search

wbuchwalter / Kubernetes-acs-engine-autoscaler

[Deprecated] Node-level autoscaler for Kubernetes clusters created with acs-engine.
Other
71 stars 22 forks source link

CrashLoopBackoff in AzureChinaCloud #64

Open ajhewett opened 7 years ago

ajhewett commented 7 years ago

Environment: a Kubernetes 1.7.9 cluster, created by acs-engine v0.9.1, in AzureChinaCloud.

acs-engine-autoscaler fails to start with the log message:

Traceback (most recent call last):
  File "/app/autoscaler/azure_api.py", line 20, in login
    tenant)
  File "/usr/local/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 137, in find_subscriptions_on_login
    username, sp_auth, tenant, self._ad_resource_uri)
  File "/usr/local/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 617, in find_from_service_principal_id
    token_entry = sp_auth.acquire_token(context, resource, client_id)
  File "/usr/local/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 828, in acquire_token
    return authentication_context.acquire_token_with_client_credentials(resource, client_id, self.secret)
  File "/usr/local/lib/python3.6/site-packages/adal/authentication_context.py", line 160, in acquire_token_with_client_credentials
    return self._acquire_token(token_func)
  File "/usr/local/lib/python3.6/site-packages/adal/authentication_context.py", line 109, in _acquire_token
    return token_func(self)
  File "/usr/local/lib/python3.6/site-packages/adal/authentication_context.py", line 158, in token_func
    return token_request.get_token_with_client_credentials(client_secret)
  File "/usr/local/lib/python3.6/site-packages/adal/token_request.py", line 316, in get_token_with_client_credentials
    token = self._oauth_get_token(oauth_parameters)
  File "/usr/local/lib/python3.6/site-packages/adal/token_request.py", line 113, in _oauth_get_token
    return client.get_token(oauth_parameters)
  File "/usr/local/lib/python3.6/site-packages/adal/oauth2_client.py", line 281, in get_token
    raise AdalError(return_error_string, error_response)
adal.adal_error.AdalError: Get Token request returned http error: 400 and server response: {"error":"invalid_request","error_description":"AADSTS90002: Tenant ad31a99f-ff60-4f7b-8091-c297651bd58a not found. This may happen if there are no active subscriptions for the tenant. Check with your subscription administrator.\r\nTrace ID: 0e69c994-a8c6-4cd3-aa6d-20f02e2d0900\r\nCorrelation ID: 5e544e98-e514-4902-ae5a-5fc9a299c208\r\nTimestamp: 2017-11-06 15:22:49Z","error_codes":[90002],"timestamp":"2017-11-06 15:22:49Z","trace_id":"0e69c994-a8c6-4cd3-aa6d-20f02e2d0900","correlation_id":"5e544e98-e514-4902-ae5a-5fc9a299c208"}
 During handling of the above exception, another exception occurred:
 Traceback (most recent call last):
  File "main.py", line 113, in <module>
    main()
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 722, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 697, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 895, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 535, in invoke
    return callback(*args, **kwargs)
  File "main.py", line 99, in main
    cluster.login()
  File "/app/autoscaler/cluster.py", line 69, in login
    self.service_principal_tenant_id)
  File "/app/autoscaler/azure_api.py", line 29, in login
    raise CLIError(err)
azure.cli.core.util.CLIError: Get Token request returned http error: 400 and server response: {"error":"invalid_request","error_description":"AADSTS90002: Tenant ad31a99f-ff60-4f7b-8091-c297651bd58a not found. This may happen if there are no active subscriptions for the tenant. Check with your subscription administrator.\r\nTrace ID: 0e69c994-a8c6-4cd3-aa6d-20f02e2d0900\r\nCorrelation ID: 5e544e98-e514-4902-ae5a-5fc9a299c208\r\nTimestamp: 2017-11-06 15:22:49Z","error_codes":[90002],"timestamp":"2017-11-06 15:22:49Z","trace_id":"0e69c994-a8c6-4cd3-aa6d-20f02e2d0900","correlation_id":"5e544e98-e514-4902-ae5a-5fc9a299c208"}

Note: I successfully use acs-engine-autoscaler in regular AureCloud environments.

It appears the acs-engine-autoscaler only uses the default AzureCloud Environment when performing a login.

Although I have not tried, I assume that the same issue exists with other sovereign clouds (e.g. Germany and US Government).

VeereshPatil commented 6 years ago

Hi @wbuchwalter, Is this bug fixed? I'm running acs-engine-autoscaler in German Cloud and i'm getting the below error, {"error":"invalid_request","error_description":"AADSTS90038: Confidential Client is not supported in Cross Cloud request.\r\nTrace ID: c17a4f7a-aba0-4940-98a8-6ce03d9b0e00\r\nCorrelation ID: abf0e855-3506-4a99-af2c-2cf2665f7e68\r\nTimestamp: 2018-06-11 06:49:55Z","error_codes":[90038],"timestamp":"2018-06-11 06:49:55Z","trace_id":"c17a4f7a-aba0-4940-98a8-6ce03d9b0e00","correlation_id":"abf0e855-3506-4a99-af2c-2cf2665f7e68"}