Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to Fetch Cluster Details with OCI Native Ingress Controller when Workload Identity #110

Open
PrathapDasari opened this issue Dec 2, 2024 · 3 comments
Open

Unable to Fetch Cluster Details with OCI Native Ingress Controller when Workload Identity #110

PrathapDasari opened this issue Dec 2, 2024 · 3 comments

Comments

@PrathapDasari
Copy link

Hi ,

We are trying to implement principal credentials with Workload Identity for the OKE cluster, but unfortunately, we are encountering the following errors.

I1202 23:16:52.205446 1 auth_service.go:71] Fetching auth config provider for type: workloadIdentity F1202 23:16:55.386762 1 server.go:168] failed to get cluster details: Get "https://containerengine..oci.oraclecloud.com/20180222/clusters/ocid1.cluster.oc1.eu-amsterdam-1.aaaaaaaak2acfqd2tmqytfjxovx5zyjxd2xuuuwhwkaje6dnvcm63melu3vq": dial tcp: lookup containerengine..oci.oraclecloud.com: no such host

Can you please assist with this?

// Prathap Dasari
@PrathapDasari PrathapDasari changed the title Unable to Fetch Cluster Details with OCI Native Ingress Controller Unable to Fetch Cluster Details with OCI Native Ingress Controller when Workload Identity Dec 2, 2024
@PrathapDasari
Copy link
Author

PrathapDasari commented Dec 3, 2024
edited
Loading

I1203 12:06:30.976445 1 server.go:65] Controller loop... I1203 12:06:30.976518 1 auth_service.go:71] Fetching auth config provider for type: workloadIdentity F1203 12:06:31.270998 1 server.go:168] failed to get cluster details: Error returned by ContainerEngine Service. Http Status Code: 404. Error Code: NotAuthorizedOrNotFound. Opc request id: 2f1edaa3f796aa0dd397456def2f03c4/107FE5A6CE441965C530AD76B9442521/BDDBF44011A61E86C43F4E0E1966EBF2. Message: Authorization failed or requested resource not found. Operation Name: GetCluster Timestamp: 2024-12-03 12:06:31 +0000 GMT Client Version: Oracle-GoSDK/65.71.0 Request Endpoint: GET https://containerengine.eu-amsterdam-1.oci.oraclecloud.com/20180222/clusters/ocid1.cluster.oc1.eu-amsterdam-**************** Troubleshooting Tips: See https://docs.oracle.com/iaas/Content/API/References/apierrors.htm#apierrors_404__404_notauthorizedornotfound for more information about resolving this error. Also see https://docs.oracle.com/iaas/api/#/en/containerengine/20180222/Cluster/GetCluster for details on this operation's requirements. To get more info on the failing request, you can set OCI_GO_SDK_DEBUG env var to info or higher level to log the request/response details. If you are unable to resolve this ContainerEngine issue, please contact Oracle support and provide them this full error message.

@nirpai
Copy link
Contributor

nirpai commented Dec 5, 2024

Can you make sure the required policy statements are present? (point 4 in the list)
https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengsettingupnativeingresscontroller-addon-prereqs.htm#contengsettingupnativeingresscontroller-addon-permissions

@PrathapDasari
Copy link
Author

@nirpai We added all the required policies for workload identities, but it is still not working. As of now, we have decided to proceed with an alternative method..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nirpai @PrathapDasari