我尝试使用
在AKS集群上创建LoadBalancer服务
apiVersion: v1
kind: Service
metadata:
labels:
app: myapp
name: frontend-service
spec:
ports:
- port: 2020
protocol: TCP
targetPort: 80
selector:
app: myapp
type: LoadBalancer
当使用kubectl describe svc frontend-service诊断问题时,我发现
Type Reason Age From Message
---- ------ ---- ---- -------
Normal EnsuringLoadBalancer 52s (x2 over 52s) service-controller Ensuring load balancer
Warning CreatingLoadBalancerFailed 52s (x2 over 52s) service-controller Error cr
eating load balancer (will retry): failed to ensure load balancer for service defaul
t/frontend-service: network.LoadBalancersClient#List: Failure responding to request:
StatusCode=401 -- Original Error: autorest/azure: Service returned an error. Status=
401 Code="InvalidAuthenticationTokenTenant" Message="The access token is from the wr
ong issuer 'https://sts.windows.net/<token 1>/'. It must match the tenant 'https://s
ts.windows.net/<token 2>/' associated with this subscription. Please use the authori
ty (URL) 'https://login.windows.net/<token 2>' to get the token. Note, if the subscr
iption is transferred to another tenant there is no impact to the services, but info
rmation about new tenant could take time to propagate (up to an hour). If you just t
ransferred your subscription and see this error message, please try back later."
我尝试删除该服务,现在,在运行kubectl describe svc <svc-name>的群集上的每个服务上,我在Events部分中收到以下消息:
清理负载均衡器时出错(将重试):获取服务默认值的LB错误/ ppm-frontend-service:network.LoadBalancersClient#List:未能响应请求:StatusCode = 401-原始错误:autorest / azure:服务返回错误。 Status = 401 Code =“ InvalidAuthenticationTokenTenant” Message =“访问令牌来自错误的颁发者'https://sts.windows.net/ /'。它必须与与此订阅关联的租户'https://sts.windows.net/ /'相匹配。请使用授权(URL)'https://login.windows.net/'以获取令牌注意,如果将订阅转移到另一个租户,则对服务没有影响,但是有关新租户的信息可能需要花费一些时间才能传播(最多一个小时)。如果您刚刚转移了订阅并看到此错误消息,请稍后再试。”
即使删除服务后,该问题仍然存在。
任何想法为什么会发生这种情况,以及如何阻止这种情况发生?