堆栈内存溢出
  简体   繁体   English

带有Azure Kubernetes服务的Azure内部负载均衡器不起作用

[英]Azure internal load balancer with Azure Kubernetes Service not working

 原文  2018-07-12 21:28:11       azure/ kubernetes/ azure-aks/ azure-kubernetes

问题描述

I am trying to connect to internal load balancer using the below link: https://docs.microsoft.com/en-us/azure/aks/internal-lb 我正在尝试使用以下链接连接到内部负载均衡器: https : //docs.microsoft.com/zh-cn/azure/aks/internal-lb

I see a non existing user in error message I am receiving: 我收到一条错误消息,看到一个不存在的用户: 

Warning  CreatingLoadBalancerFailed  3m (x7 over 9m)  service-controller  Error creating load balancer (will retry): failed to ensure load balancer for service default/azure-vote-front: network.SubnetsClient#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client '91c18461-XXXXXXXX---1441d7bcea67' with object id '91c18461-XXXXXXXXX-1441d7bcea67' does not have authorization to perform action 'Microsoft.Network/virtualNetworks/subnets/read' over scope '/subscriptions/996b68c3-ec32-46d4-8d0e-80c6da2c1a3b/resourceGroups/<<resource group>>/providers/Microsoft.Network/virtualNetworks/<<VNET>>/subnets/<<subnet id>>

When I search this user in my azure subscription, I do not find it. 当我在Azure订阅中搜索该用户时,找不到该用户。 Any help shall be highly appreciated 任何帮助将不胜感激

Below is my manifest file 下面是我的清单文件 

apiVersion: apps/v1beta1
    kind: Deployment
    metadata:
      name: azure-vote-back
    spec:
      replicas: 1
      template:
        metadata:
          labels:
            app: azure-vote-back
        spec:
          containers:
          - name: azure-vote-back
            image: redis
            ports:
            - containerPort: 6379
              name: redis
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: azure-vote-back
    spec:
      ports:
      - port: 6379
      selector:
        app: azure-vote-back
    ---
    apiVersion: apps/v1beta1
    kind: Deployment
    metadata:
      name: azure-vote-front
    spec:
      replicas: 1
      strategy:
        rollingUpdate:
          maxSurge: 1
          maxUnavailable: 1
      minReadySeconds: 5 
      template:
        metadata:
          labels:
            app: azure-vote-front
        spec:
          containers:
          - name: azure-vote-front
            image: phishbotstagingregistry.azurecr.io/azure-vote-front:v1
            ports:
            - containerPort: 80
            resources:
              requests:
                cpu: 250m
              limits:
                cpu: 500m
            env:
            - name: REDIS
              value: "azure-vote-back"
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: azure-vote-front
      annotations:
        service.beta.kubernetes.io/azure-load-balancer-internal: "true"
    spec:
      type: LoadBalancer
      ports:
      - port: 80
      selector:
        app: azure-vote-front

1 个解决方案

解决方案1
 1  2018-07-13 05:40:12

When you created AKS you provided wrong credentials (or stripped permissions later). 在创建AKS时,您提供了错误的凭据(或稍后删除了权限)。 So the service principal AKS is not authorized to create that resource (which the error clearly states). 因此,服务主体AKS无权创建该资源(错误明确指出)。

Code="AuthorizationFailed" Message="The client '91c18461-XXXXXXXX---1441d7bcea67' with object id '91c18461-XXXXXXXXX-1441d7bcea67' does not have authorization to perform action 'Microsoft.Network/virtualNetworks/subnets/read' over scope '/subscriptions/996b68c3-ec32-46d4-8d0e-80c6da2c1a3b/resourceGroups/<>/providers/Microsoft.Network/virtualNetworks/<>/subnets/<> 代码=“ AuthorizationFailed”消息=“客户端ID为'91c18461-XXXXXXXXX-1441d7bcea67'的客户端'91c18461-XXXXXXXX --- 1441d7bcea67'没有权限在范围'上执行操作'Microsoft.Network/virtualNetworks/subnets/read' /订阅/ 996b68c3-ec32-46d4-8d0e-80c6da2c1a3b / resourceGroups / <> /提供商/ Microsoft.Network / virtualNetworks / <> /子网/ <>

You can use az aks list --resource-group <your-resource-group> to find your service principal, but the error kinda gives that away. 您可以使用az aks list --resource-group <your-resource-group>来找到您的服务主体,但该错误还可以解决这个问题。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Azure kubernetes - 带有内部负载均衡器的 Istio 控制器 - Azure kubernetes - Istio controller with Internal load balancer Azure Kubernetes 服务 - 负载均衡器现在显示 - Azure Kubernetes Service - Load Balancer now showing Azure内部负载平衡器IP - Azure internal load balancer IP Azure内部负载均衡器主机名? - Azure internal load balancer hostname? 无法将撇号添加到Azure云服务内部负载均衡器设置 - Cannot add apostrophe to Azure Cloud Service Internal Load Balancer settings Azure负载均衡器规则无法正常工作 - Azure load balancer rule not working 对Azure负载平衡器的更改不起作用 - Changes to Azure Load balancer not working Kubernetes IaaS群集上的Azure负载均衡器 - Azure Load Balancer on Kubernetes IaaS Cluster Azure外部负载均衡器和Kubernetes群集 - Azure External Load Balancer and Kubernetes cluster Kubernetes上的Azure负载均衡器未加载终结点 - Azure load balancer on Kubernetes not loading endpoint
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM