Azure内部负载平衡器,Azure Kubernetes服务不工作 [英] Azure internal load balancer with Azure Kubernetes Service not working

查看:0
本文介绍了Azure内部负载平衡器,Azure Kubernetes服务不工作的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试使用以下链接连接到内部负载均衡器: https://docs.microsoft.com/en-us/azure/aks/internal-lb

我在收到的错误消息中看到非现有用户:

Warning  CreatingLoadBalancerFailed  3m (x7 over 9m)  service-controller  Error creating load balancer (will retry): failed to ensure load balancer for service default/azure-vote-front: network.SubnetsClient#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client '91c18461-XXXXXXXX---1441d7bcea67' with object id '91c18461-XXXXXXXXX-1441d7bcea67' does not have authorization to perform action 'Microsoft.Network/virtualNetworks/subnets/read' over scope '/subscriptions/996b68c3-ec32-46d4-8d0e-80c6da2c1a3b/resourceGroups/<<resource group>>/providers/Microsoft.Network/virtualNetworks/<<VNET>>/subnets/<<subnet id>>

当我在我的Azure订阅中搜索此用户时,我没有找到它。 如有任何帮助,不胜感激

下面是我的清单文件

apiVersion: apps/v1beta1
    kind: Deployment
    metadata:
      name: azure-vote-back
    spec:
      replicas: 1
      template:
        metadata:
          labels:
            app: azure-vote-back
        spec:
          containers:
          - name: azure-vote-back
            image: redis
            ports:
            - containerPort: 6379
              name: redis
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: azure-vote-back
    spec:
      ports:
      - port: 6379
      selector:
        app: azure-vote-back
    ---
    apiVersion: apps/v1beta1
    kind: Deployment
    metadata:
      name: azure-vote-front
    spec:
      replicas: 1
      strategy:
        rollingUpdate:
          maxSurge: 1
          maxUnavailable: 1
      minReadySeconds: 5 
      template:
        metadata:
          labels:
            app: azure-vote-front
        spec:
          containers:
          - name: azure-vote-front
            image: phishbotstagingregistry.azurecr.io/azure-vote-front:v1
            ports:
            - containerPort: 80
            resources:
              requests:
                cpu: 250m
              limits:
                cpu: 500m
            env:
            - name: REDIS
              value: "azure-vote-back"
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: azure-vote-front
      annotations:
        service.beta.kubernetes.io/azure-load-balancer-internal: "true"
    spec:
      type: LoadBalancer
      ports:
      - port: 80
      selector:
        app: azure-vote-front

推荐答案

创建AK时,您提供了错误的凭据(或稍后剥离了权限)。因此,服务主体AKS无权创建该资源(错误清楚地说明了这一点)。

Code="AuthorizationFailed"Message="客户端 ‘91c18461-xxxxxxxx-1441d7bcea67’,对象ID ‘91c18461-XXXXXXXXX-1441d7bcea67’无权 执行操作‘Microsoft.Network/virtualNetworks/subnets/read’Over 作用域 ‘/subscriptions/996b68c3-ec32-46d4-8d0e-80c6da2c1a3b/resourceGroups/<;>/providers/Microsoft.Network/virtualNetworks/<;>/subnets/<;>

您可以使用az aks list --resource-group <your-resource-group>来查找您的服务主体,但错误有点暴露了这一点。

这篇关于Azure内部负载平衡器,Azure Kubernetes服务不工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆