Background
I am attempting to create a StorageCluster for Portworx Essentials (PE) 2.7 in
Microsoft Azure Red Hat OpenShift (ARO). The operator installed correctly using
the following Kube Manifest.
---
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: portworx-essentials
namespace: kube-system
spec:
channel: "stable"
name: portworx-essentials
source: community-operators
sourceNamespace: openshift-marketplace
...
Then applied with
oc apply -f ./src/kube_manifests/oscp_portworx-essentials.yaml
Then I went to the Portworx generator site, and generated the following Kube
Manifest.
---
kind: StorageCluster
apiVersion: core.libopenstorage.org/v1
metadata:
name: px-cluster-<redacted>
namespace: kube-system
annotations:
portworx.io/install-source: "https://install.portworx.com/?mc=false&\
kbver=1.19.0%2Ba5a0987&\
oem=esse\
&user=<redacted>&\
b=true&\
mz=5&s=%22type%3DPremium_LRS%2Csize%3D1000%22&\
j=auto\
&kd=type%3DPremium_LRS%2Csize%3D150&\
c=px-cluster-<redacted>&\
osft=true&operator=true&stork=true&\
csi=true&\
lh=true&\
st=k8s&e=OSCP_OWNER%3DPhillip%20Dudley"
portworx.io/is-openshift: "true"
portworx.io/misc-args: --oem esse
spec:
image: portworx/oci-monitor:2.7.0
imagePullPolicy: Always
kvdb:
internal: true
cloudStorage:
deviceSpecs:
- type=Premium_LRS,size=1000
journalDeviceSpec: auto
kvdbDeviceSpec: type=Premium_LRS,size=150
maxStorageNodesPerZone: 5
secretsProvider: k8s
stork:
enabled: true
args:
webhook-controller: "false"
userInterface:
enabled: true
autopilot:
enabled: true
featureGates:
CSI: "true"
env:
- name: OSCP_OWNER
value: Phillip Dudley
...
---
apiVersion: v1
kind: Secret
metadata:
name: px-essential
namespace: kube-system
data:
px-essen-user-id: '<redacted>'
px-osb-endpoint: '<redacted>'
...
I then applied this with
oc apply -f ./src/kube_manifests/oscp_px_storage-cluster.yaml
The Problem
After applying the StorageCluster, I recieve the following errors.
2021-06-29T18:48:17.271393198Z @dudleyparopoc-5ck7j-worker-centralus1-wzfpz portworx[2552656[]: time="2021-06-29T18:48:17Z" level=error msg="Authentication error: azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://management.azure.com/subscriptions/<redacted>/resourceGroups/aro-mby91d36/providers/Microsoft.Compute/virtualMachines/dudleyparopoc-5ck7j-worker-centralus1-wzfpz?%24expand=instanceView&api-version=2018-06-01: StatusCode=400 -- Original Error: adal: Refresh request failed. Status Code = '400'. Response body: {\"error\":\"invalid_request\",\"error_description\":\"Identity not found\"}" func=InitAndBoot package=boot
2021-06-29T18:48:17.271419098Z @dudleyparopoc-5ck7j-worker-centralus1-wzfpz portworx[2552656[]: time="2021-06-29T18:48:17Z" level=error msg="Could not init boot manager" error="Authentication error: azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://management.azure.com/subscriptions/<redacted>/resourceGroups/aro-mby91d36/providers/Microsoft.Compute/virtualMachines/dudleyparopoc-5ck7j-worker-centralus1-wzfpz?%24expand=instanceView&api-version=2018-06-01: StatusCode=400 -- Original Error: adal: Refresh request failed. Status Code = '400'. Response body: {\"error\":\"invalid_request\",\"error_description\":\"Identity not found\"}"
The mentioned Service Principal does work and has Contributor
and User Access Administrator
to the Subscription level. I used the same Service
Principal with the openshift-install IPI method, so I know that it works.