MountVolume.SetUp failed for volume "azure-kv"

[snpdev]

Almost done with my RPSLS deployment. One more open issue (hopefully).

The rpsls-game-game-api deployment pods fail with the following message (masked with X's):

Warning  FailedMount  40s (x7 over 74s)  kubelet, aks-agentpool-96345064-0  MountVolume.SetUp failed for volume "azure-kv" : mount command failed, status: Failure, reason: /etc/kubernetes/volumeplugins/azure~kv/azurekeyvault-flexvolume failed, Access denied. Caller was not found on any access policy. r nCaller: appid=6e2584bf-XXXXXXXXXXXXXXXX;oid=087127d7-XXXXXXXXXXXXXX;numgroups=0;iss=https://sts.windows.net/XXXXXXXXXXXXXXX/ r nVault: rpslskvXXXXXXXXXXX;location=eastus InnerError={code:AccessDenied}

The secret game-api-kv is in place and in Azure Portal I see my cosmos-constr secret and an Access policy for my service principal. The appid is correct. I'll poke around some more over the weekend, but if anyone has a troubleshooting suggestion, please reply. Thanks

[snpdev]

I took the easy way out and re-deployed my images without the key vault requirement. The application is working now :smile:

My steps to backtrack:

1. Delete deployments kubectl delete --all deploy --namespace=default

2. Delete services kubectl delete --all srv --namespace=default

3. Redeploy images .\Deploy-Images-Aks.ps1 -resourceGroup $resourceGroup -aksName $myAks -acrName $myAcr -valuesFile $myvaluesFile -kvDeploy 0 -tag 'v1'