Unable to create AKS load balance with static public IP

967 views Asked by At

I've followed steps mentioned over https://learn.microsoft.com/en-us/azure/aks/static-ip link.

I'm getting following error.

  Warning  ListPublicIPs           22s (x4 over 57s)  azure-cloud-provider  network.PublicIPAddressesClient#List: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client 'f76e0cc5-db5a-459a-bd4e-8c8d7b453f05' with object id 'f76e0cc5-db5a-459a-bd4e-8c8d7b453f05' does not have authorization to perform action 'Microsoft.Network/publicIPAddresses/read' over scope '/subscriptions/166aaa5b-86d9-49d7-b7cc-2bf38cc91490/resourceGroups/myResourceGroup/providers/Microsoft.Network' or the scope is invalid. If access was recently granted, please refresh your credentials."
  Warning  SyncLoadBalancerFailed  22s (x4 over 57s)  service-controller    Error syncing load balancer: failed to ensure load balancer: network.PublicIPAddressesClient#List: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client 'f76e0cc5-db5a-459a-bd4e-8c8d7b453f05' with object id 'f76e0cc5-db5a-459a-bd4e-8c8d7b453f05' does not have authorization to perform action 'Microsoft.Network/publicIPAddresses/read' over scope '/subscriptions/166aaa5b-86d9-49d7-b7cc-2bf38cc91490/resourceGroups/myResourceGroup/providers/Microsoft.Network' or the scope is invalid. If access was recently granted, please refresh your credentials."
1

There are 1 answers

2
4c74356b41 On

you either created it in a wrong resource group or you haven't given permissions to it to AKS cluster

so basically you need to grant contributor permissions to the following application: f76e0cc5-db5a-459a-bd4e-8c8d7b453f05 over this scope: /subscriptions/166aaa5b-86d9-49d7-b7cc-2bf38cc91490/resourceGroups/myResourceGroup