Is azureFile volume only works with namespace 'default'?
neerajkr1988 opened this issue · 7 comments
Kubernetes version: 1.19.7
[GitHub](https://github.com/kubernetes/examples/tree/master/staging/volumes/azure_file)apiVersion: v1
data:
azurestorageaccountkey: *******
azurestorageaccountname: *******
kind: Secret
metadata:
name: custom-secret-sa
namespace: custom
type: Opaque
apiVersion: v1
kind: Pod
metadata:
name: azure
namespace: custom
spec:
containers:
- image: kubernetes/pause
name: azure
volumeMounts:- name: azure
mountPath: /mnt/azure
volumes: - name: azure
azureFile:
secretName: custom-secret-sa
shareName: myshare
readOnly: true
- name: azure
##Error: MountVolume.SetUp failed for volume "azure" : Couldn't get secret default/custom-secret-sa
I am trying to create a pod to namespace 'custom', but it fails due to the unavailability of storage account secret to namespace 'default', Am I missing something?
Hi,
After upgrading to v1.19.7 we noted that all azure file mounts in our cluster failed to read secrets from anywhere but the default namespace. I'm not sure if this was intentional but it certainly was unexpected as previously the secret was read from the colocated namespace, which is our preference, rather than default. Looking at https://github.com/kubernetes/examples/blob/master/staging/volumes/azure_file/azure-pv.yaml I can see that a namespace can be defined but we found that this failed validation.
For now the secrets have been moved into the default namespace but any guidance on how we can avoid this would be greatly received.
Many thanks,
Col
I'm seeing exactly the same issue after upgrading to 1.19.7. Regardless of the namespace of the deployment/pod referencing the azurefile resource, it wants the secret to be in the default namespace. Any update on this?
It seems this commit fixes the problem.
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied - After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied - After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closed
You can:
- Mark this issue or PR as fresh with
/remove-lifecycle stale - Mark this issue or PR as rotten with
/lifecycle rotten - Close this issue or PR with
/close - Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied - After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied - After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closed
You can:
- Mark this issue or PR as fresh with
/remove-lifecycle rotten - Close this issue or PR with
/close - Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied - After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied - After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closed
You can:
- Reopen this issue or PR with
/reopen - Mark this issue or PR as fresh with
/remove-lifecycle rotten - Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/close
@k8s-triage-robot: Closing this issue.
In response to this:
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied- After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied- After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closedYou can:
- Reopen this issue or PR with
/reopen- Mark this issue or PR as fresh with
/remove-lifecycle rotten- Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/close
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.