I am following the article mentioned below for creating dynamic persistent volume claims.
https://docs.microsoft.com/en-us/azure/aks/azure-disks-dynamic-pv
I created a Persistent volume claim using :
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: taskmanager-01
spec:
accessModes:
- ReadWriteOnce
storageClassName: managed-premium
resources:
requests:
storage: 16GiFrom what I understand, the Persistent Volume and the actual underlying disk will be provisioned when this is created.
Is this correct ?
kubectl get pvc -n <namespace>returns me the status of my PVC as Pending. I get the following errors in the kubernetes event list
Failed to provision volume with StorageClass "managed-premium":
azure.BearerAuthorizer#WithAuthorization:
Failed to refresh the Token for request to
https://management.azure.com/subscriptions/xxxx/resourceGroups/MC_XXXX/providers/Microsoft.Compute/disks/kubernetes-dynamic-pvc-651cef89-49ae-11e9-8104-0a58ac1f222a?api-version=2016-04-30-preview:
StatusCode=401
Original Error: adal: Refresh request failed. Status Code = '401'.
{
"error": "invalid_client",
"error_description": "AADSTS7000215: Invalid client secret is provided.\r\n
Trace ID: xxxx\r\nCorrelation ID: xxxxr\nTimestamp: 2019-03-18 18:49:42Z",
"error_codes": [
7000215
],
"timestamp": "2019-03-18 18:49:42Z",
"trace_id": "xxxx",
"correlation_id": "xxxx"
}
one way to check that would be to find that information from the AKS resource (under servicePrincipalProfile >> clientId. using say az aks list -g %resource-group%) and check if it has permissions to the resource group. if it does, you can try rotating the secret to a new one
https://docs.microsoft.com/en-us/azure/aks/update-credentials