<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Seeing a lot of these failure to rotate keys, due to forbidden status.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">2019-08-07T14:52:25.529575+00:00 caasp-test-worker-02 k8s.pod/kube-system/oidc-dex-55fc689dc-vtvnh/oidc-dex 2019-08-07T10:52:25.529490058-04:00 stderr F time="2019-08-07T14:52:25Z" level=error msg="failed to rotate keys: PUT https://10.96.0.1:443/apis/dex.coreos.com/v1/namespaces/kube-system/signingkeies/openid-connect-keys
Forbidden: response from server \"{\"kind\":\"Status\",\"apiVersion\":\"v1\",\"metadata\":{},\"status\":\"Failure\",\"message\":\"signingkeies.dex.coreos.com \\"openid-connect-keys\\" is forbidden: User \\"system:serviceaccount:kube-system:oidc-dex\\" cannot
update resource \\"signingkeies\\" in API group \\"dex.coreos.com\\" in the namespace
<a href="file://%22kube-system/%22/%22,/%22reason/%22:/%22Forbidden/%22,/%22details/%22:%7b/%22name/%22:/%22openid-connect-keys/%22,/%22group/%22:/%22dex.coreos.com/%22,/%22kind/%22:/%22signingkeies/%22%7d,/%22code/%22:403%7d/">
\\"kube-system\\"\",\"reason\":\"Forbidden\",\"details\":{\"name\":\"openid-connect-keys\",\"group\":\"dex.coreos.com\",\"kind\":\"signingkeies\"},\"code\":403}\</a>""<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks,<o:p></o:p></p>
<p class="MsoNormal"><br>
Ian<o:p></o:p></p>
</div>
<HR>Note: Please be aware that unencrypted electronic mail is not secure. For this reason, please do not send any sensitive personal information such <BR>
as your address, driver license, policy number, Social Security Number, or claims information by unencrypted electronic mail. The information <BR>
contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, <BR>
or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution <BR>
or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying <BR>
to the message and deleting it from your computer. Thank you.<BR>
</body>
</html>