Creating a Kubernetes cluster in Azure fails

2
votes

I'm having a problem going through the step in the Quickstart for Azure Kubernetes cluster for Linux.

The following command creates a resource group successfully: $> az group create --name myResourceGroup --location eastus

However, I get an error when trying to create the Kubernetes cluster: $> az aks create --resource-group myResourceGroup --name myK8sCluster --node-count 1 --generate-ssh-keys

The error returned is:

"Operation failed with status: 'Bad Request'. Details: Service principal clientID: b986e403-1baa-4e97-8fea-e0a411516c61 not found in Active Directory tenant fee04516-9fb0-4e3e-a906-0b8d8bb493d6, Please see https://aka.ms/acs-sp-help for more details".

Any thoughts on what the problem is?

Thanks, Cameron.

3
azurekubernetesazure-container-service

3 Answers

1
votes

yes you cannot create kubernete cluster in azure without app registration in AD, for that u need to create role,serviceprincipal,application in AD tenant and it should be on same region. follow these 2 links to create serviceprincipal either from cli or portal. https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal https://docs.microsoft.com/en-us/azure/container-service/kubernetes/container-service-kubernetes-service-principal

1
votes

Thanks for the feedback. I managed to resolve the issue by deleting my .azure folder and retrying.

0
votes

According to your error message, please do the follow steps to re-create AKS:

1.Check ${HOME}/.azure/.azure/acsServicePrincipal.json, find the service principal:

[root@jasoncli@jasonye .azure]# pwd
/root/.azure
[root@jasoncli@jasonye .azure]# ls
accessTokens.json  acsServicePrincipal.json  az.json  az.sess  azureProfile.json  clouds.config  config
[root@jasoncli@jasonye .azure]# cat acsServicePrincipal.json
{"5384xxxx-xxx-xxxx-xxxx-xxxxe29axxxx": {"client_secret": "6fc7cdff5eaf0axxxx8f", "service_principal": "6b73deca-xxxx-4a6d-ab54-73963cb78059"}}

2.Use this command to check your Service Principal, make sure the service principal exist or not:

az ad sp show --id <service_principal>

If the service principal not exist, we can follow this article to create it.

If the service principal exist, we can follow specify the service principal and --client-secret to create AKS, like this:

az aks create -g <resource_group>-n <aks name> --node-count 1 --service-principal <service_principal> --client-secret <client_secret> ----generate-ssh-key

Hope this helps.