Azure Service Operator

The Azure Service Operator is a Kubernetes operator for management of Azure resources over ARM.

SQL Database

Management of databases on an existing Azure SQL Server

"Login failed for user"

When reconciling AzureSQLManagedUser objects you may see the following error:

PingContext failed: Login error: mssql: Login failed for user '<token-identified principal>'.

Unlike the ARM resources the service operator usually manipulates, in order to create a SQL Server user mapping, the service operator must authenticate directly with the SQL Server, without ARM. It will only be able to authenticate if its service principal is configured as the server's AD administrator. It doesn't seem to be possible to set this to a group containing the service principal.

"provisioning failed"

Particularly in cases where the reconciliation of one resource depends on the provisioning of another you may encounter cases where provisioning fails and is not retried. The only reliable resolution to this is to recreate the affected object.

Undeleteable objects

Kubernetes finalisers are used to ensure deletion of the ARM resources prior to deletion of the Kubernetes object. In cases where a fatal error is encountered during provisioning, or bugs in the operator prevent it from successfully reconciling resources, it may be necessary to remove the azure.microsoft.com/finalizer finaliser first.


Backlinks