AKS pod in CrashLoop error due to managed identity integration

Chetan Prakash Saraswat 26 Reputation points
2024-11-07T10:07:10.11+00:00

We have an AKS cluster on which one of our Deployments which now uses DefaultAzureCredential class to fetch connection strings stored in Azure Key Vault. We have provide the "System Assigned Managed Identity" contributor access to Key Vault to read the secrets. However the deployment keeps on getting error with "CrashLoopBackoff" error. We think its probably due to some configuration which we are missing for the AKS identity to use the key vault. Live Logs on pod do not show any specific error as to why its happening, as it primarily lists out the below code . Is CSI enabled secret provider the only way to do this. Can we not use our code to fetch key vault secrets using below method??

builder.Configuration.AddAzureKeyVault(new Uri(builder.Configuration["KeyVault:Uri"]), new DefaultAzureCredential());

Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,178 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Deepanshukatara-6769 11,545 Reputation points
    2024-11-07T10:23:25.55+00:00

    Hello Chetan , Welcome to MS Q&A

    Yes, you can use your code to fetch secrets from Azure Key Vault in AKS using the Azure SDK. Here is an example of how you can do this in a .NET application:

    1. Install the necessary NuGet packages:
    2. Configure your application to use Azure Key Vault:
    3. Set up your environment:
    4. Deploy your application to AKS:

    This approach allows your application to directly fetch secrets from Azure Key Vault using the Azure SDK, without relying on the CSI-enabled Secrets Store provider

    Reference:

    https://learn.microsoft.com/en-us/azure/key-vault/secrets/quick-create-net?tabs=azure-cli

    Please let us know if any further questions

    Kindly accept if it helps

    Thanks
    Deepanshu


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.