yonzhan
commented
4 years ago aks
Open simongdavies opened 5 years ago
yonzhan
commented
4 years ago aks
ghost
commented
2 years ago Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @Azure/aks-pm.
| Author: | simongdavies |
|---|---|
| Assignees: | jnoller |
| Labels: | `Service Attention`, `AKS`, `customer-reported` |
| Milestone: | - |
navba-MSFT
commented
2 years ago @simongdavies Apologies for the late reply. We are looking into this issue. We will update this thread once we have more details.
@azure/aks-pm Could you please provide an update on this issue once you get a chance ?
Describe the bug az aks create fails if cached SPN is deleted, command tries to find the SPN cached in ~/.azure/aksServicePrincipal.json but if this does not exist then the command eventually fails with unable to find Service Principal error
To Reproduce make sure file ~/.azure/aksServicePrincipal.json does not exist or has no SPN for current subscription run: az aks create --resource-group --name location
az aks delete --resource-group --name
az ad sp delete --id
az aks create --resource-group --name location
create fails with Service Principal Not Found. rm ~/.azure/aksServicePrincipal.json allows the command to succeed
no aks create without explicit SPN details will ever succeed for this user on this machine until the file is updated or removed.
This can also cause the following failure:
Deployment failed. Correlation ID: bb6d39e1-4cfe-43c6-8da2-4b7fb90540c1. Service principal clientID: 587e3390-c6bd-41a2-851a-87f0e8177bd3 not found in Active Directory tenant 72f988bf-86f1-41af-91ab-2d7cd011db47, Please see https://aka.ms/aks-sp-help for more details.
This seems to happen if the delete of the sp and the second create are done immediately after each other - presumably AAD is caching some details about the SPN after it has been deleted
Expected behavior Second AKS create should succeed
Environment summary azure-cli 2.0.61 in bash CloudShell