本文介绍了如何找到我的AKS群集的服务主体机密?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

好的,所以我搞砸了,我偶然对运行我们的AKS集群的服务主体运行az ad sp reset-credentials.现在,我们收到类似以下的错误:

Okay, so I messed up, I accidentally ran az ad sp reset-credentials against the Service Principal that our AKS cluster runs under. And now we are getting errors like:

因此,现在我想找到服务主体使用的原始客户端机密,以便可以将其重新添加为服务主体的密钥.除了重新创建整个集群,这是我唯一想到的解决方案.

So now I want to find the original client secret that the Service Principal uses, so that I can re-add that as a key to the Service Principal. That's the only solution I can think of other than recreating the entire cluster.

有什么想法吗?

推荐答案

无论谁遇到此问题,Microsoft都会提供更新的解决方案

Whoever comes over this issue there's an updated solution from Microsoft

https://docs.microsoft.com/zh-CN/azure/aks/update-credentials#update-aks-cluster-with-new-credentials

他们还提到(不太明显的地方):默认情况下,创建的AKS群集使用的服务主体的有效期为一年.

They also mention (something that's not obvious) that:By default, AKS clusters are created with a service principal that has a one-year expiration time.

另外,从Azure CLI 2.0.68开始,不再支持使用用户定义的密码创建服务主体的--password参数,以防止意外使用弱密码.因此更改服务主体密码的最初解决方案不再起作用.

Also, As of Azure CLI 2.0.68, the --password parameter to create a service principal with a user-defined password is no longer supported to prevent the accidental use of weak passwords.so the initial solution to change the service principal password doesn't work anymore.

这篇关于如何找到我的AKS群集的服务主体机密?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-17 04:07