Unable to install dapr extension in AKS cluster

Franco Tiveron 0 Reputation points
2023-05-31T03:43:25.9866667+00:00

I am trying to install Dapr extension in my AKS cluster (https://learn.microsoft.com/en-us/azure/aks/dapr)

I get the following error

az k8s-extension create --cluster-type managedClusters --cluster-name yatp-demo-cluster --resource-group yatp-demo-rg --name dapr-extension --auto-upgrade-minor-version true --extension-type Microsoft.Dapr

Is Dapr already installed in the cluster? (y/N): N

(ExtensionOperationFailed) The extension operation failed with the following error: Request failed to https://management.azure.com/subscriptions/cc3eb119-9abc-4321-827a-0c62ad7baba7/resourceGroups/yatp-demo-rg/providers/Microsoft.ContainerService/managedclusters/yatp-demo-cluster/extensionaddons/dapr-extension?api-version=2021-03-01. Error code: Unauthorized. Reason: Unauthorized.{"error":{"code":"InvalidAuthenticationToken","message":"The received access token is not valid: at least one of the claims 'puid' or 'altsecid' or 'oid' should be present. If you are accessing as application please make sure service principal is properly created in the tenant."}}.

Code: ExtensionOperationFailed

Message: The extension operation failed with the following error: Request failed to https://management.azure.com/subscriptions/cc3eb119-9abc-4321-827a-0c62ad7baba7/resourceGroups/yatp-demo-rg/providers/Microsoft.ContainerService/managedclusters/yatp-demo-cluster/extensionaddons/dapr-extension?api-version=2021-03-01. Error code: Unauthorized. Reason: Unauthorized.{"error":{"code":"InvalidAuthenticationToken","message":"The received access token is not valid: at least one of the claims 'puid' or 'altsecid' or 'oid' should be present. If you are accessing as application please make sure service principal is properly created in the tenant."}}.

Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,978 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Vinodh247 13,066 Reputation points
    2023-05-31T04:43:29.6066667+00:00

    Hi,

    Thanks for reaching out to Microsoft Q&A.

    Can you try the below link, seems the issue with the SP creation, could you try and let know in the comments if this worked? so others can benefit.

    Please be noted that the issue does not occur when I create the service principal directly using Azure Portal

    https://github.com/Azure/azure-cli/issues/23836

    https://learn.microsoft.com/en-us/answers/questions/979522/the-received-access-token-is-not-valid

    Please Upvote and Accept as answer if the reply was helpful, this will be benefitting the other community members who go through the same issue.

    0 comments No comments