Velero deployment error in azure aks

[RAMAIAHGARIVENKAIAH]

Hi Team,
this is venkaiahramaiahgari, Deployed velero in azure aks for taking the backup but getting this error after deployment
thes are the errors shown in logs
time="2022-01-27T04:54:16Z" level=error msg="Error getting backup store for this location" backupLocation=default controller=backup-sync error="rpc error: code = Unknown desc = azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://management.azure.com/subscriptions/99XXXXXXXXXXXXXXXXXXfe/resourceGroups/XXXXX/providers/Microsoft.Storage/storageAccounts/XXXXXX/listKeys?%24expand=kerb&api-version=2019-06-01: StatusCode=400 -- Original Error: adal: Refresh request failed. Status Code = '400'. Response body: {"error":"invalid_request","error_description":"Multiple user assigned identities exist, please specify the clientId / resourceId of the identity in the token request"}" error.file="/go/src/velero-plugin-for-microsoft-azure/velero-plugin-for-microsoft-azure/object_store.go:217" error.function=main.getStorageAccountKey logSource="pkg/controller/backup_sync_controller.go:175".

https://docs.microsoft.com/en-us/azure-stack/aks-hci/backup-workload-cluster
Followed this documentation for installing velero in azure aks

[reasonerjt]

The guide you mentioned is not written by velero's maintainers and I don't think anyone has reviewed it. You may need to check with Microsoft for the accuracy of that guide.

Alternatively, you may try the guide on velero website https://velero.io and follow the README in https://github.com/vmware-tanzu/velero-plugin-for-microsoft-azure

[RAMAIAHGARIVENKAIAH]

already connected with Microsoft support team. they tried to solve but issue is not solved. I need guidance for solving this issue

[tdevout]

Hi everyone,

I'm facing persistent issues when trying to connect a Managed Identity to AKS and Velero. Despite trying several solutions, I'm encountering errors like 404 and 403.

ERROR:

time="2024-09-08T22:13:46Z" level=error msg="Current BackupStorageLocations available/unavailable/unknown: 0/0/1, BackupStorageLocation "default" is unavailable: rpc error: code = Unknown desc = azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://management.azure.com/.../storageAccounts/velero/listKeys?%24expand=kerb&api-version=2019-06-01: StatusCode=404 -- Original Error: adal: Refresh request failed. Status Code = '404'. Response body: clientID in request: REDACTED, getting assigned identities for pod velero/velero-7d8f4f5996-ghsfs in CREATED state failed after 16 attempts, retry duration [5]s, error: . Check MIC pod logs for identity assignment errors\n Endpoint http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&client_id=REDACTED&resource=https%3A%2F%2Fmanagement.azure.com%2F"

NOTE: There's no error in MIC pods.

Has anyone successfully resolved this issue? Any guidance or recommended steps to troubleshoot would be greatly appreciated!

Thanks in advance!