New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
create private endpoint failure in Azure Government Cloud #826
create private endpoint failure in Azure Government Cloud #826
Comments
could you try remove |
Hey @andyzhangx I was able to get this to work without the networkEndpointType. What I did was manually create a storage account, configure the private endpoint, and DNS zone. Then I created the SC and PVC using the below YAML: Essentially, I manually created the networking components instead of letting the driver do it, and then specified in the parameters the FQDN, the account name, and account resource group. |
this issue is already fixed in master branch, and would be in v1.8.0 release |
What happened:
When applying the following YAML in Azure Gov Cloud storage provisioning fails because the subscription can't be found. Error and YAML below:
Warning ProvisioningFailed 54s (x2 over 86s) file.csi.azure.com_aks-agentpool-38900945-vmss000001_59df1bf5-68fc-415c-94f4-2f6586312c66 failed to provision volume with StorageClass "reposc": rpc error: code = Internal desc = failed to ensure storage account: Failed to create private DNS zone(privatelink.file.core.windows.net) in resourceGroup(MC_repo_group_repo_usgovarizona), error: privatedns.PrivateZonesClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="SubscriptionNotFound" Message="The subscription 'bf714633-d899-4258-ba6a-afa2fd9ab5e9' could not be found."
Below is the azure.json file found for a AKS cluster in gov:
{
"cloud": "AzureUSGovernmentCloud",
"tenantId": "removed",
"subscriptionId": "bf714633-d899-4258-ba6a-afa2fd9ab5e9",
"aadClientId": "msi",
"aadClientSecret": "msi",
"resourceGroup": "MC_repo_group_repo_usgovarizona",
"location": "usgovarizona",
"vmType": "vmss",
"subnetName": "aks-subnet",
"securityGroupName": "aks-agentpool-38900945-nsg",
"vnetName": "aks-vnet-38900945",
"vnetResourceGroup": "",
"routeTableName": "aks-agentpool-38900945-routetable",
"primaryAvailabilitySetName": "",
"primaryScaleSetName": "aks-agentpool-38900945-vmss",
"cloudProviderBackoffMode": "v2",
"cloudProviderBackoff": true,
"cloudProviderBackoffRetries": 6,
"cloudProviderBackoffDuration": 5,
"cloudProviderRateLimit": true,
"cloudProviderRateLimitQPS": 10,
"cloudProviderRateLimitBucket": 100,
"cloudProviderRateLimitQPSWrite": 10,
"cloudProviderRateLimitBucketWrite": 100,
"useManagedIdentityExtension": true,
"userAssignedIdentityID": "removed",
"useInstanceMetadata": true,
"loadBalancerSku": "Standard",
"disableOutboundSNAT": false,
"excludeMasterFromStandardLB": true,
"providerVaultName": "",
"maximumLoadBalancerRuleCount": 250,
"providerKeyName": "k8s",
"providerKeyVersion": ""
}
What you expected to happen:
Expectation is that this driver performs in GOV cloud as it would in Public cloud
How to reproduce it:
Apply below YAML in Azure Gov Cloud:
Describe PVC:
Anything else we need to know?:
The above YAML works in Public cloud as expected. Issues only occur in Gov cloud
I reprod this in two different clusters in Gov cloud
Test 1:
AKS cluster was 1.20.9 and I installed the latest driver version via helm
Test 2:
AKS cluster was 1.21.2
Environment:
kubectl version
): 1.20.9 and 1.21.2uname -a
): Linux aks-agentpool-38900945-vmss000000 5.4.0-1059-azure integrate e2e test with kubernetes/test-infra #62~18.04.1-Ubuntu SMP Tue Sep 14 17:53:18 UTC 2021 x86_64 x86_64 x86_64 GNU/LinuxThe text was updated successfully, but these errors were encountered: