[英]Terraform: Error when creating azure kubernetes service with local_account_disabled=true
尝试用Terraform创建AKS时出现错误。创建了AKS,但最后还是报错,很难看。
│ Error: retrieving Access Profile for Cluster: (Managed Cluster Name
"aks-1" / Resource Group "pengine-aks-rg"):
containerservice.ManagedClustersClient#GetAccessProfile: Failure responding to request:
StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400
Code="BadRequest" Message="Getting static credential is not allowed because this cluster
is set to disable local accounts."
这是我的 terraform 代码:
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "=2.96.0"
}
}
}
resource "azurerm_resource_group" "aks-rg" {
name = "aks-rg"
location = "West Europe"
}
resource "azurerm_kubernetes_cluster" "aks-1" {
name = "aks-1"
location = azurerm_resource_group.aks-rg.location
resource_group_name = azurerm_resource_group.aks-rg.name
dns_prefix = "aks1"
local_account_disabled = "true"
default_node_pool {
name = "nodepool1"
node_count = 3
vm_size = "Standard_D2_v2"
}
identity {
type = "SystemAssigned"
}
tags = {
Environment = "Test"
}
}
这是 Terraform 错误吗? 我可以避免错误吗?
如果禁用本地帐户,则需要激活 AKS 管理的 Azure Active Directory 集成,因为您没有更多本地帐户可以针对 AKS 进行身份验证。
此示例启用 RBAC、Azure AAD 和 Azure RBAC:
resource "azurerm_kubernetes_cluster" "aks-1" {
...
role_based_access_control {
enabled = true
azure_active_directory {
managed = true
tenant_id = data.azurerm_client_config.current.tenant_id
admin_group_object_ids = ["OBJECT_IDS_OF_ADMIN_GROUPS"]
azure_rbac_enabled = true
}
}
}
如果您不想要 AAD 集成,则需要设置local_account_disabled = "false" 。
Azure 服务总线错误:使用 Databricks 创建队列时确保 RequiresSession 设置为 true
[英]Azure Service Bus Error: Ensure RequiresSession is set to true when creating a Queue, with Databricks
terraform - 无法从 Kube.netes 获取服务帐户:serviceaccounts“<name of service account> “ 未找到</name>
[英]terraform - Unable to fetch service account from Kubernetes: serviceaccounts "<name of service account>" not found
Terraform 使用专用端点创建 function 应用程序和存储帐户时出现 403 错误
[英]Terraform 403 error when creating function app and storage account with private endpoint
`Error 403: Insufficient regional quota to satisfy request: resource "SSD_TOTAL_GB"` when creating kube.netes cluster with terraform
[英]`Error 403: Insufficient regional quota to satisfy request: resource "SSD_TOTAL_GB"` when creating kubernetes cluster with terraform
GCP:使用来自本地信用的 python 模拟服务帐户。 IAM 服务帐户凭据 API 已禁用
[英]GCP: Impersonate Service Account with python from local creds. IAM Service Account Credentials API disabled
为 Terraform 服务帐户定义 ClusterRoleBinding
[英]Defining a ClusterRoleBinding for Terraform service account
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.