Failed to read secret from azure key vault

[jsheely]

I am unable to get my pod to inject a secret into environment variable. Logging at the pod logs I get

E0902 16:24:34.678771 1 main.go:334] "failed to read secret from azure key vault" err="keyvault.BaseClient#GetSecret: Failure sending request: StatusCode=0 -- Original Error: context deadline exceeded" azurekeyvaultsecret="akv-test/test"

At first it seemed like my issue was related to https://github.com/SparebankenVest/azure-key-vault-to-kubernetes/issues/232

My AKS is also using the msi principal so I added the <cluster-name>-agentpool to my Key Vault using the object-id to ensure it was the exact right one.

But error persists. Any advice?

[kristeey]

Could this be related? https://github.com/SparebankenVest/azure-key-vault-to-kubernetes/issues/127 The problem indicates problems with outgoing requests that time out.

[theseion]

Could be this one: #219

[paulissoft]

See my comment in #127

[itsivareddy]

I have the same issue " failed to read secret from azure key vault" err="keyvault.BaseClient#GetSecret: Failure sending request: StatusCode=0 -- Original Error: context deadline exceeded" azurekeyvaultsecret="akv-test/secret" " my key vault is name correct and tested different secrets but result is same. any solutions for this?

[gpaulissen]

Did you see my comment above and the issue it refers to? It may have to do with missing ca-certificates.

[cramakan]

I have gone through all above issues I am also getting same error in AKS cluster with managed identity ,I added managed identity in key vault IAM as contributor permission also in access policy added permission as het list buts still no luck ,same is working with another AKS cluster with SPN, but somehow its not working with Managed identity.

[tspearconquest]

Add the managed identity to your VMSS @cramakan if you are not using the one ending with "-agentpool" in the name.