chore/upgrade all k8s 1.29 #1156
Open
Commits on Nov 22, 2024
-
ca/auth: update Azure token when invalid (#1134)
This changes the version of cluster autoscaler from tag `cluster-autoscaler-1.27.8 ` to branch `cluster-autoscaler-release-1.28`, commit `10a229ac17ea8049248d1c3ce2923b94a4f9085c`. Motivation: We get an occasional error in Azure: ``` E1106 12:08:11.509971 1 azure_manager.go:177] Failed to regenerate Azure cache: Retriable: false, RetryAfter: 0s, HTTPStatusCode: 401, RawError: azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://management.azure.com/subscriptions/REDUCTED/resourceGroups/MC_dev-eastus2-aks2_dev-azure-eastus2-aks2_eastus2/providers/Microsoft.Compute/virtualMachineScaleSets?api-version=2022-03-01: StatusCode=401 -- Original Error: adal: Refresh request failed. Status Code = '401'. Response body: {"error":"invalid_client","error_description":"AADSTS700024: Client assertion is not within its valid time range. Current time: 2024-11-06T12:08:11.4851735Z, assertion valid from 2024-11-04T18:55:21.0000000Z, expiry time of assertion 2024-11-04T19:55:21.0000000Z. Review the documentation at https://learn.microsoft.com/entra/identity-platform/certificate-credentials . Trace ID: 1c8e947d-f154-4052-9e8a-8529877f7c00 Correlation ID: b04f2ef9-09f7-4f4e-80f8-15d313c5568f Timestamp: 2024-11-06 12:08:11Z","error_codes":[700024],"timestamp":"2024-11-06 12:08:11Z","trace_id":"1c8e947d-f154-4052-9e8a-8529877f7c00","correlation_id":"b04f2ef9-09f7-4f4e-80f8-15d313c5568f","error_uri":"https://login.microsoftonline.com/error?code=700024"} Endpoint https://login.microsoftonline.com/c8350122-1697-4543-929a-d4a75d1bb552/oauth2/token?api-version=1.0 ``` CA seems to have fixed that with recent versions by switching to the `cloud-provider-azure package`, which has a callback to reread the JWT token when needed. This is already present in the `cluster-autoscaler-release-1.28` branch, but it is not present in the `cluster-autoscaler-1.28.6` tag that I used previously in 26d39a6. Instead, in this branch, the code reads JWT from the filesystem only once and does not consider that AKS will occasionally replace it. neondatabase/cloud#18284
-
Squashed commit of the following:
commit d470abf Author: Michael Francis <[email protected]> Date: Fri Nov 22 11:24:13 2024 -0500 added missing comment commit 4bbc78a Merge: 726f4f1 de028a6 Author: Michael Francis <[email protected]> Date: Wed Nov 20 11:17:12 2024 -0500 Merge branch 'main' into chore/upgrade-dev-clusters-1.29-take-two commit 726f4f1 Author: Michael Francis <[email protected]> Date: Tue Nov 19 17:07:48 2024 -0500 Upgrade to cluster-autoscaler 1.29 - take two
-
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.