Closed cwhd closed 6 years ago
@cwhd thanks for asking. Did you deploy the solution template from Azure marketplace? The error is likely due to invalid service principal or insufficient permission of the service principal you used to deploy azure resources. You can refer to the first few steps in our document for creating the right service principal to be used.
@yuczho
I did deploy the solution from the marketplace and I double checked my principal and I followed the instructions and have one that has contributor rights to my account. I just tried to create an ACS cluster for Kubernetes with that principal and that worked fine. Any other ideas?
@yuwzho
I m looking into this issue, but I confirm that this is not the AAD issue, the ACS cluster should be created successfully, but something wrong happened when adding security rule to the new created ACS.
@cwhd Could you please share the log on the controllervm
? You can find the log at /tmp/output.log
. And check the security rule whose name starts with k8s-master-
, has the rule 102?
output.log Ok, here is the log and a screenshot of the rules from the k8-master NSG. I don't see 102 in there.
@cwhd we will take a look. Meanwhile if you didn't deploy thru Azure marketplace solution, could you please do so? Simply go to Azure marketplace and find "Elastic stack on Kubernetes" and create the solution. this reduces risks of supplying incorrect parameters to Azure resource manager.
I deleted the whole thing and started again. I did use the "Elastic stack on Kubernetes" from the marketplace and I went through the whole section of creating a principal and giving it the appropriate permissions. After that I still get an error deploying the controllerNode, in the end it's status is "Conflict" and in the error log I still see "VM has reported a failure when processing extension 'config-app'".
@cwhd just want to double check the new resource group you used for deployment was "kubtest_kubtest_westus2"? Could you upload the new output.log again please? We'll get back to you first thing Tuesday.
output.log Here is the latest log. In the last deployment I created a new resource group and named it elaskub. The script created a new resource group named elaskub_containerservice-elaskub_westus2. kubtest was a container registry I created just to make sure I could create a k8s container registry, so I did not use it in this deployment.
@cwhd Thanks for sharing your log. I notice that your SSH private key is double base64 encoded (It should be decode twice to be a private key).
Also I find your ACS doesn't have a k8s-master rule in your new deployment, I m not sure why this happen and still explore. I now add a check to check whether the rule exist, and will be released a new one later.
output.log I made sure the key was decoded properly this time but I the controller still fails to deploy. Here is the latest log.
@cwhd We now find the problem is the westus2 region not support the Azure Container Service(AKS) according to azure.com, you can try it using east us
or central us
.
For other regions, we are working on the exception you reported, also will have a test to figure out waht region we supported. Thanks very much for your reporting.
Awesome, that worked, thanks!
When I try to deploy from the template the controllerNode fails with the status code "Conflict" and the error, "VM has reported a failure when processing extension 'config-app'.". This is the full error: