stackoom
  简体   繁体   中英

Creating a Kubernetes cluster in Azure fails

 原文  2017-11-27 16:52:06       azure/ kubernetes/ azure-container-service

Question

I'm having a problem going through the step in the Quickstart for Azure Kubernetes cluster for Linux .

The following command creates a resource group successfully: $> az group create --name myResourceGroup --location eastus

However, I get an error when trying to create the Kubernetes cluster: $> az aks create --resource-group myResourceGroup --name myK8sCluster --node-count 1 --generate-ssh-keys

The error returned is:

"Operation failed with status: 'Bad Request'. Details: Service principal clientID: b986e403-1baa-4e97-8fea-e0a411516c61 not found in Active Directory tenant fee04516-9fb0-4e3e-a906-0b8d8bb493d6, Please see https://aka.ms/acs-sp-help for more details".

Any thoughts on what the problem is?

Thanks, Cameron.

3 answers

solution1
 1  2017-11-27 18:07:59

yes you cannot create kubernete cluster in azure without app registration in AD, for that u need to create role,serviceprincipal,application in AD tenant and it should be on same region. follow these 2 links to create serviceprincipal either from cli or portal. https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal https://docs.microsoft.com/en-us/azure/container-service/kubernetes/container-service-kubernetes-service-principal

solution2
 1  2017-11-28 18:42:05

Thanks for the feedback. I managed to resolve the issue by deleting my .azure folder and retrying.

solution3
 0  2017-11-28 02:03:26

According to your error message, please do the follow steps to re-create AKS:

1.Check ${HOME}/.azure/.azure/acsServicePrincipal.json , find the service principal: 

[root@jasoncli@jasonye .azure]# pwd
/root/.azure
[root@jasoncli@jasonye .azure]# ls
accessTokens.json  acsServicePrincipal.json  az.json  az.sess  azureProfile.json  clouds.config  config
[root@jasoncli@jasonye .azure]# cat acsServicePrincipal.json
{"5384xxxx-xxx-xxxx-xxxx-xxxxe29axxxx": {"client_secret": "6fc7cdff5eaf0axxxx8f", "service_principal": "6b73deca-xxxx-4a6d-ab54-73963cb78059"}}

2.Use this command to check your Service Principal, make sure the service principal exist or not: 

az ad sp show --id <service_principal>

If the service principal not exist , we can follow this article to create it.

If the service principal exist , we can follow specify the service principal and --client-secret to create AKS, like this: 

az aks create -g <resource_group>-n <aks name> --node-count 1 --service-principal <service_principal> --client-secret <client_secret> ----generate-ssh-key

Hope this helps.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Getting the error ControlPlaneProvisioningInternalError while creating the kubernetes cluster in Azure How to automatically authenticate against the kubernetes cluster after creating it with terraform in Azure? Error when creating Kubernetes cluster on Azure - error: "code": "PropertyChangeNotAllowed" Configure Kubernetes for an Azure cluster Planning Kubernetes-Cluster on Azure Vertical scaling of azure kubernetes cluster Redis sharded cluster on Azure Kubernetes Kubernetes fails to create loadbalancer on azure How to get kubernetes credentials for new Azure cluster? How to connect a Vagrant Kubernetes cluster to Azure DevOps
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM