Azure内部负载平衡器,Azure Kubernetes服务不工作 [英] Azure internal load balancer with Azure Kubernetes Service not working
本文介绍了Azure内部负载平衡器,Azure Kubernetes服务不工作的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我在收到的错误消息中看到非现有用户:
Warning CreatingLoadBalancerFailed 3m (x7 over 9m) service-controller Error creating load balancer (will retry): failed to ensure load balancer for service default/azure-vote-front: network.SubnetsClient#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client '91c18461-XXXXXXXX---1441d7bcea67' with object id '91c18461-XXXXXXXXX-1441d7bcea67' does not have authorization to perform action 'Microsoft.Network/virtualNetworks/subnets/read' over scope '/subscriptions/996b68c3-ec32-46d4-8d0e-80c6da2c1a3b/resourceGroups/<<resource group>>/providers/Microsoft.Network/virtualNetworks/<<VNET>>/subnets/<<subnet id>>
当我在我的Azure订阅中搜索此用户时,我没有找到它。 如有任何帮助,不胜感激
下面是我的清单文件
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: azure-vote-back
spec:
replicas: 1
template:
metadata:
labels:
app: azure-vote-back
spec:
containers:
- name: azure-vote-back
image: redis
ports:
- containerPort: 6379
name: redis
---
apiVersion: v1
kind: Service
metadata:
name: azure-vote-back
spec:
ports:
- port: 6379
selector:
app: azure-vote-back
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: azure-vote-front
spec:
replicas: 1
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
minReadySeconds: 5
template:
metadata:
labels:
app: azure-vote-front
spec:
containers:
- name: azure-vote-front
image: phishbotstagingregistry.azurecr.io/azure-vote-front:v1
ports:
- containerPort: 80
resources:
requests:
cpu: 250m
limits:
cpu: 500m
env:
- name: REDIS
value: "azure-vote-back"
---
apiVersion: v1
kind: Service
metadata:
name: azure-vote-front
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
spec:
type: LoadBalancer
ports:
- port: 80
selector:
app: azure-vote-front
推荐答案
创建AK时,您提供了错误的凭据(或稍后剥离了权限)。因此,服务主体AKS无权创建该资源(错误清楚地说明了这一点)。
Code="AuthorizationFailed"Message="客户端 ‘91c18461-xxxxxxxx-1441d7bcea67’,对象ID ‘91c18461-XXXXXXXXX-1441d7bcea67’无权 执行操作‘Microsoft.Network/virtualNetworks/subnets/read’Over 作用域 ‘/subscriptions/996b68c3-ec32-46d4-8d0e-80c6da2c1a3b/resourceGroups/<;>/providers/Microsoft.Network/virtualNetworks/<;>/subnets/<;>
您可以使用az aks list --resource-group <your-resource-group>
来查找您的服务主体,但错误有点暴露了这一点。
这篇关于Azure内部负载平衡器,Azure Kubernetes服务不工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文