rpc error: code = Unknown desc = no storage account access key with key

[ptpaq]

What steps did you take and what happened: I am relatively new to Velero. I am working on configuring my first Velero config. I am using access key method to configure backup location.

"velero backup-location get" command returns Unavailable. I do see successful attempt to perform "GetContainerACL" operation using the account key.

NAME PROVIDER BUCKET/PREFIX PHASE LAST VALIDATED ACCESS MODE DEFAULT default azure velero-xxx-xxx-xxx Unavailable 2024-10-25 08:34:26 +0000 UTC ReadWrite true

"kubectl describe bsl default -n velero" command returns "no storage account access key with key error. I have confirmed that account key vaule is correct.

Name: default Namespace: velero Labels: component=velero Annotations: API Version: velero.io/v1 Kind: BackupStorageLocation Metadata: Creation Timestamp: 2024-10-25T07:41:24Z Generation: 42 Resource Version: 10081020 UID: a8e6e5cb-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Spec: Config: Resource Group: rg-infss-xxxxxxxxxxxxxxx Storage Account: stinfssxxxxxxxxxxxxxxxxxxx Storage Account Key Env Var: 6Exxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx== Subscription Id: 38xxxxxx-xxxx-xxxxx-xxxxx Default: true Object Storage: Bucket: velero-xxxxxxxxxxxxxxxxx Provider: azure Status: Last Validation Time: 2024-10-25T08:21:26Z Message: BackupStorageLocation "default" is unavailable: rpc error: code = Unknown desc = no storage account access key with key 6Exxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx== found in credential Phase: Unavailable Events:

What did you expect to happen:

Backup storage location's PHASE to be available. `

Anything else you would like to add: Storage account is in different subscription. I did provide correct subscription id. Storage account type is StorageV2 with Hierarchical namespace enabled. soft delete enabled

Environment:

• Velero version (use velero version): 1.14.1 (Azure plugin 1.10.1)
• Velero features (use velero client config get features):
• Kubernetes version (use kubectl version):1.30.3
• Kubernetes installer & version:
• Cloud provider or hardware configuration:aks
• OS (e.g. from /etc/os-release):

Vote on this issue!

This is an invitation to the Velero community to vote on issues, you can see the project's top voted issues listed here.
Use the "reaction smiley face" up to the right of this comment to vote.

• :+1: for "I would like to see this bug fixed as soon as possible"
• :-1: for "There are more important bugs to focus on right now"

[ptpaq]

I used this command to install

velero install \ --provider azure \ --plugins velero/velero-plugin-for-microsoft-azure:v1.10.1 \ --bucket $BLOB_CONTAINER \ --secret-file ./credentials-velero.accesskey \ --backup-location-config resourceGroup=$AZURE_BACKUP_RESOURCE_GROUP,storageAccount=$AZURE_STORAGE_ACCOUNT_ID,storageAccountKeyEnvVar=$AZURE_STORAGE_ACCOUNT_ACCESS_KEY,subscriptionId=$AZURE_BACKUP_SUBSCRIPTION_ID \ --use-volume-snapshots=false