Error: couldn't find key sesssionKey in Secret tanzu-system-auth/gangway in VMware Tanzu Kubernetes Grid Edition (TKGI)

search cancel

Error: couldn't find key sesssionKey in Secret tanzu-system-auth/gangway in VMware Tanzu Kubernetes Grid Edition (TKGI)

book

Article ID: 297299

calendar_today

Updated On:

Products

VMware Tanzu Kubernetes Grid

Issue/Introduction

Pre-checks

You are following the documentation for Create Clusters with User Authentication
You have successfully completed the following steps:
- Deploy Dex on your management cluster (on vSphere or AWS)
- Deploy an OIDC-enabled Tanzu Kubernetes cluster
You are trying to complete the following step but have ran into an error when creating the deployment for Gangway
- Enable Gangway on the OIDC-enabled cluster (vSphere or AWS)

Symptoms and Errors

After running the command to create the gangway deployment [vSphere] - kubectl apply -f tkg-extensions-v1.0.0/authentication/gangway/vsphere/05-deployment.yaml), you tried running kubectl -n tanzu-system-auth get pods to check the status of the gangway deployment and you see a similar output reporting CreateContainerConfigError:

NAME                       READY   STATUS                       RESTARTS   AGE
gangway-7c89698bc8-pdzcn   0/1     CreateContainerConfigError   0          9s

To further investigate you tried checking the events with the following command, kubectl -n tanzu-system-auth describe pods gangway-<id>, and found the following error reported in the events:

Error: couldn't find key sesssionKey in Secret tanzu-system-auth/gangway

Root cause

One of the steps (Step -7) in enabling Gangway on your oidc cluster (workload cluster) is to configure a secret and update the sesssionKey parameter in tkg-extensions-v1.0.0/authentication/gangway/vsphere/03-secret.yaml file
Kubelet process running on the cluster cannot find a secret named sesssionKey

Environment

Product Version: 1.0
OS: PhotonOS

Resolution

Open the tkg-extensions-v1.0.0/authentication/gangway/vsphere/03-secret.yaml file and confirm if you have the parameter named as sesssionKey.

Note: Yes, that is correct, it is a typo but it must be spelled out with an extra "s" in its name. Naming this parameter to sessionKey or something else will produce the error above.

The sesssionKey parameter can also be found in Gangway's deployment (tkg-extensions-v1.0.0/authentication/gangway/vsphere/05-deployment.yaml). Make sure that it matches the parameter name from the previous step.

Example:

Option 1

Keeping the name of the parameter as sesssionKey will help resolve the error above.
You can either directly edit the secret by using the following command:

kubectl -n tanzu-system-auth edit secrets gangway

Option 2

Edit the following file with correct configurations: tkg-extensions-v1.0.0/authentication/gangway/vsphere/03-secret.yaml
Run the following command:

kubectl apply -f tkg-extensions-v1.0.0/authentication/gangway/vsphere/03-secret.yaml

Feedback

thumb_up Yes

thumb_down No