none
Azure Kubernetes Service RRS feed

  • Question

  • I am trying to deploy AKS from Azure portal and I am getting error which says "Timedout fetching service principal". I can not create my own service principal (due to insufficient privileges) so I asked the person holding, global administrator role to create one service principal with all necessary access such as Contributor and Owner roles.

    I am not able to deploy AKS from CLI as well. I states "Directory permission is needed for the current user to register the application. For how to configure, please refer 'https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal'. Original error: Insufficient privileges to complete the operation."


    Any help will be appreciated. 

    Friday, July 19, 2019 11:18 AM

All replies

  • You mentioned that you asked your colleague to create service principal, can you please confirm that service principal was created with necessary access and you tried creating AKS cluster after that?

    If yes, can you please check if the Service Principal in the same Azure AD tenant as the cluster you are looking to create? You can use the command “az account set -subscription ” to ensure you are in the correct subscription/AAD tenant before running the command to create AKS cluster in Azure CLI.

    If you are using Azure portal to create AKS cluster, 

    On the Authentication page, configure the following options:

    • Create a new service principal by leaving the Service Principal field with (new) default service principal. Or you can choose Configure service principal to use an existing one. If you use an existing one, you will need to provide the SPN client ID and secret.
    • Enable the option for Kubernetes role-based access controls (RBAC). This will provide more fine-grained control over access to the Kubernetes resources deployed in your AKS cluster.

    Reference document: https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough-portal

    Friday, July 19, 2019 6:01 PM
    Moderator
  • Hello Karishma,

    The service principal was created with necessary access but I am not able to deploy AKS with that. It gives me an error stating "Service Principal Timed Out".

    Also when I try to create a new service principal by leaving the Service Principal field with (new) default service principal, it says insufficient privileges and errors out.  Then , if I am using existing service principal I am getting timed out issue. 


    Tuesday, July 23, 2019 4:10 AM
  • Thanks for sharing the details. Can you also please check if the Service Principal in the same Azure AD tenant as the cluster you are looking to create?

    Tuesday, July 23, 2019 5:41 AM
    Moderator
  • I checked, both (Service Principal and cluster I'm trying to create ) are in same in Azure AD tenant. 
    Tuesday, July 23, 2019 6:39 AM
  • Thanks for sharing the details. There could be many reasons you are seeing this error. We would need to check the backend and get more details in order to find the issue. Do you have the ability to open a support request? If not, please send an email to AzCommunity@microsoft.com and share your subscription id with a link to this thread. Please include 'ATTN: Karishma' in the email subject. I will enable a one time free support request for you and will be sharing the instructions to open a support request in the email itself.
    Thursday, July 25, 2019 3:36 PM
    Moderator
  • Hi Sakshi,

    I'm getting similar error subscribing to Kubernetes Services both from Dashboard and CLI(PowerShell). Can you please confirm if you could fix this? If yes, please suggest the steps.

    Regards,

    Anik

    Tuesday, July 30, 2019 5:39 PM
  • Issue was with my user permissions. I was able to fix it.

    Thanks,
    Anik

    Tuesday, July 30, 2019 6:40 PM
  • Thanks Anik for sharing the update. Can you please elaborate on exactly what steps you took to resolve the issue? This will help others in the community facing similar issue. Thanks. :)
    Tuesday, July 30, 2019 7:49 PM
    Moderator