Azure free account - ingress controller LoadBalancer is Pending - error: AADSTS7000215 : Invalid client secret is provided

Valery Mogilevsky 61 Reputation points
2020-10-26T06:30:21.417+00:00

I created Azure free account a month ago,
and created K8S Cluster using AKS-Engine,
and installed Ingress Controller.

Ingress controller service/LoadBalancer is Pending.
Error in service: AADSTS7000215 - Invalid client secret is provided.
Pod of Ingress controller is running , no errors.

Full error from service:

Warning SyncLoadBalancerFailed 8m7s service-controller
Error syncing load balancer: failed to ensure load balancer:
Retriable: false, RetryAfter: 0s, HTTPStatusCode: 401, RawError: Retriable: false,
RetryAfter: 0s, HTTPStatusCode: 401,
RawError: azure.BearerAuthorizer#WithAuthorization:
Failed to refresh the Token for request to
https://management.azure.com/subscriptions/803fbfe1-411b-4055-aed5-a02de15bde2b/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Network/loadBalancers?api-version=2019-06-01:
StatusCode=401 -- Original Error: adal: Refresh request failed. Status Code = '401'.
Response body: {"error":"invalid_client","error_description":"AADSTS7000215:
Invalid client secret is provided.\r\n
Trace ID: 016ee1f4-8e6f-405b-9910-c75cdbe25500\r\n
Correlation ID: 0c870546-f6ea-4f68-93a6-4452c05bd716\r\n
Timestamp: 2020-10-25 10:05:03Z",
"error_codes":[7000215],"timestamp":"2020-10-25 10:05:03Z",
"trace_id":"016ee1f4-8e6f-405b-9910-c75cdbe25500",
"correlation_id":"0c870546-f6ea-4f68-93a6-4452c05bd716",
"error_uri":"https://login.microsoftonline.com/error?code=7000215"}

Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,073 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Valery Mogilevsky 61 Reputation points
    2020-10-28T05:54:43.95+00:00

    @KarishmaTiwari-MSFT
    Thank you very much for reply
    I tried before Contributor role, and now the role is Owner. Same error ...
    Issue seems to me, maybe, somehow related to AKS-Engine usage.
    I created AKS Cluster using AKS-Engine, from my remote host (WSL/Ubuntu).
    KUBECONFIG=/home/valery..../_output/cloud-shell-storage-westeurope/kubeconfig/kubeconfig.westeurope.json

    _output/cloud-shell-storage-westeurope$ ls
    apimodel.json azuredeploy.parameters.json client.crt etcdpeer0.crt kubeconfig
    apiserver.crt azureuser_rsa client.key etcdpeer0.key kubectlClient.crt
    apiserver.key ca.crt etcdclient.crt etcdserver.crt kubectlClient.key
    azuredeploy.json ca.key etcdclient.key etcdserver.key

    Maybe issue related to kubectlClient.crt ...

    error_description":"AADSTS7000215:
    Invalid client secret is provided.\r\n

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.