1

One of the stage in my azure pipeline getting failed with below error "Failed to acquire a token: failed acquiring new token: waiting for device code authentication to complete: autorest/adal/devicetoken: Error while retrieving OAuth token: Code Expired"

Any help on this is highly appreciated

2021-06-02T03:52:26.1806927Z ##[section]Starting: Deploy App in Development Enviroment
2021-06-02T03:52:26.1814528Z ==============================================================================
2021-06-02T03:52:26.1814830Z Task         : Kubectl
2021-06-02T03:52:26.1815178Z Description  : Deploy, configure, update a Kubernetes cluster in Azure Container Service by running kubectl commands
2021-06-02T03:52:26.1815494Z Version      : 1.181.0
2021-06-02T03:52:26.1815734Z Author       : Microsoft Corporation
2021-06-02T03:52:26.1816020Z Help         : https://aka.ms/azpipes-kubectl-tsg
2021-06-02T03:52:26.1816326Z ==============================================================================
2021-06-02T03:52:26.8916342Z Prepending PATH environment variable with directory: /usr/local/bin
2021-06-02T04:07:29.8005355Z ==============================================================================
2021-06-02T04:07:29.8006774Z            Kubectl Client Version: v1.20.4
2021-06-02T04:07:29.8007651Z    Kubectl Server Version: Could not find kubectl server version
2021-06-02T04:07:29.8008688Z ==============================================================================
2021-06-02T04:07:29.9178413Z [command]/usr/local/bin/kubectl apply -f /home/myagent-agent/-dev.yaml -o json
2021-06-02T04:07:30.1210223Z To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code DZCGH5TCR to authenticate.
2021-06-02T04:22:32.1314128Z E0602 04:22:32.130844   14171 azure.go:154] Failed to acquire a token: failed acquiring new token: waiting for device code authentication to complete: autorest/adal/devicetoken: Error while retrieving OAuth token: Code Expired
2021-06-02T04:22:32.1320836Z Unable to connect to the server: acquiring a token for authorization header: failed acquiring new token: waiting for device code authentication to complete: autorest/adal/devicetoken: Error while retrieving OAuth token: Code Expired (Client.Timeout exceeded while awaiting headers)
2021-06-02T04:22:32.1410766Z ##[error]To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code DZCGH5TCR to authenticate.
2021-06-02T04:22:32.1428397Z ##[error]E0602 04:22:32.130844   14171 azure.go:154] Failed to acquire a token: failed acquiring new token: waiting for device code authentication to complete: autorest/adal/devicetoken: Error while retrieving OAuth token: Code Expired
2021-06-02T04:22:32.1431654Z ##[error]Unable to connect to the server: acquiring a token for authorization header: failed acquiring new token: waiting for device code authentication to complete: autorest/adal/devicetoken: Error while retrieving OAuth token: Code Expired (Client.Timeout exceeded while awaiting headers)
2021-06-02T04:22:32.1433510Z commandOutput
2021-06-02T04:49:16.9152434Z ##[error]The operation was canceled.
2021-06-02T04:49:16.9158969Z ##[section]Finishing: Deploy App in Development Enviroment
Satyam Pandey
  • 111
  • 2

1 Answers1

1

Looks like you have Azure AD Integration setup on your AKS cluster, the Kubernetes task can't deal with this. You would need to create a service account in Kubernetes and set this up as a service connection in Azure DevOps.

Sam Cogan
  • 38,736
  • 6
  • 78
  • 114
  • thanks , for taking a look, can please provide some example or sample of service account in kubernetes – Satyam Pandey Jun 03 '21 at 08:57
  • https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/ – Sam Cogan Jun 03 '21 at 08:58
  • Thanks for Dcument, earlier K8s task of Azure Devops Serves was able to connect my private aks via service connecton (azure resource manger ) – Satyam Pandey Jun 03 '21 at 09:05
  • You can still connect with a service connection, but you need to setup a service connection for a service account. because you have enabled Azure AD integrated an Azure RBAC service principal will not work – Sam Cogan Jun 03 '21 at 09:06
  • I've blogged about this here - https://samcogan.com/aks-azure-ad-authentication-and-automation/ – Sam Cogan Jun 03 '21 at 09:07
  • /usr/local/bin/kubectl apply -f /home/my-agent/_work/9/s/kubernetes/dev.yaml -o json Unable to connect to the server: dial tcp 20.77.88.:90: i/o timeout ##[error]Unable to connect to the server: dial tcp 20.77.88.:90: i/o timeout commandOutput – Satyam Pandey Jun 03 '21 at 10:43
  • i created sa, clusterrole, rolebinding and Service connection used the service connection in yaml but no luck – Satyam Pandey Jun 03 '21 at 10:44
  • This indicates that Azure DevOps cannot connect to the kubernetes control plane, do you have API restrictions in place? – Sam Cogan Jun 03 '21 at 10:45
  • i use private AKS – Satyam Pandey Jun 03 '21 at 10:47
  • Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/125029/discussion-between-satyam-pandey-and-sam-cogan). – Satyam Pandey Jun 03 '21 at 10:47
  • Is your Azure devops agent on the same network? Otherwise it won't be able to talk to AKS – Sam Cogan Jun 03 '21 at 10:47