在Azure中创建Kubernetes集群失败
[英]Creating a Kubernetes cluster in Azure fails
问题描述
I'm having a problem going through the step in the Quickstart for Azure Kubernetes cluster for Linux . 
在针对Linux的Azure Kubernetes群集快速入门中,我遇到了问题。
The following command creates a resource group successfully: $> az group create --name myResourceGroup --location eastus 以下命令成功创建了一个资源组:$> az group create --name myResourceGroup --location eastus
However, I get an error when trying to create the Kubernetes cluster: $> az aks create --resource-group myResourceGroup --name myK8sCluster --node-count 1 --generate-ssh-keys 但是,尝试创建Kubernetes集群时出现错误:$> az aks create --resource-group myResourceGroup --name myK8sCluster --node-count 1 --generate-ssh-keys
The error returned is: 返回的错误是:
"Operation failed with status: 'Bad Request'. Details: Service principal clientID: b986e403-1baa-4e97-8fea-e0a411516c61 not found in Active Directory tenant fee04516-9fb0-4e3e-a906-0b8d8bb493d6, Please see https://aka.ms/acs-sp-help for more details". “操作失败,状态:'错误请求'。详细信息:在Active Directory租户费用04516-9fb0-4e3e-a906-0b8d8bb493d6中找不到服务主体客户端ID:b986e403-1baa-4e97-8fea-e0a411516c61,请参阅https:// aka。 ms / acs-sp-help以获得更多详细信息”。
Any thoughts on what the problem is? 有什么问题的想法吗?
Thanks, Cameron. 谢谢,卡梅隆。
3 个解决方案
解决方案1
1 2017-11-27 18:07:59
yes you cannot create kubernete cluster in azure without app registration in AD, for that u need to create role,serviceprincipal,application in AD tenant and it should be on same region. 是的,如果没有在AD中注册应用程序,就无法在Azure中创建kubernete集群,因为您需要在AD租户中创建角色,服务主体,应用程序,并且该应用程序应该位于同一区域。 follow these 2 links to create serviceprincipal either from cli or portal. 按照以下2个链接从cli或门户网站创建serviceprincipal。 https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal https://docs.microsoft.com/en-us/azure/container-service/kubernetes/container-service-kubernetes-service-principal https://docs.microsoft.com/zh-CN/azure/azure-resource-manager/resource-group-create-service-principal-portal https://docs.microsoft.com/zh-CN/azure/container -service / kubernetes /容器服务kubernetes服务校长
解决方案2
1 2017-11-28 18:42:05
Thanks for the feedback. 感谢您的反馈。 I managed to resolve the issue by deleting my .azure folder and retrying. 我设法通过删除.azure文件夹并重试来解决此问题。
解决方案3
0 2017-11-28 02:03:26
According to your error message, please do the follow steps to re-create AKS: 根据您的错误消息,请执行以下步骤来重新创建AKS:
1.Check ${HOME}/.azure/.azure/acsServicePrincipal.json , find the service principal: 1.检查${HOME}/.azure/.azure/acsServicePrincipal.json ,找到服务主体:
[root@jasoncli@jasonye .azure]# pwd
/root/.azure
[root@jasoncli@jasonye .azure]# ls
accessTokens.json acsServicePrincipal.json az.json az.sess azureProfile.json clouds.config config
[root@jasoncli@jasonye .azure]# cat acsServicePrincipal.json
{"5384xxxx-xxx-xxxx-xxxx-xxxxe29axxxx": {"client_secret": "6fc7cdff5eaf0axxxx8f", "service_principal": "6b73deca-xxxx-4a6d-ab54-73963cb78059"}}
2.Use this command to check your Service Principal, make sure the service principal exist or not: 2.使用此命令检查您的服务主体,确保服务主体存在或不存在:
az ad sp show --id <service_principal>
If the service principal not exist , we can follow this article to create it. 如果服务主体不存在 ,我们可以按照本文进行创建。
If the service principal exist , we can follow specify the service principal and --client-secret to create AKS, like this: 如果服务主体存在 ,我们可以按照以下步骤指定服务主体和--client-secret来创建AKS,如下所示:
az aks create -g <resource_group>-n <aks name> --node-count 1 --service-principal <service_principal> --client-secret <client_secret> ----generate-ssh-key
Hope this helps. 希望这可以帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.