Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[AKS add-on] Failed to get service account token attrs -- failed to fetch token (forbidden) #871

Closed
PPACI opened this issue Apr 27, 2022 · 3 comments
Closed

[AKS add-on] Failed to get service account token attrs -- failed to fetch token (forbidden) #871

PPACI opened this issue Apr 27, 2022 · 3 comments
Labels
aks bug Something isn't working known-issue

Comments

@PPACI
Copy link

PPACI commented Apr 27, 2022

Hello.

I allowed myself to skip the template since this is an issue that is created elsewhere.

What happened
It appears that the addon deployment on AKS is not deploying all the required components.
Indeed it lacks a ClusterRole/ClusterRoleBinding.

Right now, we are manually adding the required files to AKS.

Would it be possible to add it in the future?

reference: kubernetes-sigs/secrets-store-csi-driver#939
@PPACI PPACI added the bug Something isn't working label Apr 27, 2022
@nilekhc
Copy link
Contributor

nilekhc commented Apr 27, 2022

@PPACI As mentioned by Ji'an Liu This should be available in next release.

Ref: kubernetes-sigs/secrets-store-csi-driver#939 (comment)

@PPACI PPACI closed this as completed Apr 27, 2022
@aramase aramase reopened this May 2, 2022
@aramase aramase mentioned this issue May 2, 2022
Closed
@aramase aramase changed the title Failed to get service account token attrs -- failed to fetch token (forbidden) [AKS add-on] Failed to get service account token attrs -- failed to fetch token (forbidden) May 2, 2022
@aramase aramase pinned this issue May 2, 2022
@aramase aramase added the aks label May 2, 2022
@aramase
Copy link
Member

aramase commented May 2, 2022

cc @ZeroMagic

@aramase
Copy link
Member

aramase commented May 25, 2022

@ZeroMagic confirmed the fix has been rolled out to all regions.

I was able to validate in southcentralus by enabling the add-on in a new cluster and I see all the required cluster roles

➜ k get clusterrole | grep aks
aks-secretproviderclasses-admin-role 2022-05-25T00:08:19Z
aks-secretproviderclasses-role 2022-05-25T00:08:19Z
aks-secretproviderclasses-viewer-role 2022-05-25T00:08:19Z
aks-secretprovidersyncing-role 2022-05-25T00:08:19Z
aks-secretprovidertokenrequest-role 2022-05-25T00:08:19Z

Closing this issue now. Please feel free to reopen/open a new issue in AKS for issues related to the AKS add-on.

@aramase aramase closed this as completed May 25, 2022
@aramase aramase unpinned this issue May 25, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
aks bug Something isn't working known-issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nilekhc @PPACI @aramase