Comments (5)
Duplicate of #41954
(I know this was opened first, but that one has more details)
from teleport.
no, I made a rollback. Will create a new issue as there is no response here
from teleport.
Hi @zmb3,. sorry to bump this closed issue, but I just upgrade Teleport from 15.3.5
to 15.3.7
and now I'm getting:
Defaulted container "teleport" out of: teleport, wait-auth-update (init)
{"caller":"automaticupgrades/channel.go:65","component":null,"level":"debug","message":"'default' automatic update channel not specified, teleport will serve its version by default.","timestamp":"2024-05-30T09:03:23Z"}
{"timestamp":"2024-05-30T09:03:23Z","level":"info","caller":"common/teleport.go:661","message":"Starting Teleport with a config file","version":"15.3.7","config_file":"/etc/teleport/teleport.yaml"}
{"caller":"lite/lite.go:259","component":"sqlite","level":"debug","message":"Connected to: file:/var/lib/teleport/proc/sqlite.db?_busy_timeout=10000\u0026_sync=FULL\u0026_txlock=immediate, poll stream period: 1s","timestamp":"2024-05-30T09:03:23Z"}
{"caller":"lite/lite.go:310","component":"sqlite","level":"debug","message":"journal_mode=delete, synchronous=2, busy_timeout=10000","timestamp":"2024-05-30T09:03:23Z"}
SDK 2024/05/30 09:03:23 WARN falling back to IMDSv1: operation error ec2imds: getToken, http response error StatusCode: 404, request to EC2 IMDS failed
ERROR REPORT:
Original Error: *url.Error Get "https://compute.googleapis.com/compute/v1/projects/my-project/zones/us-east4-a/instances/gke-cluster-primary-7706f694-cdg9": compute: Received 403 `Unable to generate access token; IAM returned 403 Forbidden: Permission 'iam.serviceAccounts.getAccessToken' denied on resource (or it may not exist).
This error could be caused by a missing IAM policy binding on the target IAM service account.
For more information, refer to the Workload Identity documentation:
https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#authenticating_to
`
Stack Trace:
github.com/gravitational/teleport/lib/cloud/gcp/vm.go:332 github.com/gravitational/teleport/lib/cloud/gcp.(*instancesClient).GetInstance
github.com/gravitational/teleport/lib/cloud/imds/gcp/imds.go:117 github.com/gravitational/teleport/lib/cloud/imds/gcp.(*InstanceMetadataClient).GetTags
github.com/gravitational/teleport/lib/cloud/imds/gcp/imds.go:152 github.com/gravitational/teleport/lib/cloud/imds/gcp.(*InstanceMetadataClient).GetHostname
github.com/gravitational/teleport/lib/service/service.go:940 github.com/gravitational/teleport/lib/service.NewTeleport
github.com/gravitational/teleport/lib/service/service.go:703 github.com/gravitational/teleport/lib/service.newTeleportProcess
github.com/gravitational/teleport/lib/service/service.go:719 github.com/gravitational/teleport/lib/service.Run
github.com/gravitational/teleport/tool/teleport/common/teleport.go:663 github.com/gravitational/teleport/tool/teleport/common.OnStart
github.com/gravitational/teleport/tool/teleport/common/teleport.go:560 github.com/gravitational/teleport/tool/teleport/common.Run
github.com/gravitational/teleport/tool/teleport/main.go:33 main.main
runtime/proc.go:267 runtime.main
runtime/asm_amd64.s:1650 runtime.goexit
User Message: initialization failed
Get "https://compute.googleapis.com/compute/v1/projects/my-project/zones/us-east4-a/instances/gke-cluster-primary-7706f694-cdg9": compute: Received 403 `Unable to generate access token; IAM returned 403 Forbidden: Permission 'iam.serviceAccounts.getAccessToken' denied on resource (or it may not exist).
This error could be caused by a missing IAM policy binding on the target IAM service account.
For more information, refer to the Workload Identity documentation:
https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#authenticating_to
Everything works ok on 15.3.5
. Let me know if you want me to create a new bug for this
from teleport.
Same issue here. @cizara have you find a workaround ?
from teleport.
created bug #42312
from teleport.
Related Issues (20)
- SSO MFA tracker
- Teleport WSL port-forwarding HOT 1
- Uninstall Teleport does not include Teleport Auto Upgrader HOT 2
- Add Azure Entra ID configuration preset to SAML IdP
- The `lib/reversetunnel` certificate cache uses wrong keys so it doesn't work
- Implement the new inputs
- Create a WebInterface for roles creation HOT 4
- Discover RDS security group picker does not show all security group rules HOT 1
- app.session.start events no longer include access requests
- Discover RDS deploys version out of sync with deployment updater HOT 3
- Provide better error message for no mfa when required for app access HOT 1
- MariaDB support? HOT 2
- Machine ID: Modify docs to use Machine ID helm chart HOT 1
- Unclear instructions on how to set up with EKS and AWS auto discover HOT 1
- `TestCyclingHostDialClient` flakiness
- Improved CI checks of JavaScript code
- Audit Log doesn't recognize static_host_user.create HOT 4
- Prepare frontend apps for React 19 and React Compiler
- TLS config data race in initProxyEndpoint
- Metric for user and role count
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from teleport.