Reputation: 552
Not able to create AKS with role assignment write for subnet and ACR registry in Azure Cloud
I am trying to create Azure Kubernetes Service (AKS) with earlier created virtual network (VN) and container registry (ACR).
I am facing below errors.
My user id does not have sufficient permissions to perform this action. Only with basic network settings and no ACR binding, I can create AKS cluster. Which role, at Active Directory (AD) level and at subscription level, should my user id be having to create this AKS service?
Upvotes: 0
Views: 3420
Answers (1)
Reputation: 72191
You don't need any permissions on Azure AD level for this to work, but you need Microsoft.Authorization/roleAssignments/write permissions on the adequate scopes to be able to assign permissions. A built-in role of Owner grants that. Otherwise - create a custom role and assign that to your user.
Upvotes: 1
Related Questions
- Unable to create Azure AKS Cluster using existing VNET and Subnets
- Error while provisioning Terraform subnet using azurerm
- Azure RBAC and AKS not working as expected
- error: getting assigned identities for pod in CREATED state failed - AKS AAD-Pod identity
- Creating AKS cluster with Managed Identity to give it access to a subnet - Error: authorization.RoleAssignmentsClient
- Failed to create a service principal. You can use an existing service principal or try again later
- Cannot create Azure AKS cluster: CreateRoleAssignmentError
- Cannot create AKS in azure with command "az aks create"
- Error when creating AKS cluster using a reference for the subnet ID
- Could not create a service principal with the right permissions