creating AKS cluster with managed identity and associated with an acr by az cli script error

Question

I am new to power-shell scripts and I tried to run below script that will create an AKS-cluster with managed identity also associated with an ACR . But it was giving an error at "managed identity" line..

Param(
    [parameter(Mandatory = $false)]
    [string]$subscriptionName = "azure-subcription",
    [parameter(Mandatory = $false)]
    [string]$resourceGroupName = "demoRG",
    [parameter(Mandatory = $false)]
    [string]$resourceGroupLocaltion = "East US 2",
    [parameter(Mandatory = $false)]
    [string]$clusterName = "nginxCluster",
    [parameter(Mandatory = $false)]
    [int16]$workerNodeCount = 3,
    [parameter(Mandatory = $false)]
    [string]$kubernetesVersion = "1.19.3",
    [parameter(Mandatory = $false)]
    [string]$acrRegistryName = "ngAcrRegistrydemo"
)

# Set Azure subscription name
Write-Host "Setting Azure subscription to $subscriptionName"  -ForegroundColor Yellow
az account set --subscription=$subscriptionName

$aksRgExists = az group exists --name $resourceGroupName

Write-Host "$resourceGroupName exists : $aksRgExists"

if ($aksRgExists -eq $false) {

    # Create resource group name
    Write-Host "Creating resource group $resourceGroupName in region $resourceGroupLocaltion" -ForegroundColor Yellow
    az group create `
        --name=$resourceGroupName `
        --location=$resourceGroupLocaltion `
        --output=jsonc
}

$aks = az aks show `
    --name $clusterName `
    --resource-group $resourceGroupName `
    --query name | ConvertFrom-Json

$aksCLusterExists = $aks.Length -gt 0

if ($aksCLusterExists -eq $false) {
    # Create AKS cluster
    Write-Host "Creating AKS cluster $clusterName with resource group $resourceGroupName in region $resourceGroupLocaltion" -ForegroundColor Yellow
    az aks create `
        --resource-group=$resourceGroupName `
        --name=$clusterName `
        --node-count=$workerNodeCount `
        --enable-managed-identity `
        --output=jsonc `
        --kubernetes-version=$kubernetesVersion `
        --aks-custom-headers="CustomizedUbuntu=aks-ubuntu-1804,ContainerRuntime=containerd" `
        --attach-acr=$acrRegistryName 

}
# Get credentials for newly created cluster
Write-Host "Getting credentials for cluster $clusterName" -ForegroundColor Yellow
az aks get-credentials `
    --resource-group=$resourceGroupName `
    --name=$clusterName `
    --overwrite-existing

Write-Host "Successfully created cluster $clusterName with $workerNodeCount node(s)" -ForegroundColor Green

Write-Host "Creating cluster role binding for Kubernetes dashboard" -ForegroundColor Green

# kubectl create clusterrolebinding kubernetes-dashboard `
#     -n kube-system `
#     --clusterrole=cluster-admin `
#     --serviceaccount=kube-system:kubernetes-dashboard

Error Msg is coming like as "az: error: unrecognized arguments: --enable-managed-identity".

Please help or give suggestions on how to enable managed identity also associated with AKS-clusters.

Many Thanks,

Answer 1

I updated Azure CLI (version 2.15.1 or later) by using below https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-windows?tabs=azure-powershell and executed aks creation ps-script as above and it working perfectly . AKS-infrastructure are created .

Many Thanks..

Answer 2

First, there is no parameter --aks-custom-headers of the CLI command az aks create, and the other two-parameter --enable-managed-identity and --attach-acr. You can try it again without the character =, just append the value behind the parameters:

az aks create `
--resource-group $resourceGroupName `
--name $clusterName `
--node-count $workerNodeCount `
--enable-managed-identity `
--kubernetes-version $kubernetesVersion `
--attach-acr $acrRegistryName

You can take a look at the command az aks create. In addition, that's managed identity, not the service principal, so you need to use the command az identity list to get the identity of the AKS in the node group and you can get the node group through CLI command like below:

az aks show -g aksGroup -n aksCluster --query nodeResourceGroup