Question

我是 power-shell 脚本的新手，我尝试在脚本下运行，该脚本将创建一个 AKS 集群，其托管标识也与 ACR 相关联。 但它在“托管身份”行出现错误。。

Param(
    [parameter(Mandatory = $false)]
    [string]$subscriptionName = "azure-subcription",
    [parameter(Mandatory = $false)]
    [string]$resourceGroupName = "demoRG",
    [parameter(Mandatory = $false)]
    [string]$resourceGroupLocaltion = "East US 2",
    [parameter(Mandatory = $false)]
    [string]$clusterName = "nginxCluster",
    [parameter(Mandatory = $false)]
    [int16]$workerNodeCount = 3,
    [parameter(Mandatory = $false)]
    [string]$kubernetesVersion = "1.19.3",
    [parameter(Mandatory = $false)]
    [string]$acrRegistryName = "ngAcrRegistrydemo"
)

# Set Azure subscription name
Write-Host "Setting Azure subscription to $subscriptionName"  -ForegroundColor Yellow
az account set --subscription=$subscriptionName

$aksRgExists = az group exists --name $resourceGroupName

Write-Host "$resourceGroupName exists : $aksRgExists"

if ($aksRgExists -eq $false) {

    # Create resource group name
    Write-Host "Creating resource group $resourceGroupName in region $resourceGroupLocaltion" -ForegroundColor Yellow
    az group create `
        --name=$resourceGroupName `
        --location=$resourceGroupLocaltion `
        --output=jsonc
}

$aks = az aks show `
    --name $clusterName `
    --resource-group $resourceGroupName `
    --query name | ConvertFrom-Json

$aksCLusterExists = $aks.Length -gt 0

if ($aksCLusterExists -eq $false) {
    # Create AKS cluster
    Write-Host "Creating AKS cluster $clusterName with resource group $resourceGroupName in region $resourceGroupLocaltion" -ForegroundColor Yellow
    az aks create `
        --resource-group=$resourceGroupName `
        --name=$clusterName `
        --node-count=$workerNodeCount `
        --enable-managed-identity `
        --output=jsonc `
        --kubernetes-version=$kubernetesVersion `
        --aks-custom-headers="CustomizedUbuntu=aks-ubuntu-1804,ContainerRuntime=containerd" `
        --attach-acr=$acrRegistryName 

}
# Get credentials for newly created cluster
Write-Host "Getting credentials for cluster $clusterName" -ForegroundColor Yellow
az aks get-credentials `
    --resource-group=$resourceGroupName `
    --name=$clusterName `
    --overwrite-existing

Write-Host "Successfully created cluster $clusterName with $workerNodeCount node(s)" -ForegroundColor Green

Write-Host "Creating cluster role binding for Kubernetes dashboard" -ForegroundColor Green

# kubectl create clusterrolebinding kubernetes-dashboard `
#     -n kube-system `
#     --clusterrole=cluster-admin `
#     --serviceaccount=kube-system:kubernetes-dashboard

错误消息类似于“az：错误：无法识别的参数：--enable-managed-identity”。

请帮助或提供有关如何启用也与 AKS 群集关联的托管标识的建议。

非常感谢，

Answer 1

首先，CLI命令--aks-custom-headers没有参数az aks create，另外两个参数--enable-managed-identity和--attach-acr。你可以不用字符=再试一次，只需在参数后面附加值：

az aks create `
--resource-group $resourceGroupName `
--name $clusterName `
--node-count $workerNodeCount `
--enable-managed-identity `
--kubernetes-version $kubernetesVersion `
--attach-acr $acrRegistryName

您可以查看命令 az aks create。此外，这是托管标识，而不是服务主体，因此您需要使用命令 az identity list 来获取节点组中 AKS 的标识，您可以通过 CLI 命令获取节点组，如下所示：

az aks show -g aksGroup -n aksCluster --query nodeResourceGroup

Answer 2

我使用以下更新了 Azure CLI (version 2.15.1 or later) https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-windows?tabs=azure-powershell 并如上所述执行 aks creation ps-script 并且它运行良好。已创建 AKS 基础设施。

非常感谢..

通过 az cli 脚本错误创建具有托管标识并与 acr 关联的 AKS 集群

2 个答案: