Containers in AKS cannot access Azure resources (Failed to resolve URL)

Han Shih 施學翰 146 Reputation points
2023-11-12T14:13:42.2133333+00:00

I have an API server (Python Flask) hosted on AKS. When the service starts, it:

  1. Access Azure key-vault to get storage account connection string
  2. use the connection string to perform CRUD jobs on Azure storage account

PS. The whole system consists of `ingress(clusterIP & loadbalancer)`, `service (clusterIP)`, and my `flask API`

Then I deploy it to AKS, which works fine (except that the CPU usage is usually > 100%). Two days later, I noticed that the server started restarting over and over again.

The error message looks like this:
`` `azure.core.exceptions.ServiceRequestError:

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,159 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,820 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,931 questions
{count} votes

1 answer

Sort by: Most helpful
  1. vipullag-MSFT 25,441 Reputation points
    2024-02-12T06:25:40.1933333+00:00

    Hello Han Shih 施學翰

    Based on the error message you provided, it seems like there is an issue with the connection between your Flask API and the Azure Key Vault. The error message indicates that the API is unable to make a request to the Key Vault service.

    Here are some steps you can take to troubleshoot this issue:

    -Check if the Azure Key Vault is up and running.

    -Check if the Flask API is able to connect to the Azure Key Vault. You can do this by running a simple Python script that uses the Azure Key Vault SDK to retrieve a secret from the Key Vault. If the script is able to retrieve the secret, then the issue may be with your Flask API code.

    -Check if the Flask API is using the correct credentials to authenticate with the Azure Key Vault. You can do this by checking the access policies for the Key Vault and ensuring that the Flask API has the necessary permissions to access the Key Vault.

    -Check if there are any network issues that may be preventing the Flask API from connecting to the Azure Key Vault. You can do this by checking the network configuration for your AKS cluster and ensuring that the necessary ports are open.

    -Check if there are any issues with the Azure Storage Account that your Flask API is trying to access. You can do this by checking the status of the Storage Account service in the Azure portal and ensuring that the Flask API has the necessary permissions to access the Storage Account.

    Hope this helps resolve your issue.

    0 comments No comments