[caasp-beta] dex - failure to rotate keys
Donaldson, Ian
Ian.Donaldson at NGIC.COM
Wed Aug 7 08:55:00 MDT 2019
Seeing a lot of these failure to rotate keys, due to forbidden status.
2019-08-07T14:52:25.529575+00:00 caasp-test-worker-02 k8s.pod/kube-system/oidc-dex-55fc689dc-vtvnh/oidc-dex 2019-08-07T10:52:25.529490058-04:00 stderr F time="2019-08-07T14:52:25Z" level=error msg="failed to rotate keys: PUT https://10.96.0.1:443/apis/dex.coreos.com/v1/namespaces/kube-system/signingkeies/openid-connect-keys Forbidden: response from server \"{\"kind\":\"Status\",\"apiVersion\":\"v1\",\"metadata\":{},\"status\":\"Failure\",\"message\":\"signingkeies.dex.coreos.com \\"openid-connect-keys\\" is forbidden: User \\"system:serviceaccount:kube-system:oidc-dex\\" cannot update resource \\"signingkeies\\" in API group \\"dex.coreos.com\\" in the namespace \\"kube-system\\"\",\"reason\":\"Forbidden\",\"details\":{\"name\":\"openid-connect-keys\",\"group\":\"dex.coreos.com\",\"kind\":\"signingkeies\"},\"code\":403}\<file://%22kube-system/%22/%22,/%22reason/%22:/%22Forbidden/%22,/%22details/%22:%7b/%22name/%22:/%22openid-connect-keys/%22,/%22group/%22:/%22dex.coreos.com/%22,/%22kind/%22:/%22signingkeies/%22%7d,/%22code/%22:403%7d/>""
Thanks,
Ian
----------------------------------------------------------------------
Note: Please be aware that unencrypted electronic mail is not secure. For this reason, please do not send any sensitive personal information such
as your address, driver license, policy number, Social Security Number, or claims information by unencrypted electronic mail. The information
contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient,
or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution
or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying
to the message and deleting it from your computer. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20190807/a992aaf6/attachment.html>
More information about the caasp-beta
mailing list