Getting error: "failed to run Kubelet: could not init cloud provider "azure": No credentials provided for AAD application" after updating to k8s v1.11

7/20/2018

I'm working with a k8s cluster running on Azure VMSS and just tested upgrading to k8s v1.11 on my cluster deployment. However, suddenly my Azure JSON configuration file which was working fine for v1.10.4 seems to go undetected by Kubelet. Kubelet fails to go up with error:

failed to run Kubelet: could not init cloud provider "azure": No credentials provided for AAD application

The azure.json is located under /etc/kubernetes/, as before and looks like so:

{
  "vmType": "vmss",
  "tenantId": "<tenant_id>",
  "aadTenantId": "<aad_tenant_id>",
  "aadClientId": "<aad_client_id>",
  "aadClientSecret": "<aad_client_secret>",
  "subscriptionId": "<subscription_id>",
  "resourceGroup": "kubitest1",
  "primaryScaleSetName":"kubitest1-node",
  "vnetName": "kubitest1",
  "vnetResourceGroup": "kubitest1",
  "subnetName": "kubitest1-master",
  "securityGroupName": "kubitest1",
  "location": "northeurope"
}

I noticed in the release notes for v1.11 they specify the following:

JSON configuration files that contain fields with incorrect case will no longer be valid. You must correct these files before upgrading. When specifying keys in JSON resource definitions during direct API server communication, the keys are case-sensitive. A bug introduced in Kubernetes 1.8 caused the API server to accept a request with incorrect case and coerce it to correct case, but this behaviour has been fixed in 1.11 and the API server will once again be enforcing the correct case. It’s worth noting that during this time, the kubectl tool continued to enforce case-sensitive keys, so users that strictly manage resources with kubectl will be unaffected by this change. (#65034, @caesarxuchao)

However, as far as I know the azure.json contains no fields with incorrect case.

Has anybody else run into this error after upgrading to k8s 1.11?

-- feiti
azure
azure-vm-scale-set
kubernetes

1 Answer

7/23/2018

It seems that aadTenantId option breaks parsing of the config file (azure.json).

I found no such option among the available options for config:

-- VAS
Source: StackOverflow