Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

timed out waiting for the condition #1686

Open
Magister-Machinis opened this issue Nov 20, 2024 · 1 comment
Open

timed out waiting for the condition #1686

Magister-Machinis opened this issue Nov 20, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@Magister-Machinis
Copy link

Hello,
I'm not certain if this is a bug or a misconfiguration. I'm trying to use the secretproviderclass in azure to access a keyvault's contents. When applying a kubernetes yml, everything but the volumemount for the secrets appears to work. The volume instead times out and I get the following warning:

kind: Event
apiVersion: v1
metadata:
  name: -snip-
  namespace: -snip-
  uid: -snip-
  resourceVersion: '76510'
  creationTimestamp: '2024-11-20T16:40:34Z'
  managedFields:
    - manager: csi-secrets-store
      operation: Update
      apiVersion: v1
      time: '2024-11-20T21:52:16Z'
      fieldsType: FieldsV1
      fieldsV1:
        f:count: {}
        f:firstTimestamp: {}
        f:involvedObject: {}
        f:lastTimestamp: {}
        f:message: {}
        f:reason: {}
        f:source:
          f:component: {}
        f:type: {}
involvedObject:
  kind: Pod
  namespace: -snip-
  name: -snip-
  uid: -snip-
  apiVersion: v1
  resourceVersion: '10294622'
reason: FailedToCreateSecret
message: timed out waiting for the condition
source:
  component: csi-secrets-store-controller
firstTimestamp: '2024-11-20T16:40:34Z'
lastTimestamp: '2024-11-20T21:52:16Z'
count: 21
type: Warning
eventTime: null
reportingComponent: ''
reportingInstance: ''

The class in use looks like this:

piVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: -snip-
  namespace: -snip-
spec:
  provider: azure
  parameters:
    usePodIdentity: "false"
    useVMManagedIdentity: "true"         
    userAssignedIdentityID: -snip-
    keyvaultName: -snip-
    objects:  |
      array: 
        - |
          objectName: -snip-
          objectType: secret
    tenantId: -snip-
  secretObjects:
  - secretName: -snip-
    data:
    - key: -snip-
      objectName: -snip-
    type: Opaque

The managed identity has the roles and access to the relevant nodes and the keyvault that it needs as best as I can tell, but this is a rather new thing to me (as you can probably tell).

Any advice on what I could've done wrong or what else I can try to check would be greatly appreciated.

Environment:

  • Kubernetes version: (use kubectl version and kubectl get nodes -o wide): 1.3
  • Cluster type: aks
  • below is to my best knowledge, the fellow who configured this is sick currently.
  • Installation method: (Helm , Deployment yamls, AKS managed add-on): aks managed add-on
  • Secrets Store CSI Driver version: (use the image tag): should be newest available
  • Azure Key Vault provider version: (use the image tag): should be newest available
@Magister-Machinis Magister-Machinis added the bug Something isn't working label Nov 20, 2024
@Magister-Machinis
Copy link
Author

Does anyone know an answer to this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Magister-Machinis