Closed artisticcheese closed 6 years ago
I am also getting this error. Same result when running in an Administrator command window
C:\Users\sifte>az aks get-credentials -g aks -n mvaks
[Errno 13] Permission denied: 'C:\\Users\\sifte\\AppData\\Local\\Temp\\tmp4o2c9ha2'
Traceback (most recent call last):
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\main.py", line 36, in main
cmd_result = APPLICATION.execute(args)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\core\application.py", line 212, in execute
result = expanded_arg.func(params)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\core\commands\__init__.py", line 377, in __call__
return self.handler(*args, **kwargs)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\core\commands\__init__.py", line 620, in _execute_command
reraise(*sys.exc_info())
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\six.py", line 693, in reraise
raise value
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\core\commands\__init__.py", line 602, in _execute_command
result = op(client, **kwargs) if client else op(**kwargs)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\command_modules\acs\custom.py", line 1288, in aks_get_credentials
merge_kubernetes_configurations(path, additional_file.name)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\command_modules\acs\custom.py", line 829, in merge_kubernetes_configurations
with open(addition_file) as stream:
PermissionError: [Errno 13] Permission denied: 'C:\\Users\\sifte\\AppData\\Local\\Temp\\tmp4o2c9ha2
C:\Users\sifte>az --version
azure-cli (2.0.20)
acr (2.0.14)
acs (2.0.18)
appservice (0.1.19)
backup (1.0.2)
batch (3.1.6)
batchai (0.1.2)
billing (0.1.6)
cdn (0.0.10)
cloud (2.0.9)
cognitiveservices (0.1.9)
command-modules-nspkg (2.0.1)
component (2.0.8)
configure (2.0.12)
consumption (0.1.6)
container (0.1.12)
core (2.0.20)
cosmosdb (0.1.14)
dla (0.0.13)
dls (0.0.16)
eventgrid (0.1.5)
extension (0.0.5)
feedback (2.0.6)
find (0.2.7)
interactive (0.3.11)
iot (0.1.13)
keyvault (2.0.13)
lab (0.0.12)
monitor (0.0.11)
network (2.0.17)
nspkg (3.0.1)
profile (2.0.15)
rdbms (0.0.8)
redis (0.2.10)
resource (2.0.17)
role (2.0.14)
servicefabric (0.0.5)
sql (2.0.14)
storage (2.0.18)
vm (2.0.17)
Python location 'C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python.exe'
Extensions directory 'C:\Users\sifte\.azure\cliextensions
Python (Windows) 3.6.1 (v3.6.1:69c0db5, Mar 21 2017, 17:54:52) [MSC v.1900 32 bit (Intel)]
Legal docs and information: aka.ms/AzureCliLegal
Same here (works fine in WSL/Ubuntu, error only manifests itself with the Windows version of the CLI). I have full access to the Temp dir. I deactivated "Controlled Folder Access" to no avail.
C:\Users\rafb> az aks get-credentials --resource-group myK8Group --name myCluster
[Errno 13] Permission denied: 'C:\\Users\\rafb\\AppData\\Local\\Temp\\tmpn4goit44'
Traceback (most recent call last):
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\main.py", line 36, in main
cmd_result = APPLICATION.execute(args)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\core\application.py", line 212, in execute
result = expanded_arg.func(params)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\core\commands\__init__.py", line 377, in __call__
return self.handler(*args, **kwargs)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\core\commands\__init__.py", line 620, in _execute_command
reraise(*sys.exc_info())
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\six.py", line 693, in reraise
raise value
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\core\commands\__init__.py", line 602, in _execute_command
result = op(client, **kwargs) if client else op(**kwargs)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\command_modules\acs\custom.py", line 1288, in aks_get_credentials
merge_kubernetes_configurations(path, additional_file.name)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\command_modules\acs\custom.py", line 829, in merge_kubernetes_configurations
with open(addition_file) as stream:
PermissionError: [Errno 13] Permission denied: 'C:\\Users\\rafb\\AppData\\Local\\Temp\\tmpn4goit44'
PS C:\Users\rafb> az --version
azure-cli (2.0.20)
acr (2.0.14)
acs (2.0.18)
appservice (0.1.19)
backup (1.0.2)
batch (3.1.6)
batchai (0.1.2)
billing (0.1.6)
cdn (0.0.10)
cloud (2.0.9)
cognitiveservices (0.1.9)
command-modules-nspkg (2.0.1)
component (2.0.8)
configure (2.0.12)
consumption (0.1.6)
container (0.1.12)
core (2.0.20)
cosmosdb (0.1.14)
dla (0.0.13)
dls (0.0.16)
eventgrid (0.1.5)
extension (0.0.5)
feedback (2.0.6)
find (0.2.7)
interactive (0.3.11)
iot (0.1.13)
keyvault (2.0.13)
lab (0.0.12)
monitor (0.0.11)
network (2.0.17)
nspkg (3.0.1)
profile (2.0.15)
rdbms (0.0.8)
redis (0.2.10)
resource (2.0.17)
role (2.0.14)
servicefabric (0.0.5)
sql (2.0.14)
storage (2.0.18)
vm (2.0.17)
Python location 'C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python.exe'
Extensions directory 'C:\Users\rafb\.azure\cliextensions'
Python (Windows) 3.6.1 (v3.6.1:69c0db5, Mar 21 2017, 17:54:52) [MSC v.1900 32 bit (Intel)]
Legal docs and information: aka.ms/AzureCliLegal
@mboersma, please investigate. The possible cause is in the upstream method of aks_get_credentials
, the temp file is already opened, and then the downstream merge_kubernetes_configurations
tries to open it again. The Windows OS might reject such file re-opening as the first writing file handle is not yet closed.
Works when running the azure cli from a docker container image azuresdk/azure-cli-python:latest
bash-4.3# az group create -n aks2 -l westus2
Location Name
---------- ------
westus2 aks2
bash-4.3# az aks create -g aks2 -l westus2 -n mvaks2 --generate-ssh-keys -k 1.8.1 -c 1
SSH key files '/root/.ssh/id_rsa' and '/root/.ssh/id_rsa.pub' have been generated under ~/.ssh to allow SSH access to the VM. If using machines without permanent storage like Azure Cloud Shell without an attached file share, back up your keys to a safe location
Location Name ResourceGroup
---------- ------ ---------------
westus2 mvaks2 aks2
bash-4.3# az aks get-credentials -n mvaks2 -g aks2
Merged "mvaks2" as current context in /root/.kube/config
bash-4.3# az --version
azure-cli (2.0.20)
acr (2.0.14)
acs (2.0.18)
appservice (0.1.19)
backup (1.0.2)
batch (3.1.6)
batchai (0.1.2)
billing (0.1.6)
cdn (0.0.10)
cloud (2.0.9)
cognitiveservices (0.1.9)
command-modules-nspkg (2.0.1)
component (2.0.8)
configure (2.0.12)
consumption (0.1.6)
container (0.1.12)
core (2.0.20)
cosmosdb (0.1.14)
dla (0.0.13)
dls (0.0.16)
eventgrid (0.1.5)
extension (0.0.5)
feedback (2.0.6)
find (0.2.7)
interactive (0.3.11)
iot (0.1.13)
keyvault (2.0.13)
lab (0.0.12)
monitor (0.0.11)
network (2.0.17)
nspkg (3.0.1)
profile (2.0.15)
rdbms (0.0.8)
redis (0.2.10)
resource (2.0.17)
role (2.0.14)
servicefabric (0.0.5)
sql (2.0.14)
storage (2.0.18)
vm (2.0.17)
Python location '/usr/local/bin/python'
Extensions directory '/root/.azure/cliextensions'
Python (Linux) 3.5.2 (default, Dec 27 2016, 21:33:11)
[GCC 5.3.0]
Legal docs and information: aka.ms/AzureCliLegal
bash-4.3#
I get this problem when running az in Windows (PowerShell) and also in WSL bash
If I use sudo in bash it works, but then I can't use az aks browse
to view the dashboard. Help!
On v2.20 CLI in both WSL and Windows
+1 here on Windows too.
As a workaround, I used the command below to write the YAML to my kubectl config. Careful not to overwrite your existing configuration!
az aks get-credentials -g my-aks -n aks -f - > .kube\config
@tomconte I just tried that. When using that config, I get an error. It seems like it is expecting JSON, but the az aks get-credentials -f
outputs YAML
couldn't get version/kind; json parse error: json: cannot unmarshal string into Go value of type struct { APIVersion string "json:\"apiVersion,omitempty\""; Kind string "json:\"kind,omitempty\"" }
+1 I get the same error running:
az aks get-credentials --name AksKubernetes --resource-group AksKubernetesResourceGroup
from a command-prompt ran as an administrator.
Note:
I created an ACS\K8s cluster with az acs a few days ago and
az acs get-credentials --name AcsKubernetes --resource-group AcsKubernetesResourceGroup
worked as expected. I'm blocked.
Shell: Command-Prompt (run as administrator) Azure CLI installed via MSI az --version 2.0.20
I managed to run the command under sudo in WSL and then copy the ~/.kube/config
out to my Windows filesystem e.g. c:\Users\foo\.kube\config
to get the kubectl working in PowerShell.
However az aks broswe
still fails with permissions problems, and I can't get the Kubernetes dashboard working in AKS via any other means.
This is a big blocker, given that AKS is high profile new service I expect a lot of people will be hitting this. These commands are literally in the Azure docs quick start guide for AKS
This is definitely a problematic issue. As a workaround, to access the dashboard:
kubectl port-forward kubernetes-dashboard-3427906134-xlrcg 9090 --namespace kube-system
(you might need to change the Pod name; get it using kubectl get all --namespace kube-system
)
Then open http://localhost:9090/
+1 Same error here.
az --version 2.0.20 Windows
Broken in Azure Cloud Powershell as well
PS Azure:\> az aks get-credentials -g Kubernetes-RG -n Kubernetes-Cluster
[Errno 13] Permission denied: 'C:\\Users\\ContainerAdministrator\\AppData\\Local\\Temp\\tmp_xabf6zl'
Traceback (most recent call last):
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\main.py", line 36, in main
cmd_result = APPLICATION.execute(args)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\core\application.py", line 212, in execute
result = expanded_arg.func(params)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\core\commands\__init__.py", line 377, in __call__
return self.handler(*args, **kwargs)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\core\commands\__init__.py", line 620, in _execute_command
reraise(*sys.exc_info())
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\six.py", line 693, in reraise
raise value
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\core\commands\__init__.py", line 602, in _execute_command
result = op(client, **kwargs) if client else op(**kwargs)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\command_modules\acs\custom.py", line 1288, in aks_get_credentials
merge_kubernetes_configurations(path, additional_file.name)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\command_modules\acs\custom.py", line 829, in merge_kubernetes_configurations
with open(addition_file) as stream:
PermissionError: [Errno 13] Permission denied: 'C:\\Users\\ContainerAdministrator\\AppData\\Local\\Temp\\tmp_xabf6zl'
Workaround for anybody having the same issue.
az aks get-credentials -g Kubernetes-RG -n Kubernetes-Cluster
cp .kube/config /usr/<your username>/clouddrive/config
.kube\config
With this steps it works for me on Windows desktop. browse
still broken though.
Work around works great, AK AKA BROWSE
and other commands are broken still because of the ERR 13, I even assigned my environment variables TMP
and TEMP
to point to a folder I knew I had full permissions on without any success. I hope a new version is out soon that fixes this issue!
Yes really want az aks browse
to work, I can find no workaround that lets me access the AKS dashboard.
Do we have an ETA on a fix?
@benc-uk Workaround for browse is to use @tomconte comment above. It works as expected after you got your credentials squared away.
My workaround for az aks browse
is to run it in Bash on Ubuntu on Windows. Obviously a bit of a hassle if you don’t have it set up, but it works :)
Here is the workaround on windows if you don't have any clusters configured yet:
$path = "$env:USERPROFILE\.kube\config"
az aks get-credentials --resource-group=CloudServices --name=CloudServicesKubernetesCluster --file - > $path
(Get-Content $path -Raw).Replace("`r`n","`n") | Set-Content $path -Force
Please note that it will replace existing kubectl configuration
Hi @andersarpi, when I try in WSL I get the following error
error: error upgrading connection: error dialing backend: dial tcp 10.240.0.4:10250: getsockopt: connection refused
Looking at the comments in the docs, several other people report the same problem
Are there any other steps you carried out for this to work?
When could fix it? I try @tomconte 's method but I still face this issue... `C:\Program Files (x86)>az --version azure-cli (2.0.20)
acr (2.0.14) acs (2.0.18) appservice (0.1.19) backup (1.0.2) batch (3.1.6) batchai (0.1.2) billing (0.1.6) cdn (0.0.10) cloud (2.0.9) cognitiveservices (0.1.9) command-modules-nspkg (2.0.1) component (2.0.8) configure (2.0.12) consumption (0.1.6) container (0.1.12) core (2.0.20) cosmosdb (0.1.14) dla (0.0.13) dls (0.0.16) eventgrid (0.1.5) extension (0.0.5) feedback (2.0.6) find (0.2.7) interactive (0.3.11) iot (0.1.13) keyvault (2.0.13) lab (0.0.12) monitor (0.0.11) network (2.0.17) nspkg (3.0.1) profile (2.0.15) rdbms (0.0.8) redis (0.2.10) resource (2.0.17) role (2.0.14) servicefabric (0.0.5) sql (2.0.14) storage (2.0.18) vm (2.0.17)
Python location 'C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python.exe' Extensions directory 'C:\Users\guofzh.azure\cliextensions'
Python (Windows) 3.6.1 (v3.6.1:69c0db5, Mar 21 2017, 17:54:52) [MSC v.1900 32 bit (Intel)]
Legal docs and information: aka.ms/AzureCliLegal
D:\Repos\UCM>az aks get-credentials --resource-group=myResourceGroup --name=myK8sCluster
[Errno 13] Permission denied: 'C:\Users\guofzh\AppData\Local\Temp\tmp5rihzai5'
Traceback (most recent call last):
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\main.py", line 36, in main
cmd_result = APPLICATION.execute(args)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\core\application.py", line 212, in execute
result = expanded_arg.func(params)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\core\commands__init.py", line 377, in call
return self.handler(*args, *kwargs)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\core\commands__init__.py", line 620, in _execute_command
reraise(sys.exc_info())
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\six.py", line 693, in reraise
raise value
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\core\commands\init__.py", line 602, in _execute_command
result = op(client, kwargs) if client else op(kwargs)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\command_modules\acs\custom.py", line 1288, in aks_get_credentials
merge_kubernetes_configurations(path, additional_file.name)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\command_modules\acs\custom.py", line 829, in merge_kubernetes_configurations
with open(addition_file) as stream:
PermissionError: [Errno 13] Permission denied: 'C:\Users\guofzh\AppData\Local\Temp\tmp5rihzai5'`
Looks like the fix was merged in very recently https://github.com/Azure/azure-cli/pull/4762 So hoping the next release of the CLI will resolve this
Any word on release date...???
Any word on release date...???
Any word on release date...???
Any word on release date...???
Any word on release date...???
Any word on release date...??? I can verify browse does not work in clud shell either.
Any word on release date...??? I can verify browse does not work in clud shell either. #4762
We are releasing early next week.
I'm wondering if Microsoft even tests anything on Windows anymore. This issue would have been caught pretty early on since none of showcased steps would work right out of the bat.
The following workaround worked for me: Use '-f=-' to redirect to STDOUT, then redirect output to a file using '>kube.config'
Example: az aks get-credentials -g=resourcegroupname -n=clustername -f=- >kube.config
We have released the new update. It has version number 2.0.21. Get the new MSI at https://aka.ms/InstallAzureCliWindows.
Environment summary
Shell: Powershell Installed via MSI az --version 2.0.20
Getting permission denied when running
az aks get-credentials
command. Powershell is being run as administrator