH: "true"
TFE_REDIS_PASSWORD: "ACCESS_KEY_OF_YOUR_REDIS_CACHE"For configuration using SSL port 6380
TFE_REDIS_HOST: "HOSTNAME_OF_YOUR_REDIS_CACHE:6380"
TFE_REDIS_USE_AUTH: "true"
TFE_REDIS_USE_TLS: "true"
TFE_REDIS_PASSWORD: "ACCESS_KEY_OF_YOUR_REDIS_CACHE"
Access keys can be found on the Azure Portal under "Azure Cache for Redis" -> name of your cache -> "Settings" -> "Access keys":
In case of doubts, you can validate the connectivity with the following commands (while TFE FDO container is being created):
#for default, non-SSL Redis port 6379
kubectl exec -n terraform-enterprise -it <PODNAME> -- redli -h $TFE_REDIS_HOST -a $TFE_REDIS_PASSWORD
# for SSL Redis port 6380
kubectl exec -n terraform-enterprise -it <PODNAME> -- redli --tls -h <DNS_NAME>.redis.cache.windows.net -p 6380 -a $TFE_REDIS_PASSWORD
Outcome
Successful installation of TFE FDO on Azure