K
Q

Is Active Directory access needed in Azure in order to create a Kubernetes Service?

1/29/2020

My company created a subscription within our Azure tenant, and my account has an Owner role within that subscription. I'm trying to create a Kubernetes cluster, but I apparently don't have permissions to create the required service principal as part of the kubernetes creation wizard. I also tried with the az CLI tool and received a similar message:

az ad sp create-for-rbac

which responds with: Directory permission is needed for the current user to register the application. For how to configure, please refer to https://docs.microsoft.com/azure/azure-resource-manager/resource-group-create-service-principal-portal

When I go to the Active Directory page on the portal, I also get an "Access denied" message.

My question is, should the Global Admin for our AZ tenant create the application for me and give me access to use it, or as a subscription Owner should I have access to Azure Active Directory in order to create my own applications and service principals ?

Or is there a way for me to create a Kubernetes cluster without having Active Directory access ?

-- patraulea
active-directory
azure
azure-kubernetes
azureportal
kubernetes

Similar Questions

Getting error while SSH to VM of Azure Kubernetes
Kubectl : Add healthcheck using TCP targetting https, do not terminate SSL on ELB for AWS
Information about CSR (Certificate Signing Request) lifetime?
Jenkins helm installation does not remove plugins

1 Answer

1/29/2020

yes, you need to have a service principle:

To interact with Azure APIs, an AKS cluster requires an Azure Active Directory (AD) service principal. The service principal is needed to dynamically create and manage other Azure resources such as an Azure load balancer or container registry (ACR).

https://docs.microsoft.com/en-us/azure/aks/kubernetes-service-principal

-- silent
Source: StackOverflow