Kubernetes pod throwing CredentialUnavailableException: EnvironmentCredential authentication unavailable

Question

I am running a Spring Boot application utilizing Azure Kubernetes Service. I found this strange error in my pod logs recently.

com.azure.identity.CredentialUnavailableException: EnvironmentCredential authentication unavailable. Environment variables are not fully configured.To mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azsdk/java/identity/environmentcredential/troubleshoot ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established. SharedTokenCacheCredential authentication unavailable. No accounts were found in the cache. IntelliJ Authentication not available. Please log in with Azure Tools for IntelliJ plugin in the IDE. Failed to read Vs Code credentials from Linux Key Ring. AzureCliCredential authentication unavailable. Azure CLI not installed.To mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azsdk/java/identity/azclicredential/troubleshoot Unable to execute PowerShell. Please make sure that it is installed in your systemTo mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azure-identity-java-default-azure-credential-troubleshoot

Any hints are much appreciated !

My trails so far:

1. Upgrade/Downgrade Kubernetes versions
2. Checking Environment Variable Assignments

Answer 1

Could you please validate that you are setting the following environment variables?

1. ENVIRONMENT_VARIABLES ensure that the variables azure_client, azure_tenant and azure_client_secret are properly set.

Below steps will work when authenticate using environment variables: Please add the following variables in env_path,

export AZURE_CLIENT_ID=XXXXXXXXXXXXXX
export AZURE_TENANT_ID=XXXXXXXXXXXXX
export AZURE_CLIENT_SECRET=XXXXXXXX

Check your environment variables with

System.getenv("AZURE_CLIENT_ID")

2. MANAGEDIDENTITY_CREDENTIALS

Managed Identity is currently unsupported by the Java, we can use an secret or a certificate authentication for Sample:

export AZURE_CLIENT_ID=XXXXXXXXXXXXXX
export AZURE_TENANT_ID=XXXXXXXXXXXXX
export AZURE_CLIENT_CERTIFICATE_PATH=XXXXXXXXXXXX

3. In VS, go to Tools > Options>Azure Service Authentication > Account Selection> Sign_in with your credentials

If you see the "Re-enter your credentials link, click it and sign in again. if not sign_out and sign_in again.

4. PROFILE_ENV_APPLICATION Please check the profile environment for the application

windir\System32\inetsrv\config\applicationHost.config

In application.config file if it setProfileEnvironment is false, change it to True.

If not, add it under <applicationPoolDefaults> tag like below.

<applicationPoolDefaults managedRuntimeVersion="vXX">
<processModel identityType="ApplicationPoolIdentity" loadUserProfile="true" setProfileEnvironment="true">

5. SHARED_TOKEN_CASHE_CREDENTIAL

for shared token cache credentials we have to add the below command

DefaultAzureCredential(connection_verify=False, exclude_shared_token_cache_credential=True

6. AZURE_CLI_CREDENTIAL AND AZURE_CLI in environment variable add your PATH run the terminal echo $PATH

7. POWERSHELL

open the PowerShell and run as a administrator, run the command to fix the disk and display a status report

Chkdsk c: /F 

after this command You will have to restart the computer to work the PowerShell.