With the Azure CLI version 2.0.20 I am suddenly not able to create ACS clusters anymore.
The resource group testrg has been created with:
az group create -l westus -n testrg
Both az aks and acs fail. Commands used:
az aks create -n test-k8s-stg -g testrg
az acs create --orchestrator-type=kubernetes --resource-group testrg --name=test-nix-stg --admin-username test-admin --admin-password TestPassword --generate-ssh-keys
Both fail with error:
Insufficient privileges to complete the operation.
Traceback (most recent call last):
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\main.py", line 36, in main
cmd_result = APPLICATION.execute(args)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\core\application.py", line 212, in execute
result = expanded_arg.func(params)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\core\commands\__init__.py", line 377, in __call__
return self.handler(*args, **kwargs)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\core\commands\__init__.py", line 630, in _execute_command
raise client_exception
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\core\commands\__init__.py", line 620, in _execute_command
reraise(*sys.exc_info())
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\six.py", line 693, in reraise
raise value
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\core\commands\__init__.py", line 602, in _execute_command
result = op(client, **kwargs) if client else op(**kwargs)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\command_modules\acs\custom.py", line 516, in acs_create
dns_name_prefix, location, name)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\command_modules\acs\custom.py", line 1372, in _ensure_service_principal
service_principal = _build_service_principal(client, name, url, client_secret)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\command_modules\acs\custom.py", line 319, in _build_service_principal
result = create_application(client.applications, name, url, [url], password=client_secret)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\command_modules\acs\custom.py", line 970, in create_application return client.create(app_create_param)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\graphrbac\operations\applications_operations.py", line 87, in create
raise models.GraphErrorException(self._deserialize, response)
azure.graphrbac.models.graph_error.GraphErrorException: Insufficient privileges to complete the operation.
I am able to create other resources with the CLI, for instance a web app with commands:
az appservice plan create -g testrg-n B1Plan --is-linux
az webapp create --resource-group testrg --name testwebapp -p B1Plan -r "node|8.1"
az acs createandaz aks createwill create a service principal for you if--service-principaland--client-secretare absent. The error message you got is from creating that service principal. I believe it means your AAD account does not have the privilege to do that. – Weinong Wang