gossion

It would have different error msg if it is permission issue, like: ``` time="2021-04-02T07:06:59Z" level=error msg="failed to retrive active container groups list" error="api call to https://management.azure.com/subscriptions/.../resourceGroups/.../providers/Microsoft.ContainerInstance/containerGroups?api-version=2018-10-01: got HTTP response status...

it is the 'kube-apiserver' pods managed by AKS. Inside of your virtual-kubelet-virtual-kubelet-aci-for-aks pod, it tried to resources (pods, secrets, nodes, etc) from the apiserver but it failed. It is hard...

if you mean SP expiration, how about using managedidentity? https://github.com/virtual-kubelet/azure-aci/blob/v1.3.5/helm/templates/deployment.yaml#L50 if you mean cert auto rotate, we don't have a plan yet.