flexibel mysql wont deploy

Question

when i try to deploy a felxible mysql server on azure it gives me the same fault everytime.

The resource write operation failed to complete successfully, because it reached terminal provisioning state 'Failed'. (Code: ResourceDeploymentFailure, Target: /subscriptions/13a64835-badf-442d-a6a2-ec286c34a18b/resourceGroups/TuneBridge-rg/providers/Microsoft.DBforMySQL/flexibleServers/tunebridge-mysql)

{
    "status": "Failed",
    "error": {
        "code": "AzureKeyVaultKeyNotFound",
        "message": "Could not find Azure Key Vault Key with key name 'https://tunebrigde-keyvault.vault.azure.net/keys/tunebridge-mysql/-----------------------------'."
    }
}

It says the key vault key is not found. but i selected the only key available. there is only one specialy for mysql.

I also had to select a managed identity. I've done that as well.

Just normally took de steps from the setup wizard to make the server, but i returns this fault everytime.

How can I deploy a mysql server on azure succesfully? or how can I solve this?

Answer 1

Hi Diangelo Emerencia,

Thanks for reaching out to Microsoft Q&A.

The error you're encountering is related to the Key Vault, specifically the Key Vault key used for encryption during the MySQL flexible server provisioning. The message indicates that the key cannot be found, even though you've selected the only available key.

Here are some steps to troubleshoot and resolve this issue:

1. Verify Key Vault Permissions: Ensure that the MI assigned to the MySQL Flexible Server has sufficient permissions to access the Key Vault. Specifically, the identity must have the Key Permissions of Get, Wrap Key, and Unwrap Key to use the encryption key. You can verify this by navigating to the Key Vault's Access Policies and checking the assigned permissions.

Check Key Name and Version: In your YAML error, the key version might be missing or incorrect. Confirm that the key name and version specified are accurate. If there’s only one version available, ensure it's properly referenced. You can try generating a new key version in the Key Vault to eliminate any issues with the current one.

Key Vault Network Restrictions: If your Key Vault has network restrictions (e.g., private endpoints or firewall rules), ensure that the MySQL Flexible Server is allowed access. You can temporarily disable network restrictions on the Key Vault for testing purposes.

1. Managed Identity Setup: Confirm that the MI was assigned correctly. You can remove and reassign the Managed Identity for the MySQL Server to ensure it is properly linked.
2. Correct Key URI Format: The key URI format in your YAML should be correct. It usually looks like:

      
      https://<keyvault-name>.vault.azure.net/keys/<key-name>/<key-version>
   

   Double-check the URI in your setup for typos or missing information, especially in the key-version. Azure Portal Deployment: Try deploying the MySQL Flexible Server directly from the Azure Portal using the same settings. This could help identify if there’s an issue with your YAML configuration.
3. Error Logging: Review the deployment logs in Azure for more detailed information. Navigate to the Resource Group > Deployments and check the failure details to understand what might have gone wrong.

After performing these steps, attempt the deployment again. Let me know if you encounter further issues...

Please feel free to click the 'Upvote' (Thumbs-up) button and 'Accept as Answer'. This helps the community by allowing others with similar queries to easily find the solution.