[caasp-beta] dex - failure to rotate keys
Jordi Massaguer Pla
jmassaguerpla at suse.de
Thu Aug 8 02:18:04 MDT 2019
Hi,
I just read yours and JenTing emails about this. Looks like the bug if
fixed in Beta5. Nice :) !
Thanks for reaching out
On 08/08/2019 10:14 AM, Jordi Massaguer Pla wrote:
>
> Hi!
>
> Would you mind opening a bug in
> https://bugzilla.suse.com/enter_bug.cgi?product=Beta%20SUSE%20CaaS%20Platform%204
>
> This will help us fix it.
>
> Thanks in advance
>
> jordi
>
>
>
> On 08/07/2019 04:55 PM, Donaldson, Ian wrote:
>>
>> Seeing a lot of these failure to rotate keys, due to forbidden status.
>>
>> 2019-08-07T14:52:25.529575+00:00 caasp-test-worker-02
>> k8s.pod/kube-system/oidc-dex-55fc689dc-vtvnh/oidc-dex
>> 2019-08-07T10:52:25.529490058-04:00 stderr F
>> time="2019-08-07T14:52:25Z" level=error msg="failed to rotate keys:
>> PUT
>> https://10.96.0.1:443/apis/dex.coreos.com/v1/namespaces/kube-system/signingkeies/openid-connect-keys
>> Forbidden: response from server
>> \"{\"kind\":\"Status\",\"apiVersion\":\"v1\",\"metadata\":{},\"status\":\"Failure\",\"message\":\"signingkeies.dex.coreos.com
>> \\"openid-connect-keys\\" is forbidden: User
>> \\"system:serviceaccount:kube-system:oidc-dex\\" cannot update
>> resource \\"signingkeies\\" in API group \\"dex.coreos.com\\" in the
>> namespace
>> \\"kube-system\\"\",\"reason\":\"Forbidden\",\"details\":{\"name\":\"openid-connect-keys\",\"group\":\"dex.coreos.com\",\"kind\":\"signingkeies\"},\"code\":403}\
>> <file://%22kube-system/%22/%22,/%22reason/%22:/%22Forbidden/%22,/%22details/%22:%7b/%22name/%22:/%22openid-connect-keys/%22,/%22group/%22:/%22dex.coreos.com/%22,/%22kind/%22:/%22signingkeies/%22%7d,/%22code/%22:403%7d/>""
>>
>> Thanks,
>>
>>
>> Ian
>>
>> ------------------------------------------------------------------------
>> Note: Please be aware that unencrypted electronic mail is not secure.
>> For this reason, please do not send any sensitive personal
>> information such
>> as your address, driver license, policy number, Social Security
>> Number, or claims information by unencrypted electronic mail. The
>> information
>> contained in this message may be privileged and confidential and
>> protected from disclosure. If the reader of this message is not the
>> intended recipient,
>> or an employee or agent responsible for delivering this message to
>> the intended recipient, you are hereby notified that any
>> dissemination, distribution
>> or copying of this communication is strictly prohibited. If you have
>> received this communication in error, please notify us immediately by
>> replying
>> to the message and deleting it from your computer. Thank you.
>>
>>
>> _______________________________________________
>> caasp-beta mailing list
>> caasp-beta at lists.suse.com
>> Check the mailing list archives or Unsubscribe athttp://lists.suse.com/mailman/listinfo/caasp-beta
>
> --
> Jordi Massaguer Pla
> Release Manager for SUSE CaaS Platform
> SUSE Linux
> https://www.suse.com
>
>
> _______________________________________________
> caasp-beta mailing list
> caasp-beta at lists.suse.com
> Check the mailing list archives or Unsubscribe at http://lists.suse.com/mailman/listinfo/caasp-beta
--
Jordi Massaguer Pla
Release Manager for SUSE CaaS Platform
SUSE Linux
https://www.suse.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20190808/b48202a4/attachment.html>
More information about the caasp-beta
mailing list