Closed samisq closed 5 years ago
confirm that I have exactly the same, some logs with just newest kv-flexvolume driver:
Warning FailedMount 22m kubelet, aks-agentpool-13285615-1 MountVolume.SetUp failed for volume "secrets" : mount command failed, status: Failure, reason: /etc/kubernetes/volumeplugins/azure~kv/azurekeyvault-flexvolume failed, F0213 12:28:30.938610 19232 main.go:80] [error] : failed to get keyvaultClient: failed to get key vault token: nmi response failed withstatus code: 403
NMI:
time="2019-02-13T12:41:28Z" level=error msg="failed to get service principal token for pod:m****y/vault-excited-liger-54769476f6-tztlk, adal: Refresh request failed. Status Code = '400'. Response body: {\"error\":\"invalid_request\",\"error_description\":\"Identity not found\"}" req.method=GET req.path=/host/token/ req.remote=127.0.0.1
might be problem with ADAL/AD ?
duplicate of #67
closed via #94
When deploying/restarting a pod with
keyvault flex-volume
, volume mounting fails multiple times with 403, but it eventually succeeds after a few retries. Is that an expected behavior? Is there way to mitigate it and avoid this error?Error details:
NMI logs: