Open bhardwahnitish19 opened 4 years ago
@bhardwahnitish19 Looks like NMI is returning an error while requested for a token. Can you please check the NMI and MIC logs for pod-identity to see why the identity assignment is failing?
@aramase Thanks for your quick response. I am not sure how to check those logs. It would be great if you can point me towards it.
Appreciate your help
@bhardwahnitish19 For the MIC logs -
kubectl get pods --all-namespaces | grep mic
There will be 2 pods for MIC. Check the logs for each pod to see if there are any errors. MIC is the component in pod-identity that assigns the identity the underlying VM/VMSS node. NMI is the component that checks if the identity has been assigned, if pod has access to the identity, fetches and returns the token.
If you don't see any errors in MIC, you can check the NMI pod running on the same node as your application pod to see why it's unable to fetch a token.
kubectl get pods --all-namespaces -o wide | grep nmi
. Pick the NMI pod running on the same node as the application.
@aramase Thanks, I will check and update the logs for reference.
Describe the bug I am trying to use flexvolume with pod identity. Even through kubelet tries multiple times, I am getting same time(tried for almost 7-8 times) and the pod status is stuck at ContainerCreating.
Steps To Reproduce
Expected behavior Volume must be mounted after couple of re-tries Key Vault FlexVolume version
Access mode: service principal or pod identity pod identity Kubernetes version 1.13.10 Additional context