我们有多个管道部署到 2 个 AKS 集群,该集群已经运行了大约 6 个月。突然,上周四,所有部署都开始失败。管道设置为在部署更新的代码之前删除最后的部署。 AKS 群集是私有的,部署是从自托管代理计算机进行的。这是步骤的样子
strategy:
runOnce:
deploy:
steps:
- task: KubernetesManifest@1
displayName: Delete previous deployment
inputs:
connectionType: "azureResourceManager"
azureSubscriptionConnection: "$(aksServiceConnection)"
azureResourceGroup: $(askResourceGroupName)
kubernetesCluster: $(aksName)
namespace: $(namespaceDv)
action: delete
arguments: deployment mynamespace-deploy --ignore-not-found=true
但是管道失败并出现以下错误:
##[debug]MSAL - ServicePrincipal - clientSecret is used.
##[debug][Thu, 27 Jun 2024 15:03:52 GMT] : [] : @azure/[email protected] : Info - acquireTokenByClientCredential called
##[debug][Thu, 27 Jun 2024 15:03:52 GMT] : [9a5f7d9c-befc-48a8-aede-4f35e9f59201] : @azure/[email protected] : Info - Building oauth client configuration with the following authority: https://login.microsoftonline.com/xxxxxxxxxxxxxxx/oauth2/v2.0/token.
##[debug][Thu, 27 Jun 2024 15:03:52 GMT] : [9a5f7d9c-befc-48a8-aede-4f35e9f59201] : @azure/[email protected] : Info - Sending token request to endpoint: https://login.microsoftonline.com/xxxxxxxxxxxxxxx/oauth2/v2.0/token
##[debug]MSAL - retrying getMSALToken - temporary error code: network_error
##[debug]MSAL - retrying getMSALToken - remaining attempts: 3
##[debug]Agent environment resources - Disk: / Available 53442.00 MB out of 68979.00 MB, Memory: Used 521.00 MB out of 11957.00 MB, CPU: Usage 6.34%
##[debug]MSAL - getMSALToken called. force=undefined
##[debug][Thu, 27 Jun 2024 15:03:54 GMT] : [] : @azure/[email protected] : Info - acquireTokenByClientCredential called
##[debug][Thu, 27 Jun 2024 15:03:54 GMT] : [a2b748f6-2067-4bd1-841c-d1c386f57725] : @azure/[email protected] : Info - Building oauth client configuration with the following authority: https://login.microsoftonline.com/xxxxxxxxxxxxxxx/oauth2/v2.0/token.
##[debug][Thu, 27 Jun 2024 15:03:54 GMT] : [a2b748f6-2067-4bd1-841c-d1c386f57725] : @azure/[email protected] : Info - Sending token request to endpoint: https://login.microsoftonline.com/xxxxxxxxxxxxxxx/oauth2/v2.0/token
##[debug]MSAL - retrying getMSALToken - temporary error code: network_error
##[debug]MSAL - retrying getMSALToken - remaining attempts: 2
##[debug]MSAL - getMSALToken called. force=undefined
##[debug][Thu, 27 Jun 2024 15:03:56 GMT] : [] : @azure/[email protected] : Info - acquireTokenByClientCredential called
##[debug][Thu, 27 Jun 2024 15:03:56 GMT] : [22e38295-49ce-40c4-b4a5-6d59afb0e24a] : @azure/[email protected] : Info - Building oauth client configuration with the following authority: https://login.microsoftonline.com/xxxxxxxxxxxxxxx/oauth2/v2.0/token.
##[debug][Thu, 27 Jun 2024 15:03:56 GMT] : [22e38295-49ce-40c4-b4a5-6d59afb0e24a] : @azure/[email protected] : Info - Sending token request to endpoint: https://login.microsoftonline.com/xxxxxxxxxxxxxxx/oauth2/v2.0/token
##[debug]MSAL - retrying getMSALToken - temporary error code: network_error
##[debug]MSAL - retrying getMSALToken - remaining attempts: 1
##[debug]Agent environment resources - Disk: / Available 53442.00 MB out of 68979.00 MB, Memory: Used 521.00 MB out of 11957.00 MB, CPU: Usage 6.16%
##[debug]MSAL - getMSALToken called. force=undefined
##[debug][Thu, 27 Jun 2024 15:03:58 GMT] : [] : @azure/[email protected] : Info - acquireTokenByClientCredential called
##[debug][Thu, 27 Jun 2024 15:03:58 GMT] : [cf0db17c-ccb6-41f1-a3a5-a67c2698a467] : @azure/[email protected] : Info - Building oauth client configuration with the following authority: https://login.microsoftonline.com/xxxxxxxxxxxxxxx/oauth2/v2.0/token.
##[debug][Thu, 27 Jun 2024 15:03:58 GMT] : [cf0db17c-ccb6-41f1-a3a5-a67c2698a467] : @azure/[email protected] : Info - Sending token request to endpoint: https://login.microsoftonline.com/xxxxxxxxxxxxxxx/oauth2/v2.0/token
##[warning]Can't find loc string for key: CantDownloadAccessProfile
##[debug]Processed: ##vso[task.issue type=warning;source=TaskInternal;]Can't find loc string for key: CantDownloadAccessProfile
##[debug]task result: Failed
##[error]CantDownloadAccessProfile mycluster-aks Could not fetch access token for Azure. Status code: network_error, status message: Network request failed
完成的步骤:
确保客户端密钥未过期
登录到代理计算机,我使用客户端密钥测试了到 login.microsoftonline.com 的curl,它返回一个令牌
登录到代理机器,我使用客户端密钥测试了 kubelogin,它返回了一个令牌
将 kubectl 和 kubelogin 更新到最新版本
但是,失败依然存在。
有什么想法吗?
提前致谢!
终于解决问题了。必须将 login.microsoftonline.com 添加到代理计算机上的代理绕过列表中。由于无法获取令牌,代理无法继续前进。为什么之前的状态有效,但 6 个月后又失败了,目前尚不清楚。那是一去不复返的时间:(