Errors on Engine pods after setting up ipam on AKS about ipam HOT 9 CLOSED

Hi @DCMattyG - Thank you for your response. Sure - lets have a look together. Will email you on this. Many thanks

from ipam.

This issue has been resolved now. Actually above error messages are irrelevant, the actual problem was that our Environment variable was named incorrectly which has been kindly spotted by @DCMattyG on Teams call.

our IPAM aks deployment is public so you should be able to see all the resources and documentation here incase you need it. Enjoy!
https://github.com/hmcts/sds-flux-config/tree/master/apps/ipam

from ipam.

Wonderful news @cpareek and thank you so much for sharing your configuration so others can leverage that in the future.

It was wonderful chatting with you, and I hope you're loving the Azure IPAM project!

from ipam.

Hey @cpareek, thanks for reaching out on this issue!

I'm glad you were able to follow the examples another user shared as to how to get the Azure IPAM project running inside AKS. I am curious as to how you setup the required Service Principals and there associated permissions, as well as how you're passing those variables/secrets into the containers within AKS.

Are those objects something you manually created?

from ipam.

Hi @DCMattyG - Thanks for the response.

Yes so the Service principals and associated permissions are created using following documentation - https://azure.github.io/ipam/#/deployment/README . We already have working ipam setup which is hosted on Web App.
So I am using the same service principal which is working on Web app for the AKS setup.
I can see the Environment variables set here - https://github.com/Azure/ipam/blob/main/deploy/appService.bicep#L87-L135
and on my AKS, engine-deployment.yaml file, I got this below environment variable setup which is fetching the values as Secret on the same namespace. Because all my secrets are stored as Secret on k8s, I thought Keyvault is not needed hence no KEYVAULT_URL setup. Let me know if you think I am missing something

COSMOS_KEY
COSMOS_URL
ENGINE_APP_ID
ENGINE_APP_SECRET
TENANT_ID
UI_APP_ID

I think my engine pod can connect to cosmos DB fine, and I can see the database has been created on the cosmos DB account.

from ipam.

@DCMattyG Any thoughts on above please? I can see the error is coming up from this python script here - but unsure why its throwing that..

from ipam.

Hi @cpareek, have you checked that the Environment Variables are correctly mapped to their respective containers with the appropriate names?

If you take a look at the Docker Compose YAML we use, you'll see that the variable names are manipulated when passed to he various containers as such:

I'm not sure if you're doing the equivalent in AKS or not....perhaps something to check?

from ipam.

Hello @DCMattyG - I did have all the environment variable for ipam-engine but did not have any for the ipam-ui which I have just setup. That still did not help and its throwing same errors on the ipam-engine..
Really like to get this working :)

from ipam.

Hey @cpareek, while I do understand that you are anxious to get this solution working in AKS, I think it's important to note that we aren't specifically AKS (or Kubernetes) experts per-se. This service is comprised of a handful of containers and there are A LOT of different ways to run containers at the end of the day.

As long as the appropriate Environment Variables are configured and the containers can reach all of the required services, that should be all that is needed for this solution to function.

I'm more than happy to arrange a Teams meeting for us and I can review your setup to the best of my ability. I'm guessing there perhaps a setting missing or something similar that is causing this error. Please feel free to send me an email at [email protected] and we can find a time that works for your time zone.

Hopefully a second set of eyes is all you'll need here, and for that I'm happy to be of assistance.

from ipam.