2

I'm having a problem going through the step in the Quickstart for Azure Kubernetes cluster for Linux.

The following command creates a resource group successfully: $> az group create --name myResourceGroup --location eastus

However, I get an error when trying to create the Kubernetes cluster: $> az aks create --resource-group myResourceGroup --name myK8sCluster --node-count 1 --generate-ssh-keys

The error returned is:

"Operation failed with status: 'Bad Request'. Details: Service principal clientID: b986e403-1baa-4e97-8fea-e0a411516c61 not found in Active Directory tenant fee04516-9fb0-4e3e-a906-0b8d8bb493d6, Please see https://aka.ms/acs-sp-help for more details".

Any thoughts on what the problem is?

Thanks, Cameron.

Improve this question

3 Answers 3

Reset to default
1

yes you cannot create kubernete cluster in azure without app registration in AD, for that u need to create role,serviceprincipal,application in AD tenant and it should be on same region. follow these 2 links to create serviceprincipal either from cli or portal. https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal https://learn.microsoft.com/en-us/azure/container-service/kubernetes/container-service-kubernetes-service-principal

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Thanks for the feedback. I managed to resolve the issue by deleting my .azure folder and retrying.

Improve this answer

1 Comment

I just deleted the "aksServicePrincipal.json" file in the .azure folder under the current user.
0

According to your error message, please do the follow steps to re-create AKS:

1.Check ${HOME}/.azure/.azure/acsServicePrincipal.json, find the service principal:

[root@jasoncli@jasonye .azure]# pwd /root/.azure [root@jasoncli@jasonye .azure]# ls accessTokens.json acsServicePrincipal.json az.json az.sess azureProfile.json clouds.config config [root@jasoncli@jasonye .azure]# cat acsServicePrincipal.json {"5384xxxx-xxx-xxxx-xxxx-xxxxe29axxxx": {"client_secret": "6fc7cdff5eaf0axxxx8f", "service_principal": "6b73deca-xxxx-4a6d-ab54-73963cb78059"}}

2.Use this command to check your Service Principal, make sure the service principal exist or not:

az ad sp show --id <service_principal>

If the service principal not exist, we can follow this article to create it.

If the service principal exist, we can follow specify the service principal and --client-secret to create AKS, like this:

az aks create -g <resource_group>-n <aks name> --node-count 1 --service-principal <service_principal> --client-secret <client_secret> ----generate-ssh-key

Hope this helps.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.