search

Azure / acs-engine

WE HAVE MOVED: Please join us at Azure/aks-engine!
https://github.com/Azure/aks-engine
MIT License
1.03k stars 560 forks source link

Kubectl "unauthorized error" with kubernetes v1.9.2 #4351

Closed kaniki closed 5 years ago

kaniki commented 5 years ago

Is this a request for help?: no

Is this an ISSUE or FEATURE REQUEST? (choose one): yes - it is an issue

What version of acs-engine?: 0.14.0

If this is a ISSUE, please:

We had kuberenetes cluster 1.9.2 provisioned with acs-engine 0.14.0 6 months back, it was working fine with AAD RBAC integration configured from kubectl till last friday (7th december) and now we are getting the below error. Error:

o E1211 04:32:27.873650 1 oidc.go:190] oidc authenticator: failed to fetch provider discovery data: parsing time "-1" as "Mon, 02 Jan 2006 15:04:05 MST": cannot parse "-1" as "Mon" E1211 04:32:27.873703 1 authentication.go:64] Unable to authenticate the request due to an error: [invalid bearer token, [invalid bearer token, [crypto/rsa: verification error, fetch provider config: parsing time "-1" as "Mon, 02 Jan 2006 15:04:05 MST": cannot parse "-1" as "Mon"]]

need help in resolving the issue.

If this is a FEATURE REQUEST, please:

In both cases, be ready for followup questions, and please respond in a timely manner. If we can't reproduce a bug or think a feature already exists, we might close your issue. If we're wrong, PLEASE feel free to reopen it and explain why.

Orchestrator and version (e.g. Kubernetes, DC/OS, Swarm)

What happened:

What you expected to happen:

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know:

davesykeselateral commented 5 years ago

Hi, we also are having this issue since yesterday (11th December 2018) morning. We are using a couple of 1.9.3 kubernetes clusters, and it is has happened to both.

I wonder if the Azure Active Directory has changed it's expiry date to -1 in the last few days?

davesykeselateral commented 5 years ago

This has just started working for me again - maybe there was some issue with Azure Active Directory? @kaniki - any luck for you?

stale[bot] commented 5 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contribution. Note that acs-engine is deprecated--see https://github.com/Azure/aks-engine instead.