Join Log in
Score:0
uday avatar Server

Azure key vault volume not accessible, how to fix that?

ke flag
uday

I have followed the walkthrough provided in this link

And at step 6, I have tried to create a pod with the volume linked to the keyvault.

But it is not able to access the volume.

kubectl get pods
NAME                                         READY   STATUS              RESTARTS   AGE
busybox-secrets-store-inline                 0/1     ContainerCreating   0          27s
csi-csi-secrets-store-provider-azure-2fwqd   1/1     Running             0          45m
csi-secrets-store-csi-driver-d6zjv           3/3     Running             0          45m


 kubectl describe pod busybox-secrets-store-inline
Name:         busybox-secrets-store-inline
Namespace:    default
Priority:     0
Node:         aks-agentpool-22716505-vmss000001/10.240.0.5
Start Time:   Mon, 26 Jul 2021 21:45:02 +0530
Labels:       <none>
Annotations:  <none>
Status:       Pending
IP:
IPs:          <none>
Containers:
  busybox:
    Container ID:
    Image:         k8s.gcr.io/e2e-test-images/busybox:1.29
    Image ID:
    Port:          <none>
    Host Port:     <none>
    Command:
      /bin/sleep
      10000
    State:          Waiting
      Reason:       ContainerCreating
    Ready:          False
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /mnt/secrets-store from secrets-store-inline (ro)
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-g7shm (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  secrets-store-inline:
    Type:              CSI (a Container Storage Interface (CSI) volume source)
    Driver:            secrets-store.csi.k8s.io
    FSType:
    ReadOnly:          true
    VolumeAttributes:      secretProviderClass=azure-kvname
  default-token-g7shm:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-g7shm
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                 node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason       Age    From               Message
  ----     ------       ----   ----               -------
  Normal   Scheduled    3m50s  default-scheduler  Successfully assigned default/busybox-secrets-store-inline to aks-agentpool-22716505-vmss000001
  Warning  FailedMount  110s   kubelet            MountVolume.SetUp failed for volume "secrets-store-inline" : rpc error: code = DeadlineExceeded desc = context deadline exceeded
  Warning  FailedMount  107s   kubelet            Unable to attach or mount volumes: unmounted volumes=[secrets-store-inline], unattached volumes=[secrets-store-inline default-token-g7shm]: timed out waiting for the condition

How to fix this?

676
1 + 0
aks
Score:0
avatar Server
ng flag
Sam Cogan

This is usually a permissions issue. Make sure you have specified the service principal ID and Password correctly, and make sure you have granted it access to the key vault using the access policies, this is separate to the Azure RBAC permissions.

0 + 1
uday avatar
ke flag
uday
I have done the steps as it is in the link: https://azure.github.io/secrets-store-csi-driver-provider-azure/demos/standard-walkthrough/ Can you please let me know if any thing missed which are not mentioned in this link? Access policy means I guess it was mentioned in step 3 of the link.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.