[英]Terraform: Error when creating azure kubernetes service with local_account_disabled=true
嘗試用Terraform創建AKS時出現錯誤。創建了AKS,但最后還是報錯,很難看。
│ Error: retrieving Access Profile for Cluster: (Managed Cluster Name
"aks-1" / Resource Group "pengine-aks-rg"):
containerservice.ManagedClustersClient#GetAccessProfile: Failure responding to request:
StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400
Code="BadRequest" Message="Getting static credential is not allowed because this cluster
is set to disable local accounts."
這是我的 terraform 代碼:
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "=2.96.0"
}
}
}
resource "azurerm_resource_group" "aks-rg" {
name = "aks-rg"
location = "West Europe"
}
resource "azurerm_kubernetes_cluster" "aks-1" {
name = "aks-1"
location = azurerm_resource_group.aks-rg.location
resource_group_name = azurerm_resource_group.aks-rg.name
dns_prefix = "aks1"
local_account_disabled = "true"
default_node_pool {
name = "nodepool1"
node_count = 3
vm_size = "Standard_D2_v2"
}
identity {
type = "SystemAssigned"
}
tags = {
Environment = "Test"
}
}
這是 Terraform 錯誤嗎? 我可以避免錯誤嗎?
如果禁用本地帳戶,則需要激活 AKS 管理的 Azure Active Directory 集成,因為您沒有更多本地帳戶可以針對 AKS 進行身份驗證。
此示例啟用 RBAC、Azure AAD 和 Azure RBAC:
resource "azurerm_kubernetes_cluster" "aks-1" {
...
role_based_access_control {
enabled = true
azure_active_directory {
managed = true
tenant_id = data.azurerm_client_config.current.tenant_id
admin_group_object_ids = ["OBJECT_IDS_OF_ADMIN_GROUPS"]
azure_rbac_enabled = true
}
}
}
如果您不想要 AAD 集成,則需要設置local_account_disabled = "false" 。
Azure 服務總線錯誤:使用 Databricks 創建隊列時確保 RequiresSession 設置為 true
[英]Azure Service Bus Error: Ensure RequiresSession is set to true when creating a Queue, with Databricks
terraform - 無法從 Kube.netes 獲取服務帳戶:serviceaccounts“<name of service account> “ 未找到</name>
[英]terraform - Unable to fetch service account from Kubernetes: serviceaccounts "<name of service account>" not found
Terraform 使用專用端點創建 function 應用程序和存儲帳戶時出現 403 錯誤
[英]Terraform 403 error when creating function app and storage account with private endpoint
`Error 403: Insufficient regional quota to satisfy request: resource "SSD_TOTAL_GB"` when creating kube.netes cluster with terraform
[英]`Error 403: Insufficient regional quota to satisfy request: resource "SSD_TOTAL_GB"` when creating kubernetes cluster with terraform
GCP:使用來自本地信用的 python 模擬服務帳戶。 IAM 服務帳戶憑據 API 已禁用
[英]GCP: Impersonate Service Account with python from local creds. IAM Service Account Credentials API disabled
為 Terraform 服務帳戶定義 ClusterRoleBinding
[英]Defining a ClusterRoleBinding for Terraform service account
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.