时间戳

首页 > 解决方案 > 通过 az cli 脚本错误创建具有托管标识并与 acr 关联的 AKS 群集

azure - 通过 az cli 脚本错误创建具有托管标识并与 acr 关联的 AKS 群集

问题描述

我是 power-shell 脚本的新手,我尝试在下面运行脚本,该脚本将创建一个 AKS 集群,其中托管标识也与 ACR 关联。但它在“托管身份”行出现错误。.

Param(
    [parameter(Mandatory = $false)]
    [string]$subscriptionName = "azure-subcription",
    [parameter(Mandatory = $false)]
    [string]$resourceGroupName = "demoRG",
    [parameter(Mandatory = $false)]
    [string]$resourceGroupLocaltion = "East US 2",
    [parameter(Mandatory = $false)]
    [string]$clusterName = "nginxCluster",
    [parameter(Mandatory = $false)]
    [int16]$workerNodeCount = 3,
    [parameter(Mandatory = $false)]
    [string]$kubernetesVersion = "1.19.3",
    [parameter(Mandatory = $false)]
    [string]$acrRegistryName = "ngAcrRegistrydemo"
)

# Set Azure subscription name
Write-Host "Setting Azure subscription to $subscriptionName"  -ForegroundColor Yellow
az account set --subscription=$subscriptionName

$aksRgExists = az group exists --name $resourceGroupName

Write-Host "$resourceGroupName exists : $aksRgExists"

if ($aksRgExists -eq $false) {

    # Create resource group name
    Write-Host "Creating resource group $resourceGroupName in region $resourceGroupLocaltion" -ForegroundColor Yellow
    az group create `
        --name=$resourceGroupName `
        --location=$resourceGroupLocaltion `
        --output=jsonc
}

$aks = az aks show `
    --name $clusterName `
    --resource-group $resourceGroupName `
    --query name | ConvertFrom-Json

$aksCLusterExists = $aks.Length -gt 0

if ($aksCLusterExists -eq $false) {
    # Create AKS cluster
    Write-Host "Creating AKS cluster $clusterName with resource group $resourceGroupName in region $resourceGroupLocaltion" -ForegroundColor Yellow
    az aks create `
        --resource-group=$resourceGroupName `
        --name=$clusterName `
        --node-count=$workerNodeCount `
        --enable-managed-identity `
        --output=jsonc `
        --kubernetes-version=$kubernetesVersion `
        --aks-custom-headers="CustomizedUbuntu=aks-ubuntu-1804,ContainerRuntime=containerd" `
        --attach-acr=$acrRegistryName 

}
# Get credentials for newly created cluster
Write-Host "Getting credentials for cluster $clusterName" -ForegroundColor Yellow
az aks get-credentials `
    --resource-group=$resourceGroupName `
    --name=$clusterName `
    --overwrite-existing

Write-Host "Successfully created cluster $clusterName with $workerNodeCount node(s)" -ForegroundColor Green

Write-Host "Creating cluster role binding for Kubernetes dashboard" -ForegroundColor Green

# kubectl create clusterrolebinding kubernetes-dashboard `
#     -n kube-system `
#     --clusterrole=cluster-admin `
#     --serviceaccount=kube-system:kubernetes-dashboard

错误消息类似于“ az: error: unrecognized arguments: --enable-managed-identity ”。

请就如何启用也与 AKS 群集关联的托管标识提供帮助或提供建议。

非常感谢,

标签: azurepowershellazure-aks

解决方案

First, there is no parameter --aks-custom-headers of the CLI command az aks create, and the other two-parameter --enable-managed-identity and --attach-acr. You can try it again without the character =, just append the value behind the parameters:

az aks create `
--resource-group $resourceGroupName `
--name $clusterName `
--node-count $workerNodeCount `
--enable-managed-identity `
--kubernetes-version $kubernetesVersion `
--attach-acr $acrRegistryName

You can take a look at the command az aks create. In addition, that's managed identity, not the service principal, so you need to use the command az identity list to get the identity of the AKS in the node group and you can get the node group through CLI command like below:

az aks show -g aksGroup -n aksCluster --query nodeResourceGroup

推荐阅读