堆栈内存溢出
  简体   繁体   English

Terraform:使用 local_account_disabled=true 创建 azure kube.netes 服务时出错

[英]Terraform: Error when creating azure kubernetes service with local_account_disabled=true

 原文  2022-02-17 10:53:21       terraform/ azure-aks

问题描述

An error occurs when I try to create a AKS with Terraform. The AKS was created but the error still comes at the end, which is ugly.尝试用Terraform创建AKS时出现错误。创建了AKS,但最后还是报错,很难看。

        │ Error: retrieving Access Profile for Cluster: (Managed Cluster Name 
"aks-1" / Resource Group "pengine-aks-rg"): 
    containerservice.ManagedClustersClient#GetAccessProfile: Failure responding to request:
     StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 
    Code="BadRequest" Message="Getting static credential is not allowed because this cluster 
    is set to disable local accounts."

This is my terraform code:这是我的 terraform 代码:

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "=2.96.0"
    }
  }
}

resource "azurerm_resource_group" "aks-rg" {
  name     = "aks-rg"
  location = "West Europe"
}

resource "azurerm_kubernetes_cluster" "aks-1" {
  name                = "aks-1"
  location            = azurerm_resource_group.aks-rg.location
  resource_group_name = azurerm_resource_group.aks-rg.name
  dns_prefix          = "aks1"
  local_account_disabled = "true"

  default_node_pool {
    name       = "nodepool1"
    node_count = 3
    vm_size    = "Standard_D2_v2"
  }

  identity {
    type = "SystemAssigned"
  }

  tags = {
    Environment = "Test"
  }
}

Is this a Terraform bug?这是 Terraform 错误吗? Can I avoid the error?我可以避免错误吗?

1 个解决方案

解决方案1
 3 已采纳  2022-02-17 12:02:00

If you disable local accounts you need to activate AKS-managed Azure Active Directory integration as you have no more local accounts to authenticate against AKS.如果禁用本地帐户,则需要激活 AKS 管理的 Azure Active Directory 集成,因为您没有更多本地帐户可以针对 AKS 进行身份验证。

This example enables RBAC, Azure AAD & Azure RBAC:此示例启用 RBAC、Azure AAD 和 Azure RBAC:

resource "azurerm_kubernetes_cluster" "aks-1" {
  ... 

  role_based_access_control {
    enabled = true

    azure_active_directory {
      managed                = true
      tenant_id              = data.azurerm_client_config.current.tenant_id
      admin_group_object_ids =  ["OBJECT_IDS_OF_ADMIN_GROUPS"]
      azure_rbac_enabled     = true
    }
  }
}

If you dont want AAD integration you need set local_account_disabled = "false" .如果您不想要 AAD 集成,则需要设置local_account_disabled = "false"

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Azure 服务总线错误:使用 Databricks 创建队列时确保 RequiresSession 设置为 true - Azure Service Bus Error: Ensure RequiresSession is set to true when creating a Queue, with Databricks terraform - 无法从 Kube.netes 获取服务帐户:serviceaccounts“<name of service account> “ 未找到</name> - terraform - Unable to fetch service account from Kubernetes: serviceaccounts "<name of service account>" not found Terraform 使用专用端点创建 function 应用程序和存储帐户时出现 403 错误 - Terraform 403 error when creating function app and storage account with private endpoint 使用 Terraform 在 Azure 上创建 Liquid Map 时出错 - Error creating Liquid Map on Azure with Terraform Azure:如何解决创建服务原则时出现的错误? - Azure: How do I fix this Error when Creating Service Principle? `Error 403: Insufficient regional quota to satisfy request: resource "SSD_TOTAL_GB"` when creating kube.netes cluster with terraform - `Error 403: Insufficient regional quota to satisfy request: resource "SSD_TOTAL_GB"` when creating kubernetes cluster with terraform GCP:使用来自本地信用的 python 模拟服务帐户。 IAM 服务帐户凭据 API 已禁用 - GCP: Impersonate Service Account with python from local creds. IAM Service Account Credentials API disabled 为 Terraform 服务帐户定义 ClusterRoleBinding - Defining a ClusterRoleBinding for Terraform service account Terraform 设置 azure 存储帐户 virtual.network - Terraform set azure storage account virtual network 从 PowerShell 创建 Azure 存储帐户时出现错误 - Creating Azure Storage account from PowerShell giving error
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM