Could not create a service principal with the right permissions

Question

I'm trying to run command:

az acs create --orchestrator-type kubernetes --resource-group myResourceGroup --agent-count 1 --name  myK8SCluster
--generate-ssh-keys

Which should generate principal and then kubernetes cluster.

But there is error:

Could not create a service principal with the right permissions. Are you an Owner on this project? Deployment failed. Correlation ID: 1e8e87ee-f01e-4394-8356-cc4956b44b5e. {   "error": {
    "code": "BadRequest",
    "message": "The Service Principal in ServicePrincipalProfile could not be validated. Please see https://aka.ms/acs-sp-help for more details. (The client 'ffc0ce03-2ba5-46e7-b0dd-99a7980da24b' with object id 'ffc0ce03-2ba5-46e7-b0dd-99a7980da24b' does not have authorization to perform action 'Microsoft.Authorization/roleAssignments/read' over scope '/subscriptions/b9a29aba-5bcd-45dd-99e5-8971de90d595/resourceGroups/myResourceGroup/providers/Microsoft.Authorization'.)" } }

I have administrator role for my azure account, my directory role is Global Administrator and I'm the only person using this azure account.

I have trying deleting contents of .azure folder to no avail. I'm on Windows 10.

Answer 1

Your login account should has Owner or Contributor role for your subscription.

You could check it on Azure Portal.

Also, you could give sp myK8sCluster Contributor role and check again.