I have followed the walkthrough provided in this link
And at step 6, I have tried to create a pod with the volume linked to the keyvault.
But it is not able to access the volume.
kubectl get pods
NAME READY STATUS RESTARTS AGE
busybox-secrets-store-inline 0/1 ContainerCreating 0 27s
csi-csi-secrets-store-provider-azure-2fwqd 1/1 Running 0 45m
csi-secrets-store-csi-driver-d6zjv 3/3 Running 0 45m
kubectl describe pod busybox-secrets-store-inline
Name: busybox-secrets-store-inline
Namespace: default
Priority: 0
Node: aks-agentpool-22716505-vmss000001/10.240.0.5
Start Time: Mon, 26 Jul 2021 21:45:02 +0530
Labels:
Annotations:
Status: Pending
IP:
IPs:
Containers:
busybox:
Container ID:
Image: k8s.gcr.io/e2e-test-images/busybox:1.29
Image ID:
Port:
Host Port:
Command:
/bin/sleep
10000
State: Waiting
Reason: ContainerCreating
Ready: False
Restart Count: 0
Environment:
Mounts:
/mnt/secrets-store from secrets-store-inline (ro)
/var/run/secrets/kubernetes.io/serviceaccount from default-token-g7shm (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
secrets-store-inline:
Type: CSI (a Container Storage Interface (CSI) volume source)
Driver: secrets-store.csi.k8s.io
FSType:
ReadOnly: true
VolumeAttributes: secretProviderClass=azure-kvname
default-token-g7shm:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-g7shm
Optional: false
QoS Class: BestEffort
Node-Selectors:
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
Normal Scheduled 3m50s default-scheduler Successfully assigned default/busybox-secrets-store-inline to aks-agentpool-22716505-vmss000001
Warning FailedMount 110s kubelet MountVolume.SetUp failed for volume "secrets-store-inline" : rpc error: code = DeadlineExceeded desc = context deadline exceeded
Warning FailedMount 107s kubelet Unable to attach or mount volumes: unmounted volumes=[secrets-store-inline], unattached volumes=[secrets-store-inline default-token-g7shm]: timed out waiting for the condition
How to fix this?
I have followed the walkthrough provided in this link
And at step 6, I have tried to create a pod with the volume linked to the keyvault.
But it is not able to access the volume.
kubectl get pods NAME READY STATUS RESTARTS AGE busybox-secrets-store-inline 0/1 ContainerCreating 0 27s csi-csi-secrets-store-provider-azure-2fwqd 1/1 Running 0 45m csi-secrets-store-csi-driver-d6zjv 3/3 Running 0 45m
kubectl describe pod busybox-secrets-store-inline Name: busybox-secrets-store-inline Namespace: default Priority: 0 Node: aks-agentpool-22716505-vmss000001/10.240.0.5 Start Time: Mon, 26 Jul 2021 21:45:02 +0530 Labels:
Annotations:
Status: Pending
IP:
IPs:
Containers:
busybox:
Container ID:
Image: k8s.gcr.io/e2e-test-images/busybox:1.29
Image ID:
Port:
Host Port:
Command:
/bin/sleep
10000
State: Waiting
Reason: ContainerCreating
Ready: False
Restart Count: 0
Environment:
Mounts:
/mnt/secrets-store from secrets-store-inline (ro)
/var/run/secrets/kubernetes.io/serviceaccount from default-token-g7shm (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
secrets-store-inline:
Type: CSI (a Container Storage Interface (CSI) volume source)
Driver: secrets-store.csi.k8s.io
FSType:
ReadOnly: true
VolumeAttributes: secretProviderClass=azure-kvname
default-token-g7shm:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-g7shm
Optional: false
QoS Class: BestEffort
Node-Selectors:
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
Normal Scheduled 3m50s default-scheduler Successfully assigned default/busybox-secrets-store-inline to aks-agentpool-22716505-vmss000001 Warning FailedMount 110s kubelet MountVolume.SetUp failed for volume "secrets-store-inline" : rpc error: code = DeadlineExceeded desc = context deadline exceeded Warning FailedMount 107s kubelet Unable to attach or mount volumes: unmounted volumes=[secrets-store-inline], unattached volumes=[secrets-store-inline default-token-g7shm]: timed out waiting for the condition How to fix this?