Error 'unable to get bearer token from secrets' when deploying TKG cluster using Container service extension in Cloud Director
search cancel

Error 'unable to get bearer token from secrets' when deploying TKG cluster using Container service extension in Cloud Director

book

Article ID: 398643

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

  • The TKG cluster deployment fails.
  • Upon reviewing the /root/cse.log on the CSE VM, the following error is identified:

I0522 09:57:18.733474    2805 main.go:54] Connecting to [https://vcd_url] as [#####:####]

I0522 09:57:18.733503    2805 auth.go:52] Using VCD OpenAPI version [36.0]

E0522 09:57:18.755042    2805 auth.go:66] failed to authenticate using refresh token

panic: error logging into VCD: [unable to get swagger client from secrets: [unable to get bearer token from secrets: [failed to set authorization header: [Post "https://vcd_url/oauth/provider/token": EOF]]]]

goroutine 1 [running]:

main.main()

 /app/main.go:60 +0x1c96

Environment

VMware Cloud Director 10.5.x

Container Service Extension 4.x

Cause

This issue occurs when WAF policies on the NSX Advanced Load Balancer (ALB) block communication between the CSE server and Cloud Director cells.

Resolution

To resolve this:

  • Access the Load Balancer and go to Applications > Virtual Services.
  • Select the Virtual Service for the Cloud Director cells and then Edit.
  • Navigate to the Policies tab and check the configuration for any blocked URLs or restricted access to the Cloud Director cells.

  • Consult your networking team to identify the issue and make the necessary changes.
Powered by Wolken Software