Unable to install dapr extension in AKS cluster

Question

Unable to install dapr extension in AKS cluster

Franco Tiveron 0

I am trying to install Dapr extension in my AKS cluster (https://learn.microsoft.com/en-us/azure/aks/dapr)

I get the following error

az k8s-extension create --cluster-type managedClusters --cluster-name yatp-demo-cluster --resource-group yatp-demo-rg --name dapr-extension --auto-upgrade-minor-version true --extension-type Microsoft.Dapr

Is Dapr already installed in the cluster? (y/N): N

(ExtensionOperationFailed) The extension operation failed with the following error: Request failed to https://management.azure.com/subscriptions/cc3eb119-9abc-4321-827a-0c62ad7baba7/resourceGroups/yatp-demo-rg/providers/Microsoft.ContainerService/managedclusters/yatp-demo-cluster/extensionaddons/dapr-extension?api-version=2021-03-01. Error code: Unauthorized. Reason: Unauthorized.{"error":{"code":"InvalidAuthenticationToken","message":"The received access token is not valid: at least one of the claims 'puid' or 'altsecid' or 'oid' should be present. If you are accessing as application please make sure service principal is properly created in the tenant."}}.

Code: ExtensionOperationFailed

Message: The extension operation failed with the following error: Request failed to https://management.azure.com/subscriptions/cc3eb119-9abc-4321-827a-0c62ad7baba7/resourceGroups/yatp-demo-rg/providers/Microsoft.ContainerService/managedclusters/yatp-demo-cluster/extensionaddons/dapr-extension?api-version=2021-03-01. Error code: Unauthorized. Reason: Unauthorized.{"error":{"code":"InvalidAuthenticationToken","message":"The received access token is not valid: at least one of the claims 'puid' or 'altsecid' or 'oid' should be present. If you are accessing as application please make sure service principal is properly created in the tenant."}}.

KarishmaTiwari-MSFT 20,782 Reputation points Microsoft Employee Moderator

2023-06-06T02:49:47.0833333+00:00

@Franco Tiveron Checking in to see if the answer below helped.

If you still have questions, please let us know in the "comments" and we would be happy to help you. Comment is the fastest way of notifying the experts.

Please don’t forget to Accept Answer and hit Yes for "was this answer helpful" wherever the information provided helps you. This can be beneficial to other community members for remediation for similar issues.

1 answer

Your answer

KarishmaTiwari-MSFT 20,782 Reputation points Microsoft Employee Moderator

2023-06-06T02:49:47.0833333+00:00

@Franco Tiveron Checking in to see if the answer below helped.

If you still have questions, please let us know in the "comments" and we would be happy to help you. Comment is the fastest way of notifying the experts.

Please don’t forget to Accept Answer and hit Yes for "was this answer helpful" wherever the information provided helps you. This can be beneficial to other community members for remediation for similar issues.

Answer 1

Hi,

Thanks for reaching out to Microsoft Q&A.

Can you try the below link, seems the issue with the SP creation, could you try and let know in the comments if this worked? so others can benefit.

Please be noted that the issue does not occur when I create the service principal directly using Azure Portal

https://github.com/Azure/azure-cli/issues/23836

https://learn.microsoft.com/en-us/answers/questions/979522/the-received-access-token-is-not-valid

Please Upvote and Accept as answer if the reply was helpful, this will be benefitting the other community members who go through the same issue.

Share via

Unable to install dapr extension in AKS cluster

1 answer

Your answer