Skip to content
This repository has been archived by the owner on Oct 24, 2023. It is now read-only.

Upgrade fails when using AAD #717

Closed
yarinm opened this issue Mar 11, 2019 · 4 comments
Closed

Upgrade fails when using AAD #717

yarinm opened this issue Mar 11, 2019 · 4 comments
Assignees
@mboersma
Labels
bug Something isn't working

Comments

@yarinm
Copy link

yarinm commented Mar 11, 2019
edited
Loading

Is this a request for help?:
Yes

Is this an ISSUE or FEATURE REQUEST? (choose one):
Issue

What version of aks-engine?: 0.31.3

Kubernetes version: 1.11.6 upgrading to 1.12.6

What happened:
I've tried to upgrade my existing aks-engine cluster from kubernetes 1.11.6 to 1.12.6 and I got:
INFO[0468] Error validating upgraded master VM: k8s-master-59342023-0
FATA[0468] Error upgrading cluster: No Auth Provider found for name "azure"

The cluster is using AAD authentication

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know:
This also happened when I tried to upgrade from 1.10 to 1.11
Only solution was to teardown the entire cluster and redeploy it from scratch.

The JSON I'm using to generate the cluster:

{
  "apiVersion": "vlabs",
  "properties": {
    "aadProfile": {
      "serverAppID": "eaa4adb6-aa2e-4496-bfc0-27a0293a5a03",
      "clientAppID": "3fe5cebe-8b2e-4d03-97c7-1b11a14785b5",
      "tenantID": "72f988bf-86f1-41af-91ab-2d7cd011db47"
    },
    "orchestratorProfile": {
      "orchestratorType": "Kubernetes",
      "orchestratorVersion": "1.12.6"
    },
    "masterProfile": {
      "count": 1,
      "dnsPrefix": "rs2aksmaster",
      "vmSize": "Standard_D2_v2"
    },
    "agentPoolProfiles": [
      {
        "name": "rs2aksagent",
        "count": 4,
        "vmSize": "Standard_D8s_v3"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "XXX"
          }
        ]
      }
    },
    "servicePrincipalProfile": {
      "clientId": "fc41171e-2753-46f4-a27d-7987f6c1c0f6",
      "secret": "XXX"
    }
  }
}
@welcome
Copy link

welcome bot commented Mar 11, 2019

👋 Thanks for opening your first issue here! If you're reporting a 🐞 bug, please make sure you include steps to reproduce it.

@CecileRobertMichon CecileRobertMichon added the bug Something isn't working label May 8, 2019
@CecileRobertMichon CecileRobertMichon mentioned this issue May 8, 2019
Closed
@mboersma mboersma self-assigned this May 28, 2019
@mboersma
Copy link
Member

@yarinm this was finally fixed by PR #1273. If you try AKS Engine v0.36.x or later, you shouldn't see this issue any longer.

@yarinm
Copy link
Author

yarinm commented May 29, 2019
edited
Loading

Thanks @mboersma . Do you know you still have the limitation for fetching only 30 groups for AAD users?
At the moment I'm using guard instead of enabling this because of this limitation.

@mboersma
Copy link
Member

mboersma commented Jun 6, 2019

@yarinm I wasn't aware of that limitation—is that an azure-sdk-for-go problem? Could you open a new issue against v0.36.4 or later to help us reproduce it?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@mboersma mboersma

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mboersma @yarinm @CecileRobertMichon