search

microsoft / openshift-container-platform

OpenShift Container Platform on Azure
MIT License
134 stars 195 forks source link

The provided client secret keys are expired #193

Open raiopenshift opened 4 years ago

raiopenshift commented 4 years ago

Describe the bug We installed this cluster a year ago and now all cluster servers are NotReady, in /var/log/messages I can see this error when services try to start

_azureDisk - getAllStorageAccounts error: azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://management.azure.com/subscriptions/64e2bf90-5696-4d27-831f-3661850f8ea0/resourceGroups/OCP-CollSvil/providers/Microsoft.Storage/storageAccounts?api-version=2017-10-01: StatusCode=401 -- Original Error: adal: Refresh request failed. Status Code = '401'. Response body: {"error":"invalid_client","error_description":"AADSTS7000222: The provided client secret keys are expired.\r\nTrace ID: 4fce761e-2351-453e-a984-aeda7b821500\r\nCorrelation ID: 6c99349b-4a43-4bbb-982d-055b3f585b67\r\nTimestamp: 2019-12-16 09:45:32Z","error_codes":[7000222],"timestamp":"2019-12-16 09:45:32Z","trace_id":"4fce761e-2351-453e-a984-aeda7b821500","correlationid":"6c99349b-4a43-4bbb-982d-055b3f585b67"}

I see that Azure AD App registrations client secret has expired

Expected behavior How can I renew this secret?

LorenzoBoccaccia commented 4 years ago

https://docs.microsoft.com/en-us/azure/aks/update-credentials#update-aks-cluster-with-new-credentials