I'm trying to deploy Kubernetes through ACS. The deployment works perfectly but as soon as I try connect to the cluster with kubectl proxy it fails.
Every kubectl command fails.
I SSH'ed to the server and found out only one container started. Not a single other one in sight even with -a.
Anyone got a clue to why this happens?
According to your description, it seems you have not configured the Service Principal correctly.
You may need to check to ensure the credentials were provided accurately, and that the configured Service Principal has read and write permissions to the target Subscription.
If your Service Principal is misconfigured, none of the kubernetes components will come up in a healthy manner. We can check to see if this the problem:
root#k8s-master-D9DE702A-0:~# journalctl -u kubelet | grep --text autorest
If you see output that looks like the following, it means you have not configured the service Principal correctly.
May 18 07:09:36 k8s-master-D9DE702A-0 docker[5534]: E0518 07:09:36.901937 5920 kubelet.go:1186] Cannot get Node info: failed to get external ID from cloud provider: autorest#WithErrorUnlessStatusCode: POST https://login.microsoftonline.com/1fcf418e-66ed-4c99-9449-d8e18bf8737a/oauth2/token?api-version=1.0 failed with 400 Bad Request: StatusCode=400
May 18 07:09:37 k8s-master-D9DE702A-0 docker[5534]: E0518 07:09:37.119646 5920 kubelet_node_status.go:70] Unable to construct api.Node object for kubelet: failed to get external ID from cloud provider: autorest#WithErrorUnlessStatusCode: POST https://login.microsoftonline.com/1fcf418e-66ed-4c99-9449-d8e18bf8737a/oauth2/token?api-version=1.0 failed with 400 Bad Request: StatusCode=400
More information about how to create /configure a service principal for ACS-Engin Kubernetes cluster, please refer to this Azure CLI 2.0 or PowerShell.
We can use CLI 2.0 to get the information about ACS, the clientId is the service principal.
C:\Users>az acs show -g k8s -n containerservice-k8s
{
"agentPoolProfiles": [
{
.
.
.
.
},
"provisioningState": "Succeeded",
"resourceGroup": "k8s",
"servicePrincipalProfile": {
"clientId": "1498b171-xxxx-xxxx-xxxx-8ef56a178b89",
"secret": null
},
"tags": null,
"type": "Microsoft.ContainerService/ContainerServices",
"windowsProfile": null
}
We can use PowerShell to get the service principal:
PS C:\Users> Get-AzureRmADServicePrincipal | ?{ $_.ApplicationId -eq "1498b171-xxxx-xxxx-xxxx-8ef56a178b89" } | fl *
ServicePrincipalNames : {http://azure-cli-2017-04-13-08-16-07, 1498b171-xxxx-xxxx-xxxx-8ef56a178b89}
ApplicationId : 1498b171-xxxx-xxxx-xxxx-8ef56a178b89
DisplayName : azure-cli-2017-04-13-08-16-07
Id : d86886b9-xxxx-xxxx-xxxx-25ab57803a33
Type : ServicePrincipal
Related
I am deploying a static react web app into azure static website (blob storage) using the command
While doing so I am doing it through Azure CLI (Inline command).
az storage blob upload-batch -s ./ -d '$web' \
--account-name <storage_acct_name> \
--account-key <storage_acct_key>
This command gives me an error
2022-11-17T08:27:29.5243851Z ERROR: Failed to connect to MSI. Please make sure MSI is configured correctly.
2022-11-17T08:27:29.5244667Z Get Token request returned http error: 400, reason: Bad Request
2022-11-17T08:27:29.5274714Z ##[error]Error Code: [1]
2022-11-17T08:27:29.5283948Z ##[error]Error: Azure login failed using Managed Service Identity
2022-11-17T08:27:29.5285668Z ##[error]Script failed with error: ERROR: Failed to connect to MSI. Please make sure MSI is configured correctly.
What could be possible solution to get over this issue.
I tried in my environment and successfully deployed static web app in $Web.
Before running the command make sure you have logged in with current credentials:
az login --tenant xxxx-xxxxxxxxxxxxxx-xxxxx”
Command:
az storage blob upload-batch -d '$web' -s < path > --account-name <account name > --account-key "<account key>
Console:
Portal:
Reference:
azure - Configuration of Managed Service Identity(MSI) - Stack Overflow for pipeline problems.
Getting token from Cloud Shell intermittently fails with 400 Client Error: Bad Request · Issue #11749 · Azure/azure-cli · GitHub
I am using following az api call command az apim show -n Namexxx -g RGxxx. As an output I am getting below:
{
"additionalLocations": null,
"apiVersionConstraint": {
"minApiVersion": null
},
"certificates": null,
"createdAtUtc": "2021-10-15T08:49:38.486813+00:00",
"customProperties": {
"Microsoft.WindowsAzure.ApiManagement.Gateway.Protocols.Server.Http2": "false",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30": "false",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10": "false",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11": "false",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168": "true",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30": "false",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10": "false",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11": "false"
},
I need to modify one of the customProperties. I tried to use command: az apim update -n xxNamexx -g xxRGxx --set customProperties.Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168=false but I am getting an error like below:
Couldn't find 'Microsoft' in 'customProperties.Microsoft.WindowsAzure.ApiManagement.Gateway.Security'. Available options: ['Microsoft.WindowsAzure.ApiManagement.Gateway.Protocols.Server.Http2'
In MS API dos didn't find any useful information --> AZ apim API
#tester81
Command group 'apim' is experimental and under development.I tested the functionality at my end and I was encountering the same issue in a WinPowershell.
I did find an different behavior at the Ubuntu Terminal.
If you are not making use of Win Powershell/cmd for invoking the az commandlet, you could probably try the below script at your end in your linux terminal.
customPropertiesUpdated=$(az apim show -n <APIM NAME> -g <APIM RESOURCE GROUP> --query customProperties | jq '."Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168" = "True"')
az apim update -n <APIM NAME> -g <APIM RESOURCE GROUP> --set customProperties="$customPropertiesUpdated"
The above script helped in changing the state. However, a relative script in Win Powershell / Commad prompt / Cloud shell did not.
The Alternative or the recommended approach would be to make use of the REST API - until it is out of the experimental stage.
Please do see properties.customProperties - Api Management Service - Create Or Update - REST API (Azure API Management) | Microsoft Docs
For web deployment using FTP;I came across a situation, where i'm using Azure CLI command to create an app service plan in FREE tier to deploy the web app in it.
Here is how i am approaching:
used command:
az login --allow-no-subscriptions
sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code xxxxxxx to authenticate. Working fine with below result.
[
{
"cloudName": "AzureCloud",
"id": "1fdacf7a-xxxxx-xxxx-xxxx-xxxxxxxxxxxxx",
"isDefault": true,
"name": "N/A(tenant level account)",
"state": "Enabled",
"tenantId": "1fdacf7a-xxxxx-xxxx-xxxx-xxxxxxxxxxxxx",
"user": {
"name": "email#gmail.com",
"type": "user"
}
}
]
Then, create basic app service plan using :
"az appservice plan create -g MyResourceGroup -n MyPlan"
This gives me error saying "The subscription 1fdacf7a-xxxxx-xxxx-xxxx-
xxxxxxxxxxxxx could not be found.
How to resolve this problem? Thanks.
I can reproduce your issue, to fix the issue, please don't use the --allow-no-subscriptions parameter.
You just need to login with:
az login
or
az login --use-device-code
Then use the command below to set the subscription:
az account set --subscription 1fdacf7a-xxxxx-xxxx-xxxx-xxxxxxxxxxxxx
Run az appservice plan create -g MyResourceGroup -n MyPlan:
I am trying to get a sample Service Fabric Mesh application deployed to Azure. The deployment shows as being successful, but I am unable to access the application once it is deployed. The only evidence I can find that there is an issue is the "UnhealthyEvaluation" property returned when querying the app via PowerShell CLI.
Here is what that shows.
PS C:\WINDOWS\system32> az mesh app show --resource-group Proto --name todolistapp-CsProto
{
"debugParams": null,
"description": "todolistapp description.",
"diagnostics": null,
"healthState": "Warning",
"id": "/subscriptions/2224ba65-ee14-4fa5-b62c-f586d05b6bb5/resourcegroups/Proto/providers/Microsoft.ServiceFabricMesh/applications/todolistapp-CsProto",
"location": "eastus",
"name": "todolistapp-CsProto",
"provisioningState": "Succeeded",
"resourceGroup": "Proto",
"serviceNames": [
"WebFrontEnd",
"Service1"
],
"services": null,
"status": "Ready",
"statusDetails": null,
"tags": {},
"type": "Microsoft.ServiceFabricMesh/applications",
"unhealthyEvaluation": "Unhealthy deployed applications: 100% (1/1), MaxPercentUnhealthyDeployedApplications=0%.\r\n Unhealthy deployed application: ApplicationName='fabric:/todolistapp-CsProto', NodeName='_Dev_1', AggregatedHealthState='Warning'.\r\n Unhealthy deployed service packages: 50% (
1/2).\r\n Unhealthy deployed service package: ApplicationName='fabric:/todolistapp-CsProto', ServiceManifestName='Service1Pkg', ServicePackageActivationId='5a5b1584-ea7d-46bf-9ce2-ad56b2c843ff', NodeName='_Dev_1', AggregatedHealthState='Warning'.\r\n Unhealthy event: SourceId='System.Hos
ting', Property='CodePackageActivation:Service1:EntryPoint', HealthState='Warning', ConsiderWarningAsError=false. 'There was an error during CodePackage activation.System.Fabric.FabricException (-2147017731)\r\nFailed to start Container. ContainerName=sf-155-f0b08730-815a-421c-a312-0334c3f9b11c_5a5b
1584-ea7d-46bf-9ce2-ad56b2c843ff, ApplicationId=SingleInstance_148_App155, ApplicationName=fabric:/todolistapp-CsProto. DockerRequest returned StatusCode=InternalServerError with ResponseBody={\"message\":\"failed to create endpoint sf-155-f0b08730-815a-421c-a312-0334c3f9b11c_5a5b1584-ea7d-46bf-9ce2
-ad56b2c843ff on network nat: HNS failed with error : You were not connected beca'\r\n"
}
I'm happy to provide any additional information that might be helpful in figuring this out. Part of the problem is that the Azure Portal UI for the Service Fabric Mesh application and services does not show any logging. I believe that is because the logs have not yet been implemented there. Additionally, querying the container logs via PowerShell CLI isn't returning anything either.
PowerShell Container Log
PS C:\WINDOWS\system32> az mesh code-package-log get --resource-group Proto --app-name todolistapp-CsProto --service-name WebFrontEnd --replica-name 0 --code-package-name WebFrontEnd
{'additional_properties': {}, 'content': ''}
and
PS C:\WINDOWS\system32> az mesh code-package-log get --resource-group Proto --app-name todolistapp-CsProto --service-name Service1 --replica-name 0 --code-package-name Service1
{'additional_properties': {}, 'content': ''}
Any insight on this would be greatly appreciated!
I am trying azure group command using cli. its giving me error:
error: Deployment provisioning state was not successful
Below is the command i am using:
azure group deployment create -g "Default" --template-uri https://raw.githubusercontent.com/reshmai/azure/master/testmitheshgithubdb.json
For more info : When i tried with different uri with not given serverName. Its successfully created, but with serverName its not getting created, error is throwing.