Open jpiquot opened 4 months ago
It seems that the ACA environment has been rollbacked by Microsoft from DAPR 1.12.5 to 1.11.6. Issues with Dapr 1.12 version in Azure?
@jpiquot apologies nobody had responded here. Yes, we had attempted to rollout 1.12.5 in ACA but ran into a problem with how the security tokens for Sentry are mounted into the sidecar. Indeed, the release was rolled back.
Why this happened: Dapr 1.12 saw several changes to Sentry and tokens that made it complex to bring this version to ACA. When rolling out Dapr 1.12 we encountered an edge case of which we were unaware.
What we did since: We immediately rolled back Dapr 1.12. We then extensively investigated the rollout problem and were able to fix this in our upcoming 1.12.X release for ACA. This will be deployed again to ACA very soon.
@greenie-msft @anthonychu this issue can be closed.
This issue is a:
Issue description
Container App cannot start anymore :
`2024-02-23T10:08:07.131004547Z time="2024-02-23T10:08:07.130923946Z" level=info msg="Fetching initial identity certificate from dapr-sentry.k8se-system.svc.cluster.local:443" app_id=dynamics365finance instance=chr-stg-hex-dynamics365finance--023bltd-5cd56b5f74-t5gxw scope=dapr.runtime.security type=log ver=1.12.5
2024-02-23T09:44:56.055250222Z time="2024-02-23T09:44:56.055035019Z" level=fatal msg="Fatal error from runtime: failed to retrieve the initial identity certificate: error from sentry SignCertificate: rpc error: code = PermissionDenied desc = token review failed: token is required for TokenReview in authentication" app_id=dynamics365finance instance=chr-stg-hex-dynamics365finance--023bltd-5cd56b5f74-t5gxw scope=dapr.runtime type=log ver=1.12.5 `
Steps to reproduce
Expected behavior Application should start without errors
Actual behavior Application fails to start
Additional context
Was working yesterday before Microsoft upgrade of Azure container apps this night (1.11.6 => 1.12.5)