I have few of my own AKS clusters that run my custom wordpress, .NET Core and php website. The other day I decided to integrate Azure AD with it, since RBAC was already enabled, and decided to give a namespace to a friend to try out few things. Since I did not want to give him full rights, I decided to integrate AAD, make a new dev Namespace and only give him access to this namespace. On how to do this is straight forward.
You can go to this link to setup AAD integration.
https://docs.microsoft.com/en-us/azure/aks/azure-ad-integration
but don’t create a new cluster. Here we are aiming to update existing one. Once all the prerequisite is done, use this command to update you existing aks cluster to enable AAD integration.
az aks update-credentials \
–resource-group myResourceGroup \
–name myAKSCluster \
–reset-service-principal \
–service-principal $SP_ID \
–client-secret $SP_SECRET
— no-wait
once you run this command, you want to see that the status of the cluster ProvisioningState is succeeded to confirm command ran successfully. to do this, run command below
a@Azure:~$ az aks show –resource-group xxxx –name xxxx –output table
and you will see details like below.
Name Location ResourceGroup KubernetesVersion ProvisioningState Fqdn
————- ————- ————— ——————- ——————-
xxxx australiaeast xxxx 1.14.7 RefreshingAADProfile xxxx.hcp.australiaeast.azmk8s.io
even if you run this command multiple times, you will see same status RefreshingAADProfile and after few hours this may go to Failed State.
Whats more wierd is when you will run below command, you can see in the json that AAD integration is not null anymore and credentails are updated.
a@Azure:~$ az aks show –resource-group xxxx –name xxxx
to fix this error, go to https://resources.azure.com/ and then locate your aks cluster as per image below.
once you do that, click on edit and change from GET to POST.
Once you do that, change these to values from Failed State to Succeeded. (Ignore the Updating in image above, I took snapshot later. you will see Failed for below 2 settings.)
Once you change the value from Failed to Succeeded, and Click on Put, you will see cluster on azure portal will go to Updating status again, and then will finally go to Succeeded status again.