| "00215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID. RESPONSE 403 Forbidden" |
0 |
| E0711 08:18:32.328602 1 azurecluster_controller.go:232] controllers.AzureClusterReconciler.reconcileNormal "msg"="transient failure to reconcile AzureCluster, retrying: failed to get existing resource azure1/azure1 (service: group): resources.GroupsClient#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/azure1' or the scope is invalid. If access was recently granted, please refresh your credentials.". Object will be requeued after 15s" "AzureCluster"={"name":"azure1","namespace":"cluster-azure1"} "controller"="azurecluster" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureCluster" "name"="azure1" "namespace"="cluster-azure1" "reconcileID"="972b5438-5e1e-46ae-8922-002cdd2be3a5" "x-ms-correlation-request-id"="02c1dda7-9c5d-4a9b-8fbe-bd6833895f3f" |
1 |
| E0711 08:19:09.240384 1 recorder.go:103] events "msg"="failed to reconcile cluster services: failed to reconcile AzureCluster service group: failed to create resource azure1/azure1 (service: group): resources.GroupsClient#CreateOrUpdate: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/azure1' or the scope is invalid. If access was recently granted, please refresh your credentials."" "object"={"kind":"AzureCluster","namespace":"cluster-azure1","name":"azure1","uid":"c10031d5-ef99-4c57-a8d2-58ddf8813177","apiVersion":"infrastructure.cluster.x-k8s.io/v1beta1","resourceVersion":"2368"} "reason"="ClusterReconcilerNormalFailed" "type"="Warning" |
2 |
| E0711 08:20:57.599636 1 azurecluster_controller.go:232] controllers.AzureClusterReconciler.reconcileNormal "msg"="transient failure to reconcile AzureCluster, retrying: failed to get existing resource azure1/azure1-vnet (service: virtualnetworks): network.VirtualNetworksClient#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' does not have authorization to perform action 'Microsoft.Network/virtualNetworks/read' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/virtualNetworks/azure1-vnet' or the scope is invalid. If access was recently granted, please refresh your credentials.". Object will be requeued after 15s" "AzureCluster"={"name":"azure1","namespace":"cluster-azure1"} "controller"="azurecluster" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureCluster" "name"="azure1" "namespace"="cluster-azure1" "reconcileID"="eb7bc4de-1e06-4070-8289-14697cd7bb40" "x-ms-correlation-request-id"="5c35a11a-2f80-4ed1-8323-e00b5055a5c0" |
3 |
| E0711 08:23:03.782866 1 controller.go:329] "msg"="Reconciler error" "error"="failed to reconcile cluster services: failed to reconcile AzureCluster service virtualnetworks: failed to create resource azure1/azure1-vnet (service: virtualnetworks): network.VirtualNetworksClient#CreateOrUpdate: Failure sending request: StatusCode=403 -- Original Error: Code="AuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' does not have authorization to perform action 'Microsoft.Network/virtualNetworks/write' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/virtualNetworks/azure1-vnet' or the scope is invalid. If access was recently granted, please refresh your credentials."" "AzureCluster"={"name":"azure1","namespace":"cluster-azure1"} "controller"="azurecluster" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureCluster" "name"="azure1" "namespace"="cluster-azure1" "reconcileID"="2a3d86f4-ba3a-4b5e-95b9-8e7daf502718" |
4 |
| E0711 08:24:24.795179 1 controller.go:329] "msg"="Reconciler error" "error"="failed to reconcile cluster services: failed to reconcile AzureCluster service virtualnetworks: failed to create resource azure1/azure1-vnet (service: virtualnetworks): network.VirtualNetworksClient#CreateOrUpdate: Failure sending request: StatusCode=403 -- Original Error: Code="AuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' does not have authorization to perform action 'Microsoft.Network/virtualNetworks/write' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/virtualNetworks/azure1-vnet' or the scope is invalid. If access was recently granted, please refresh your credentials."" "AzureCluster"={"name":"azure1","namespace":"cluster-azure1"} "controller"="azurecluster" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureCluster" "name"="azure1" "namespace"="cluster-azure1" "reconcileID"="e2140c89-d8e5-49c0-8d66-a76f9b4aaab2" |
5 |
| I0711 08:29:16.997063 1 azurecluster_controller.go:232] controllers.AzureClusterReconciler.reconcileNormal "msg"="transient failure to reconcile AzureCluster, retrying: failed to get existing resource azure1/azure1-node-nsg (service: securitygroups): network.SecurityGroupsClient#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' does not have authorization to perform action 'Microsoft.Network/networkSecurityGroups/read' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/networkSecurityGroups/azure1-node-nsg' or the scope is invalid. If access was recently granted, please refresh your credentials.". Object will be requeued after 15s" "AzureCluster"={"name":"azure1","namespace":"cluster-azure1"} "controller"="azurecluster" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureCluster" "name"="azure1" "namespace"="cluster-azure1" "reconcileID"="cd2543da-c169-4828-9c65-2b8be7e7b310" "x-ms-correlation-request-id"="98c8b5e9-d208-4b18-8ec1-7e216a89f168" |
6 |
| E0711 08:30:43.706844 1 controller.go:329] "msg"="Reconciler error" "error"="failed to reconcile cluster services: failed to reconcile AzureCluster service securitygroups: failed to create resource azure1/azure1-node-nsg (service: securitygroups): network.SecurityGroupsClient#CreateOrUpdate: Failure sending request: StatusCode=403 -- Original Error: Code="AuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' does not have authorization to perform action 'Microsoft.Network/networkSecurityGroups/write' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/networkSecurityGroups/azure1-node-nsg' or the scope is invalid. If access was recently granted, please refresh your credentials."" "AzureCluster"={"name":"azure1","namespace":"cluster-azure1"} "controller"="azurecluster" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureCluster" "name"="azure1" "namespace"="cluster-azure1" "reconcileID"="f4ebf00e-3a14-412c-ac78-f8c4fc7947de" |
7 |
| I0711 08:31:25.626185 1 azurecluster_controller.go:232] controllers.AzureClusterReconciler.reconcileNormal "msg"="transient failure to reconcile AzureCluster, retrying: failed to get existing resource azure1/azure1-node-routetable (service: routetables): network.RouteTablesClient#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' does not have authorization to perform action 'Microsoft.Network/routeTables/read' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/routeTables/azure1-node-routetable' or the scope is invalid. If access was recently granted, please refresh your credentials.". Object will be requeued after 15s" "AzureCluster"={"name":"azure1","namespace":"cluster-azure1"} "controller"="azurecluster" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureCluster" "name"="azure1" "namespace"="cluster-azure1" "reconcileID"="ceddd5b9-93c4-429f-96ef-62eca4925b91" "x-ms-correlation-request-id"="00e628aa-a68d-466e-8aee-a3b4bbc93252" |
8 |
| E0711 08:32:17.632368 1 recorder.go:103] events "msg"="failed to reconcile cluster services: failed to reconcile AzureCluster service routetables: failed to create resource azure1/azure1-node-routetable (service: routetables): network.RouteTablesClient#CreateOrUpdate: Failure sending request: StatusCode=403 -- Original Error: Code="AuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' does not have authorization to perform action 'Microsoft.Network/routeTables/write' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/routeTables/azure1-node-routetable' or the scope is invalid. If access was recently granted, please refresh your credentials."" "object"={"kind":"AzureCluster","namespace":"cluster-azure1","name":"azure1","uid":"c10031d5-ef99-4c57-a8d2-58ddf8813177","apiVersion":"infrastructure.cluster.x-k8s.io/v1beta1","resourceVersion":"4873"} "reason"="ClusterReconcilerNormalFailed" "type"="Warning" |
9 |
| I0711 08:33:21.619105 1 azurecluster_controller.go:232] controllers.AzureClusterReconciler.reconcileNormal "msg"="transient failure to reconcile AzureCluster, retrying: failed to get existing resource azure1/pip-azure1-node-natgw-1 (service: publicips): network.PublicIPAddressesClient#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' does not have authorization to perform action 'Microsoft.Network/publicIPAddresses/read' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/publicIPAddresses/pip-azure1-node-natgw-1' or the scope is invalid. If access was recently granted, please refresh your credentials.". Object will be requeued after 15s" "AzureCluster"={"name":"azure1","namespace":"cluster-azure1"} "controller"="azurecluster" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureCluster" "name"="azure1" "namespace"="cluster-azure1" "reconcileID"="ab257149-c22b-4c91-93db-64ce20dcc02b" "x-ms-correlation-request-id"="10f59eb7-4457-40b8-bd1f-b07e44a9cd0c" |
10 |
| E0711 08:34:06.909115 1 controller.go:329] "msg"="Reconciler error" "error"="failed to reconcile cluster services: failed to reconcile AzureCluster service publicips: failed to create resource azure1/pip-azure1-node-natgw-1 (service: publicips): network.PublicIPAddressesClient#CreateOrUpdate: Failure sending request: StatusCode=403 -- Original Error: Code="AuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' does not have authorization to perform action 'Microsoft.Network/publicIPAddresses/write' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/publicIPAddresses/pip-azure1-node-natgw-1' or the scope is invalid. If access was recently granted, please refresh your credentials."" "AzureCluster"={"name":"azure1","namespace":"cluster-azure1"} "controller"="azurecluster" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureCluster" "name"="azure1" "namespace"="cluster-azure1" "reconcileID"="d6350dc4-2132-4383-9e7f-c7f52c067286" |
11 |
| I0711 08:34:49.306964 1 azurecluster_controller.go:232] controllers.AzureClusterReconciler.reconcileNormal "msg"="transient failure to reconcile AzureCluster, retrying: failed to get existing resource azure1/azure1-node-natgw-1 (service: natgateways): network.NatGatewaysClient#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' does not have authorization to perform action 'Microsoft.Network/natGateways/read' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/natGateways/azure1-node-natgw-1' or the scope is invalid. If access was recently granted, please refresh your credentials.". Object will be requeued after 15s" "AzureCluster"={"name":"azure1","namespace":"cluster-azure1"} "controller"="azurecluster" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureCluster" "name"="azure1" "namespace"="cluster-azure1" "reconcileID"="49564efb-6475-4095-885c-e3ba4275c436" "x-ms-correlation-request-id"="4ed94e0d-cce5-49dd-8272-28bfd2e7b31b" |
12 |
| I0711 08:35:51.203908 1 recorder.go:103] events "msg"="failed to reconcile cluster services: failed to reconcile AzureCluster service natgateways: failed to create resource azure1/azure1-node-natgw-1 (service: natgateways): network.NatGatewaysClient#CreateOrUpdate: Failure sending request: StatusCode=403 -- Original Error: Code="AuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' does not have authorization to perform action 'Microsoft.Network/natGateways/write' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/natGateways/azure1-node-natgw-1' or the scope is invalid. If access was recently granted, please refresh your credentials."" "object"={"kind":"AzureCluster","namespace":"cluster-azure1","name":"azure1","uid":"c10031d5-ef99-4c57-a8d2-58ddf8813177","apiVersion":"infrastructure.cluster.x-k8s.io/v1beta1","resourceVersion":"5571"} "reason"="ClusterReconcilerNormalFailed" "type"="Warning" |
13 |
| I0711 08:36:23.634660 1 azurecluster_controller.go:232] controllers.AzureClusterReconciler.reconcileNormal "msg"="transient failure to reconcile AzureCluster, retrying: failed to get existing resource azure1/node-subnet (service: subnets): network.SubnetsClient#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' does not have authorization to perform action 'Microsoft.Network/virtualNetworks/subnets/read' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/virtualNetworks/azure1-vnet/subnets/node-subnet' or the scope is invalid. If access was recently granted, please refresh your credentials.". Object will be requeued after 15s" "AzureCluster"={"name":"azure1","namespace":"cluster-azure1"} "controller"="azurecluster" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureCluster" "name"="azure1" "namespace"="cluster-azure1" "reconcileID"="acf96dea-d2b5-4861-84ba-a21de0c304f1" "x-ms-correlation-request-id"="b2535a6a-079b-4c36-a772-f50227017f5b" |
14 |
| E0711 08:37:21.065615 1 controller.go:329] "msg"="Reconciler error" "error"="failed to reconcile cluster services: failed to reconcile AzureCluster service subnets: failed to create resource azure1/node-subnet (service: subnets): network.SubnetsClient#CreateOrUpdate: Failure sending request: StatusCode=403 -- Original Error: Code="AuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' does not have authorization to perform action 'Microsoft.Network/virtualNetworks/subnets/write' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/virtualNetworks/azure1-vnet/subnets/node-subnet' or the scope is invalid. If access was recently granted, please refresh your credentials."" "AzureCluster"={"name":"azure1","namespace":"cluster-azure1"} "controller"="azurecluster" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureCluster" "name"="azure1" "namespace"="cluster-azure1" "reconcileID"="04edee48-c2b4-41d6-ab38-be0a3977f332" |
15 |
| E0711 08:38:06.683145 1 controller.go:329] "msg"="Reconciler error" "error"="failed to reconcile cluster services: failed to reconcile AzureCluster service subnets: failed to create resource azure1/node-subnet (service: subnets): network.SubnetsClient#CreateOrUpdate: Failure sending request: StatusCode=403 -- Original Error: Code="LinkedAuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' has permission to perform action 'Microsoft.Network/virtualNetworks/subnets/write' on scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/virtualNetworks/azure1-vnet/subnets/node-subnet'; however, it does not have permission to perform action 'Microsoft.Network/natGateways/join/action' on the linked scope(s) '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/natGateways/azure1-node-natgw-1' or the linked scope(s) are invalid."" "AzureCluster"={"name":"azure1","namespace":"cluster-azure1"} "controller"="azurecluster" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureCluster" "name"="azure1" "namespace"="cluster-azure1" "reconcileID"="78f7a43b-3404-4aaa-9814-349bd91d3945" |
16 |
| E0711 08:47:32.981350 1 controller.go:329] "msg"="Reconciler error" "error"="failed to reconcile cluster services: failed to reconcile AzureCluster service subnets: failed to create resource azure1/node-subnet (service: subnets): network.SubnetsClient#CreateOrUpdate: Failure sending request: StatusCode=403 -- Original Error: Code="LinkedAuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' has permission to perform action 'Microsoft.Network/virtualNetworks/subnets/write' on scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/virtualNetworks/azure1-vnet/subnets/node-subnet'; however, it does not have permission to perform action 'Microsoft.Network/networkSecurityGroups/join/action' on the linked scope(s) '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/networkSecurityGroups/azure1-node-nsg' or the linked scope(s) are invalid."" "AzureCluster"={"name":"azure1","namespace":"cluster-azure1"} "controller"="azurecluster" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureCluster" "name"="azure1" "namespace"="cluster-azure1" "reconcileID"="40641d65-00d4-4447-901b-b8f5fd658b8c" |
17 |
| E0711 08:53:57.846879 1 recorder.go:103] events "msg"="failed to reconcile cluster services: failed to reconcile AzureCluster service subnets: failed to create resource azure1/node-subnet (service: subnets): network.SubnetsClient#CreateOrUpdate: Failure sending request: StatusCode=403 -- Original Error: Code="LinkedAuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' has permission to perform action 'Microsoft.Network/virtualNetworks/subnets/write' on scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/virtualNetworks/azure1-vnet/subnets/node-subnet'; however, it does not have permission to perform action 'Microsoft.Network/routeTables/join/action' on the linked scope(s) '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/routeTables/azure1-node-routetable' or the linked scope(s) are invalid."" "object"={"kind":"AzureCluster","namespace":"cluster-azure1","name":"azure1","uid":"c10031d5-ef99-4c57-a8d2-58ddf8813177","apiVersion":"infrastructure.cluster.x-k8s.io/v1beta1","resourceVersion":"9096"} "reason"="ClusterReconcilerNormalFailed" "type"="Warning" |
18 |
| I0711 08:55:30.274777 1 azurecluster_controller.go:232] controllers.AzureClusterReconciler.reconcileNormal "msg"="transient failure to reconcile AzureCluster, retrying: failed to get existing resource azure1/azure1-public-lb (service: loadbalancers): network.LoadBalancersClient#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' does not have authorization to perform action 'Microsoft.Network/loadBalancers/read' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/loadBalancers/azure1-public-lb' or the scope is invalid. If access was recently granted, please refresh your credentials.". Object will be requeued after 15s" "AzureCluster"={"name":"azure1","namespace":"cluster-azure1"} "controller"="azurecluster" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureCluster" "name"="azure1" "namespace"="cluster-azure1" "reconcileID"="e7950968-f7b3-4bf8-9ba8-36da432446fb" "x-ms-correlation-request-id"="a063a514-50e2-415a-9e97-1b27126ad8ef" |
19 |
| E0711 08:56:25.047824 1 controller.go:329] "msg"="Reconciler error" "error"="failed to reconcile cluster services: failed to reconcile AzureCluster service loadbalancers: failed to create resource azure1/azure1-public-lb (service: loadbalancers): network.LoadBalancersClient#CreateOrUpdate: Failure sending request: StatusCode=403 -- Original Error: Code="AuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' does not have authorization to perform action 'Microsoft.Network/loadBalancers/write' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/loadBalancers/azure1-public-lb' or the scope is invalid. If access was recently granted, please refresh your credentials."" "AzureCluster"={"name":"azure1","namespace":"cluster-azure1"} "controller"="azurecluster" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureCluster" "name"="azure1" "namespace"="cluster-azure1" "reconcileID"="fd8004e4-4fa3-4406-9b90-e5f0bfcc99ad" |
20 |
| E0711 08:56:43.052886 1 controller.go:329] "msg"="Reconciler error" "error"="failed to reconcile cluster services: failed to reconcile AzureCluster service loadbalancers: failed to create resource azure1/azure1-public-lb (service: loadbalancers): network.LoadBalancersClient#CreateOrUpdate: Failure sending request: StatusCode=403 -- Original Error: Code="LinkedAuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' has permission to perform action 'Microsoft.Network/loadBalancers/write' on scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/loadBalancers/azure1-public-lb'; however, it does not have permission to perform action 'Microsoft.Network/publicIPAddresses/join/action' on the linked scope(s) '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/publicIPAddresses/pip-azure1-apiserver' or the linked scope(s) are invalid."" "AzureCluster"={"name":"azure1","namespace":"cluster-azure1"} "controller"="azurecluster" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureCluster" "name"="azure1" "namespace"="cluster-azure1" "reconcileID"="84d79b2c-5d1e-4047-bcc5-15e581dabdd9" |
21 |
| 1u/azure1-control-plane-8xhk2 (service: inboundnatrules): network.InboundNatRulesClient#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' does not have authorization to perform action 'Microsoft.Network/loadBalancers/inboundNatRules/read' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/loadBalancers/azure1-public-lb/inboundNatRules/azure1-control-plane-8xhk2' or the scope is invalid. If access was recently granted, please refresh your credentials.". Object will be requeued after 15s" "AzureMachine"={"name":"azure1-control-plane-8xhk2","namespace":"cluster-azure1"} "controller"="azuremachine" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureMachine" "name"="azure1-control-plane-8xhk2" "namespace"="cluster-azure1" "reconcileID"="efe8c4af-9910-4445-ac24-20ec58933421" "x-ms-correlation-request-id"="b246afbd-a662-4a62-bf53-3954c1d9e8ca" |
22 |
| E0711 08:59:29.242563 1 controller.go:329] "msg"="Reconciler error" "error"="failed to reconcile AzureMachine: failed to reconcile AzureMachine service inboundnatrules: failed to create resource azure1/azure1-control-plane-8xhk2 (service: inboundnatrules): network.InboundNatRulesClient#CreateOrUpdate: Failure sending request: StatusCode=403 -- Original Error: Code="AuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' does not have authorization to perform action 'Microsoft.Network/loadBalancers/inboundNatRules/write' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/loadBalancers/azure1-public-lb/inboundNatRules/azure1-control-plane-8xhk2' or the scope is invalid. If access was recently granted, please refresh your credentials."" "AzureMachine"={"name":"azure1-control-plane-8xhk2","namespace":"cluster-azure1"} "controller"="azuremachine" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureMachine" "name"="azure1-control-plane-8xhk2" "namespace"="cluster-azure1" "reconcileID"="e339566a-ec01-436e-a45b-c0790bfbd67d" |
23 |
| I0711 08:59:40.378745 1 azuremachine_controller.go:329] controllers.AzureMachineReconciler.reconcileNormal "msg"="transient failure to reconcile AzureMachine, retrying: failed to get existing resource azure1/azure1-control-plane-8xhk2-nic (service: interfaces): network.InterfacesClient#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' does not have authorization to perform action 'Microsoft.Network/networkInterfaces/read' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/networkInterfaces/azure1-control-plane-8xhk2-nic' or the scope is invalid. If access was recently granted, please refresh your credentials.". Object will be requeued after 15s" "AzureMachine"={"name":"azure1-control-plane-8xhk2","namespace":"cluster-azure1"} "controller"="azuremachine" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureMachine" "name"="azure1-control-plane-8xhk2" "namespace"="cluster-azure1" "reconcileID"="59d4eb8b-a645-4b4e-8039-5833c6b124ce" "x-ms-correlation-request-id"="983017c1-3ef5-4f35-bc18-06c03790e096" |
24 |
| E0711 09:00:26.705108 1 controller.go:329] "msg"="Reconciler error" "error"="failed to reconcile AzureMachine: failed to reconcile AzureMachine service interfaces: failed to create resource azure1/azure1-control-plane-8xhk2-nic (service: interfaces): network.InterfacesClient#CreateOrUpdate: Failure sending request: StatusCode=403 -- Original Error: Code="AuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' does not have authorization to perform action 'Microsoft.Network/networkInterfaces/write' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/networkInterfaces/azure1-control-plane-8xhk2-nic' or the scope is invalid. If access was recently granted, please refresh your credentials. |
|
| "" "AzureMachine"={"name":"azure1-control-plane-8xhk2","namespace":"cluster-azure1"} "controller"="azuremachine" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureMachine" "name"="azure1-control-plane-8xhk2" "namespace"="cluster-azure1" "reconcileID"="4ac37845-2465-4c60-b2d8-37cd61c0c661" |
25 |
| E0711 09:00:36.894651 1 controller.go:329] "msg"="Reconciler error" "error"="failed to reconcile AzureMachine: failed to reconcile AzureMachine service interfaces: failed to create resource azure1/azure1-control-plane-8xhk2-nic (service: interfaces): network.InterfacesClient#CreateOrUpdate: Failure sending request: StatusCode=403 -- Original Error: Code="LinkedAuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' has permission to perform action 'Microsoft.Network/networkInterfaces/write' on scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/networkInterfaces/azure1-control-plane-8xhk2-nic'; however, it does not have permission to perform action 'Microsoft.Network/virtualNetworks/subnets/join/action' on the linked scope(s) '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/virtualNetworks/azure1-vnet/subnets/control-plane-subnet' or the linked scope(s) are invalid."" "AzureMachine"={"name":"azure1-control-plane-8xhk2","namespace":"cluster-azure1"} "controller"="azuremachine" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureMachine" "name"="azure1-control-plane-8xhk2" "namespace"="cluster-azure1" "reconcileID"="381b0611-c44a-46dd-af53-1eb4f73f39b4" |
26 |
| E0711 09:02:42.256967 1 controller.go:329] "msg"="Reconciler error" "error"="failed to reconcile AzureMachine: failed to reconcile AzureMachine service interfaces: failed to create resource azure1/azure1-control-plane-8xhk2-nic (service: interfaces): network.InterfacesClient#CreateOrUpdate: Failure sending request: StatusCode=403 -- Original Error: Code="LinkedAuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' has permission to perform action 'Microsoft.Network/networkInterfaces/write' on scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/networkInterfaces/azure1-control-plane-8xhk2-nic'; however, it does not have permission to perform action 'Microsoft.Network/loadBalancers/backendAddressPools/join/action' on the linked scope(s) '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/loadBalancers/azure1-public-lb/backendAddressPools/azure1-public-lb-backendPool' or the linked scope(s) are invalid."" "AzureMachine"={"name":"azure1-control-plane-8xhk2","namespace":"cluster-azure1"} "controller"="azuremachine" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureMachine" "name"="azure1-control-plane-8xhk2" "namespace"="cluster-azure1" "reconcileID"="a3235b24-8028-401d-89b9-98ab5fd50827" |
27 |
| E0711 09:05:27.645310 1 controller.go:329] "msg"="Reconciler error" "error"="failed to reconcile AzureMachine: failed to reconcile AzureMachine service interfaces: failed to create resource azure1/azure1-control-plane-8xhk2-nic (service: interfaces): network.InterfacesClient#CreateOrUpdate: Failure sending request: StatusCode=403 -- Original Error: Code="LinkedAuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' has permission to perform action 'Microsoft.Network/networkInterfaces/write' on scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/networkInterfaces/azure1-control-plane-8xhk2-nic'; however, it does not have permission to perform action 'Microsoft.Network/loadBalancers/inboundNatRules/join/action' on the linked scope(s) '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/loadBalancers/azure1-public-lb/inboundNatRules/azure1-control-plane-8xhk2' or the linked scope(s) are invalid."" "AzureMachine"={"name":"azure1-control-plane-8xhk2","namespace":"cluster-azure1"} "controller"="azuremachine" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureMachine" "name"="azure1-control-plane-8xhk2" "namespace"="cluster-azure1" "reconcileID"="302de8db-665e-4320-9d1e-d8f30d0ecf80" |
28 |
| I0711 09:10:04.168679 1 azuremachine_controller.go:329] controllers.AzureMachineReconciler.reconcileNormal "msg"="transient failure to reconcile AzureMachine, retrying: failed to get existing resource azure1/azure1-control-plane-8xhk2 (service: virtualmachine): compute.VirtualMachinesClient#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' does not have authorization to perform action 'Microsoft.Compute/virtualMachines/read' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Compute/virtualMachines/azure1-control-plane-8xhk2' or the scope is invalid. If access was recently granted, please refresh your credentials.". Object will be requeued after 15s" "AzureMachine"={"name":"azure1-control-plane-8xhk2","namespace":"cluster-azure1"} "controller"="azuremachine" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureMachine" "name"="azure1-control-plane-8xhk2" "namespace"="cluster-azure1" "reconcileID"="d5da5b45-48d7-4dab-846b-879bea7320f7" "x-ms-correlation-request-id"="8603192e-96e5-48ad-83a9-180177acdfd9" |
29 |
| E0711 09:12:02.931754 1 controller.go:329] "msg"="Reconciler error" "error"="failed to reconcile AzureMachine: failed to reconcile AzureMachine service virtualmachine: failed to create resource azure1/azure1-control-plane-8xhk2 (service: virtualmachine): compute.VirtualMachinesClient#CreateOrUpdate: Failure sending request: StatusCode=403 -- Original Error: Code="LinkedAuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' has permission to perform action 'Microsoft.Compute/virtualMachines/write' on scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Compute/virtualMachines/azure1-control-plane-8xhk2'; however, it does not have permission to perform action 'Microsoft.Network/networkInterfaces/join/action' on the linked scope(s) '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/networkInterfaces/azure1-control-plane-8xhk2-nic' or the linked scope(s) are invalid."" "AzureMachine"={"name":"azure1-control-plane-8xhk2","namespace":"cluster-azure1"} "controller"="azuremachine" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureMachine" "name"="azure1-control-plane-8xhk2" "namespace"="cluster-azure1" "reconcileID"="c0470da5-2511-40bd-bb11-bb40f69b4e5f" |
30 |
| E0711 09:12:22.354354 1 controller.go:329] "msg"="Reconciler error" "error"="failed to reconcile AzureMachine: failed to reconcile AzureMachine service virtualmachine: failed to create resource azure1/azure1-control-plane-8xhk2 (service: virtualmachine): compute.VirtualMachinesClient#CreateOrUpdate: Failure sending request: StatusCode=403 -- Original Error: Code="LinkedAuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' has permission to perform action 'Microsoft.Compute/virtualMachines/write' on scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Compute/virtualMachines/azure1-control-plane-8xhk2'; however, it does not have permission to perform action 'Microsoft.Network/networkInterfaces/join/action' on the linked scope(s) '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/networkInterfaces/azure1-control-plane-8xhk2-nic' or the linked scope(s) are invalid."" "AzureMachine"={"name":"azure1-control-plane-8xhk2","namespace":"cluster-azure1"} "controller"="azuremachine" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureMachine" "name"="azure1-control-plane-8xhk2" "namespace"="cluster-azure1" "reconcileID"="7997c434-1651-4138-b275-f0f59d52d95a" |
31 |
| I0711 09:15:08.684054 1 recorder.go:103] events "msg"="failed to reconcile AzureMachine: failed to reconcile AzureMachine service virtualmachine: failed to create resource azure1/azure1-control-plane-8xhk2 (service: virtualmachine): compute.VirtualMachinesClient#CreateOrUpdate: Failure sending request: StatusCode=403 -- Original Error: Code="LinkedAuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' has permission to perform action 'Microsoft.Compute/virtualMachines/write' on scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Compute/virtualMachines/azure1-control-plane-8xhk2'; however, it does not have permission to perform action 'read' on the linked scope(s) '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/capz/providers/Microsoft.Compute/images/capi-ubuntu-2204-1687262553' or the linked scope(s) are invalid."" "object"={"kind":"AzureMachine","namespace":"cluster-azure1","name":"azure1-control-plane-8xhk2","uid":"437424ee-c9ab-4059-a658-8419b2fe751a","apiVersion":"infrastructure.cluster.x-k8s.io/v1beta1","resourceVersion":"13405"} "reason"="ReconcileError" "type"="Warning" |
32 |
| I0711 09:27:44.257701 1 azuremachine_controller.go:329] controllers.AzureMachineReconciler.reconcileNormal "msg"="transient failure to reconcile AzureMachine, retrying: failed to get existing resource azure1/CAPZ.Linux.Bootstrapping (service: vmextensions): compute.VirtualMachineExtensionsClient#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' does not have authorization to perform action 'Microsoft.Compute/virtualMachines/extensions/read' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Compute/virtualMachines/azure1-control-plane-8xhk2/extensions/CAPZ.Linux.Bootstrapping' or the scope is invalid. If access was recently granted, please refresh your credentials.". Object will be requeued after 15s" "AzureMachine"={"name":"azure1-control-plane-8xhk2","namespace":"cluster-azure1"} "controller"="azuremachine" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureMachine" "name"="azure1-control-plane-8xhk2" "namespace"="cluster-azure1" "reconcileID"="953a9d7c-bf7a-48f7-9e38-4a3fbc34180c" "x-ms-correlation-request-id"="ad5de80c-6782-472a-9d78-a470d766ea33" |
33 |
| E0711 09:29:35.003661 1 controller.go:329] "msg"="Reconciler error" "error"="failed to reconcile AzureMachine: failed to reconcile AzureMachine service vmextensions: extension state failed. This likely means the Kubernetes node bootstrapping process failed or timed out. Check VM boot diagnostics logs to learn more: failed to create resource azure1/CAPZ.Linux.Bootstrapping (service: vmextensions): compute.VirtualMachineExtensionsClient#CreateOrUpdate: Failure sending request: StatusCode=403 -- Original Error: Code="AuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' does not have authorization to perform action 'Microsoft.Compute/virtualMachines/extensions/write' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Compute/virtualMachines/azure1-control-plane-8xhk2/extensions/CAPZ.Linux.Bootstrapping' or the scope is invalid. If access was recently granted, please refresh your credentials."" "AzureMachine"={"name":"azure1-control-plane-8xhk2","namespace":"cluster-azure1"} "controller"="azuremachine" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureMachine" "name"="azure1-control-plane-8xhk2" "namespace"="cluster-azure1" "reconcileID"="1e2a8712-39c4-4f2b-88dd-91e80907297d" |
34 |
| E0711 11:21:08.062277 1 controller.go:329] "msg"="Reconciler error" "error"="failed to get user-assigned identity ClientID: msi.UserAssignedIdentitiesClient#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' does not have authorization to perform action 'Microsoft.ManagedIdentity/userAssignedIdentities/read' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/capz/providers/Microsoft.ManagedIdentity/userAssignedIdentities/capz-agentpool' or the scope is invalid. If access was recently granted, please refresh your credentials."" "AzureMachineTemplate"={"name":"jaks21u-md-2","namespace":"cluster-azure1"} "controller"="azuremachinetemplate" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureMachineTemplate" "name"="jaks21u-md-2" "namespace"="cluster-azure1" "reconcileID"="6c86813e-ebde-48ec-be8e-ebc31e2ed3f2" |
35 |
| E0711 11:24:35.879633 1 controller.go:329] "msg"="Reconciler error" "error"="failed to reconcile AzureMachine: failed to reconcile AzureMachine service virtualmachine: failed to create resource azure1/azure1-control-plane-k7gr7 (service: virtualmachine): compute.VirtualMachinesClient#CreateOrUpdate: Failure sending request: StatusCode=403 -- Original Error: Code="LinkedAuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' has permission to perform action 'Microsoft.Compute/virtualMachines/write' on scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Compute/virtualMachines/azure1-control-plane-k7gr7'; however, it does not have permission to perform action 'Microsoft.ManagedIdentity/userAssignedIdentities/assign/action' on the linked scope(s) '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/capz/providers/Microsoft.ManagedIdentity/userAssignedIdentities/capz-agentpool' or the linked scope(s) are invalid."" "AzureMachine"={"name":"azure1-control-plane-k7gr7","namespace":"cluster-azure1"} "controller"="azuremachine" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureMachine" "name"="azure1-control-plane-k7gr7" "namespace"="cluster-azure1" "reconcileID"="bbba3de9-2724-414d-a881-ced9165335fa" |
36 |
| E0711 14:13:40.921193 1 controller.go:329] "msg"="Reconciler error" "error"="error deleting AzureCluster cluster-azure1/azure1: failed to delete resource group: failed to delete resource azure1/azure1 (service: group): resources.GroupsClient#Delete: Failure sending request: StatusCode=403 -- Original Error: Code="AuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/delete' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/azure1' or the scope is invalid. If access was recently granted, please refresh your credentials."" "AzureCluster"={"name":"azure1","namespace":"cluster-azure1"} "controller"="azurecluster" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureCluster" "name"="azure1" "namespace"="cluster-azure1" "reconcileID"="b1c7b55e-698e-44d0-805b-b601f6229958" |
37 |
| E0721 08:25:09.942192 1 controller.go:329] "msg"="Reconciler error" "error"="error deleting AzureMachine cluster-azure1/azure1w1-md-1-mdqww: failed to delete AzureMachine service disks: failed to delete resource azure1/azure1w1-md-1-mdqww_OSDisk (service: disks): compute.DisksClient#Delete: Failure sending request: StatusCode=403 -- Original Error: Code="AuthorizationFailed" Message="The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' does not have authorization to perform action 'Microsoft.Compute/disks/delete' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/xxxxxx/providers/Microsoft.Compute/disks/xxxxxx-md-1-mdqww_OSDisk' or the scope is invalid. If access was recently granted, please refresh your credentials."" "AzureMachine"={"name":"azure1w1-md-1-mdqww","namespace":"cluster-azure1"} "controller"="azuremachine" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureMachine" "name"="azure1w1-md-1-mdqww" "namespace"="cluster-azure1" "reconcileID"="53104e0a-4949-416b-bbe0-43d9fe470e53" |
38 |
| Warning Failed 61s (x4 over 2m33s) kubelet Failed to pull image "eosregistry.azurecr.io/keos/stratio/capsule:0.1.1-0.3.1": rpc error: code = Unknown desc = failed to pull and unpack image "eosregistry.azurecr.io/keos/stratio/capsule:0.1.1-0.3.1": failed to resolve reference "eosregistry.azurecr.io/keos/stratio/capsule:0.1.1-0.3.1": failed to authorize: failed to fetch anonymous token: unexpected status: 401 Unauthorized |
39 |
| TASK [system-services/storage/utils : Check StorageClass 'keos' PVC availability] failed to provision volume with StorageClass "keos" does not have authorization to perform action 'Microsoft.Compute/disks/write' over scope '/subscriptions/XXXXXXXXXX/resourceGroups/azure1/providers/Microsoft.Compute/disks/pvc-074e2679-f9ec-4018-b16a-0b741afb7832' |
40 |
| disk.csi.azure.com_azure1-control-plane-vxlng_9430326f-b8dc-426c-a9e4-6e37e03c3efa failed to provision volume with StorageClass "keos": rpc error: code = Internal desc = Retriable: false, RetryAfter: 0s, HTTPStatusCode: 403, RawError: {"error":{"code":"AuthorizationFailed","message":"The client '63b6f379-3a26-4928-b65e-64a00fe65d46' with object id '63b6f379-3a26-4928-b65e-64a00fe65d46' does not have authorization to perform action 'Microsoft.Compute/disks/read' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Compute/disks/pvc-4816139c-df5c-43c9-bc51-394164b1522c' |
41 |
| An exception occurred during task execution. To see the full traceback, use -vvv. The error was: Message: The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id 'e594d8d5-aacf-449a-b092-610b7d1d097e' does not have authorization to perform action 'Microsoft.Network/dnsZones/read' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/dnsZones/domain.ext' or the scope is invalid. |
42 |
| An exception occurred during task execution. To see the full traceback, use -vvv. The error was: Message: The client 'e594d8d5-aacf-449a-b092-610b7d1d097e' with object id e594d8d5-aacf-449a-b092-610b7d1d097e' does not have authorization to perform action 'Microsoft.Network/privateDnsZones/read' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/privateDnsZones/domain.ext' or the scope is invalid. |
43 |
| Warning CreateOrUpdatePublicIPAddress 4m46s (x7 over 10m) azure-cloud-provider Retriable: false, RetryAfter: 0s, HTTPStatusCode: 403, RawError: {"error":{"code":"AuthorizationFailed","message":"The client '63b6f379-3a26-4928-b65e-64a00fe65d46' with object id '63b6f379-3a26-4928-b65e-64a00fe65d46' does not have authorization to perform action 'Microsoft.Network/publicIPAddresses/read' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/publicIPAddresses/azure1-a3832d7641b0f422cadfe775c6e96cb9' or the scope is invalid. If access was recently granted, please refresh your credentials."}} |
44 |
| Warning CreateOrUpdatePublicIPAddress 4m46s (x7 over 10m) azure-cloud-provider Retriable: false, RetryAfter: 0s, HTTPStatusCode: 403, RawError: {"error":{"code":"AuthorizationFailed","message":"The client '63b6f379-3a26-4928-b65e-64a00fe65d46' with object id '63b6f379-3a26-4928-b65e-64a00fe65d46' does not have authorization to perform action 'Microsoft.Network/publicIPAddresses/write' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/publicIPAddresses/azure1-a3832d7641b0f422cadfe775c6e96cb9' or the scope is invalid. If access was recently granted, please refresh your credentials."}} |
45 |
| Warning SyncLoadBalancerFailed 36s (x26 over 10m) service-controller Error syncing load balancer: failed to delete load balancer: Retriable: false, RetryAfter: 0s, HTTPStatusCode: 403, RawError: {"error":{"code":"AuthorizationFailed","message":"The client '63b6f379-3a26-4928-b65e-64a00fe65d46' with object id '63b6f379-3a26-4928-b65e-64a00fe65d46' does not have authorization to perform action 'Microsoft.Network/networkSecurityGroups/read' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/networkSecurityGroups/azure1-node-nsg' or the scope is invalid. If access was recently granted, please refresh your credentials."}} |
46 |
| arning SyncLoadBalancerFailed 7s (x2 over 8s) service-controller Error syncing load balancer: failed to ensure load balancer: Retriable: false, RetryAfter: 0s, HTTPStatusCode: 403, RawError: {"error":{"code":"AuthorizationFailed","message":"The client '63b6f379-3a26-4928-b65e-64a00fe65d46' with object id '63b6f379-3a26-4928-b65e-64a00fe65d46' does not have authorization to perform action 'Microsoft.Network/loadBalancers/write' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/loadBalancers/azure1' or the scope is invalid. If access was recently granted, please refresh your credentials."}} |
47 |
| Warning SyncLoadBalancerFailed 8s (x4 over 44s) service-controller Error syncing load balancer: failed to ensure load balancer: Retriable: false, RetryAfter: 0s, HTTPStatusCode: 403, RawError: {"error":{"code":"LinkedAuthorizationFailed","message":"The client '63b6f379-3a26-4928-b65e-64a00fe65d46' with object id '63b6f379-3a26-4928-b65e-64a00fe65d46' has permission to perform action 'Microsoft.Network/loadBalancers/write' on scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/loadBalancers/azure1'; however, it does not have permission to perform action 'Microsoft.Network/publicIPAddresses/join/action' on the linked scope(s) '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/publicIPAddresses/azure1-ae2b9e9c4e64f47aa9248c8026089bcf' or the linked scope(s) are invalid."}} |
48 |
| Warning SyncLoadBalancerFailed 1s service-controller Error syncing load balancer: failed to ensure load balancer: Retriable: false, RetryAfter: 0s, HTTPStatusCode: 403, RawError: {"error":{"code":"AuthorizationFailed","message":"The client '63b6f379-3a26-4928-b65e-64a00fe65d46' with object id '63b6f379-3a26-4928-b65e-64a00fe65d46' does not have authorization to perform action 'Microsoft.Network/loadBalancers/read' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/loadBalancers/azure1' or the scope is invalid. If access was recently granted, please refresh your credentials."}} |
49 |
| The client '63b6f379-3a26-4928-b65e-64a00fe65d46' with object id '63b6f379-3a26-4928-b65e-64a00fe65d46' does not have authorization to perform action 'Microsoft.Network/networkInterfaces/read' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/networkInterfaces/azure1w1-md-2-c59n2-nic' |
50 |
| The client '63b6f379-3a26-4928-b65e-64a00fe65d46' with object id '63b6f379-3a26-4928-b65e-64a00fe65d46' does not have authorization to perform action 'Microsoft.Network/networkInterfaces/write' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/networkInterfaces/azure1w1-md-0-b87p8-nic' |
51 |
| Does not have permission to perform action 'Microsoft.Network/virtualNetworks/subnets/join/action' on the linked scope(s) '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/virtualNetworks/azure1-vnet/subnets/node-subnet' |
52 |
| Warning SyncLoadBalancerFailed 5s service-controller Error syncing load balancer: failed to ensure load balancer: Retriable: false, RetryAfter: 0s, HTTPStatusCode: 403, RawError: {"error":{"code":"AuthorizationFailed","message":"The client '63b6f379-3a26-4928-b65e-64a00fe65d46' with object id '63b6f379-3a26-4928-b65e-64a00fe65d46' does not have authorization to perform action 'Microsoft.Network/networkSecurityGroups/write' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Network/networkSecurityGroups/azure1-node-nsg' or the scope is invalid. If access was recently granted, please refresh your credentials."}} |
53 |
| ERROR Doest not have permission to perform action 'Microsoft.ContainerRegistry/registries/pull/read' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.ContainerRegistry/registries/eosregistry' |
54 |
| ERROR Doest not have permission to perform action 'Microsoft.Storage/storageAccounts/fileServices/shares/read' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Storage/storageAccounts/eosregistry' |
55 |
| ERROR Doest not have permission to perform action 'Microsoft.Storage/storageAccounts/fileServices/shares/write' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Storage/storageAccounts/eosregistry' |
56 |
| ERROR Doest not have permission to perform action 'Microsoft.Storage/storageAccounts/fileServices/shares/delete' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Storage/storageAccounts/eosregistry' |
57 |
| ERROR Doest not have permission to perform action '"Microsoft.Storage/storageAccounts/read", over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Storage/storageAccounts/eosregistry' |
58 |
| ERROR Doest not have permission to perform action 'Microsoft.Storage/storageAccounts/write' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Storage/storageAccounts/eosregistry' |
59 |
| ERROR Doest not have permission to perform action 'Microsoft.Storage/storageAccounts/delete' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/azure1/providers/Microsoft.Storage/storageAccounts/eosregistry' |
60 |