[caasp-beta] dex - failure to rotate keys
Jordi Massaguer Pla
jmassaguerpla at suse.de
Thu Aug 8 02:14:33 MDT 2019
Hi!
Would you mind opening a bug in
https://bugzilla.suse.com/enter_bug.cgi?product=Beta%20SUSE%20CaaS%20Platform%204
This will help us fix it.
Thanks in advance
jordi
On 08/07/2019 04:55 PM, Donaldson, Ian wrote:
>
> Seeing a lot of these failure to rotate keys, due to forbidden status.
>
> 2019-08-07T14:52:25.529575+00:00 caasp-test-worker-02
> k8s.pod/kube-system/oidc-dex-55fc689dc-vtvnh/oidc-dex
> 2019-08-07T10:52:25.529490058-04:00 stderr F
> time="2019-08-07T14:52:25Z" level=error msg="failed to rotate keys:
> PUT
> https://10.96.0.1:443/apis/dex.coreos.com/v1/namespaces/kube-system/signingkeies/openid-connect-keys
> Forbidden: response from server
> \"{\"kind\":\"Status\",\"apiVersion\":\"v1\",\"metadata\":{},\"status\":\"Failure\",\"message\":\"signingkeies.dex.coreos.com
> \\"openid-connect-keys\\" is forbidden: User
> \\"system:serviceaccount:kube-system:oidc-dex\\" cannot update
> resource \\"signingkeies\\" in API group \\"dex.coreos.com\\" in the
> namespace
> \\"kube-system\\"\",\"reason\":\"Forbidden\",\"details\":{\"name\":\"openid-connect-keys\",\"group\":\"dex.coreos.com\",\"kind\":\"signingkeies\"},\"code\":403}\
> <file://%22kube-system/%22/%22,/%22reason/%22:/%22Forbidden/%22,/%22details/%22:%7b/%22name/%22:/%22openid-connect-keys/%22,/%22group/%22:/%22dex.coreos.com/%22,/%22kind/%22:/%22signingkeies/%22%7d,/%22code/%22:403%7d/>""
>
> Thanks,
>
>
> Ian
>
> ------------------------------------------------------------------------
> Note: Please be aware that unencrypted electronic mail is not secure.
> For this reason, please do not send any sensitive personal information
> such
> as your address, driver license, policy number, Social Security
> Number, or claims information by unencrypted electronic mail. The
> information
> contained in this message may be privileged and confidential and
> protected from disclosure. If the reader of this message is not the
> intended recipient,
> or an employee or agent responsible for delivering this message to the
> intended recipient, you are hereby notified that any dissemination,
> distribution
> or copying of this communication is strictly prohibited. If you have
> received this communication in error, please notify us immediately by
> replying
> to the message and deleting it from your computer. Thank you.
>
>
> _______________________________________________
> caasp-beta mailing list
> caasp-beta at lists.suse.com
> Check the mailing list archives or Unsubscribe at http://lists.suse.com/mailman/listinfo/caasp-beta
--
Jordi Massaguer Pla
Release Manager for SUSE CaaS Platform
SUSE Linux
https://www.suse.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20190808/38f382cc/attachment.html>
More information about the caasp-beta
mailing list