K
Q

Kubernetes install fails on ACS

5/17/2017

I'm trying to deploy Kubernetes through ACS. The deployment works perfectly but as soon as I try connect to the cluster with kubectl proxy it fails. Every kubectl command fails.

I SSH'ed to the server and found out only one container started. Not a single other one in sight even with -a.

Anyone got a clue to why this happens?

-- Tourna
azure
containers
kubernetes

Similar Questions

Can't run Kubernetes successfully on rancher cluster
Default service account not working with kubernetes plugin on jenkins
How fix this error "watch chan error: etcdserver: mvcc: required revision has been compacted"?
Couldn't find destination zone: No zone found for MYWEBSITEURLHERE.com: AccessDenied:

1 Answer

5/18/2017

According to your description, it seems you have not configured the Service Principal correctly.
You may need to check to ensure the credentials were provided accurately, and that the configured Service Principal has read and write permissions to the target Subscription.
If your Service Principal is misconfigured, none of the kubernetes components will come up in a healthy manner. We can check to see if this the problem:

root@k8s-master-D9DE702A-0:~# journalctl -u kubelet | grep --text autorest

If you see output that looks like the following, it means you have not configured the service Principal correctly.

May 18 07:09:36 k8s-master-D9DE702A-0 docker[5534]: E0518 07:09:36.901937    5920 kubelet.go:1186] Cannot get Node info: failed to get external ID from cloud provider: autorest#WithErrorUnlessStatusCode: POST https://login.microsoftonline.com/1fcf418e-66ed-4c99-9449-d8e18bf8737a/oauth2/token?api-version=1.0 failed with 400 Bad Request: StatusCode=400
May 18 07:09:37 k8s-master-D9DE702A-0 docker[5534]: E0518 07:09:37.119646    5920 kubelet_node_status.go:70] Unable to construct api.Node object for kubelet: failed to get external ID from cloud provider: autorest#WithErrorUnlessStatusCode: POST https://login.microsoftonline.com/1fcf418e-66ed-4c99-9449-d8e18bf8737a/oauth2/token?api-version=1.0 failed with 400 Bad Request: StatusCode=400

More information about how to create /configure a service principal for ACS-Engin Kubernetes cluster, please refer to this Azure CLI 2.0 or PowerShell.

We can use CLI 2.0 to get the information about ACS, the clientId is the service principal.

C:\Users>az acs show -g k8s -n containerservice-k8s
{
  "agentPoolProfiles": [
    {
.
.
.
.

  },
  "provisioningState": "Succeeded",
  "resourceGroup": "k8s",
  "servicePrincipalProfile": {
    "clientId": "1498b171-xxxx-xxxx-xxxx-8ef56a178b89",
    "secret": null
  },
  "tags": null,
  "type": "Microsoft.ContainerService/ContainerServices",
  "windowsProfile": null
}

We can use PowerShell to get the service principal:

PS C:\Users> Get-AzureRmADServicePrincipal | ?{ $_.ApplicationId -eq "1498b171-xxxx-xxxx-xxxx-8ef56a178b89" } | fl *


ServicePrincipalNames : {http://azure-cli-2017-04-13-08-16-07, 1498b171-xxxx-xxxx-xxxx-8ef56a178b89}
ApplicationId         : 1498b171-xxxx-xxxx-xxxx-8ef56a178b89
DisplayName           : azure-cli-2017-04-13-08-16-07
Id                    : d86886b9-xxxx-xxxx-xxxx-25ab57803a33
Type                  : ServicePrincipal
-- Jason Ye
Source: StackOverflow