Create new default principal during AKS creation

Question

Typically, when I created a kubernetes cluster within Azure, it generated a (new) default service principle.

Currently, when I try to create a cluster, I get asked for a Service principal client ID and Service principal client secret?

How can I get back, to the default generation (before image)?

Currently:

Before:

Answer 1

The best practice here is to use the system-assigned managed identity, since the credentials are automatically managed by Azure, storing it securely and rotating it regularly.

Using a service principal means that you have to manage the credentials on your own: and if you forget, you run into issues when the credentials expire. While allowing the default generation during cluster create might make things look easy, things get complicated later when the credentials expire and you have no idea that is going to happen. Requiring this to be provided manually forces you to consider the lifecycle ahead of time rather than being surprised later on. That's most likely the reason this behavior changed.

You can still do this withing the Azure UI if you really wanted to: you have to go the Azure AD portion of the UI, create an app registration and configure it with a secret: and this gives you id and secret you need during cluster create if you want to pick Service Principal.

Answer 2

Looks like it is a recent update to the Azure Portal AKS create UI . You may use Azure CLI to create the cluster which will create Service Principal automatically the first time az aks create command is issued.

• In this scenario service principal is not specified.Azure CLI automatically creates a service principal for the AKS cluster :

az aks create --name myAKSCluster --resource-group myResourceGroup

Note:To successfully complete the operation, your Azure account must have the proper rights to create a service principal.

You may Refer this for the same.