问题描述
好的,所以我搞砸了,我偶然对运行我们的AKS集群的服务主体运行az ad sp reset-credentials
.现在,我们收到类似以下的错误:
Okay, so I messed up, I accidentally ran az ad sp reset-credentials
against the Service Principal that our AKS cluster runs under. And now we are getting errors like:
和
因此,现在我想找到服务主体使用的原始客户端机密,以便可以将其重新添加为服务主体的密钥.除了重新创建整个集群,这是我唯一想到的解决方案.
So now I want to find the original client secret that the Service Principal uses, so that I can re-add that as a key to the Service Principal. That's the only solution I can think of other than recreating the entire cluster.
有什么想法吗?
推荐答案
无论谁遇到此问题,Microsoft都会提供更新的解决方案
Whoever comes over this issue there's an updated solution from Microsoft
他们还提到(不太明显的地方):默认情况下,创建的AKS群集使用的服务主体的有效期为一年.
They also mention (something that's not obvious) that:By default, AKS clusters are created with a service principal that has a one-year expiration time.
另外,从Azure CLI 2.0.68开始,不再支持使用用户定义的密码创建服务主体的--password参数,以防止意外使用弱密码.因此更改服务主体密码的最初解决方案不再起作用.
Also, As of Azure CLI 2.0.68, the --password parameter to create a service principal with a user-defined password is no longer supported to prevent the accidental use of weak passwords.so the initial solution to change the service principal password doesn't work anymore.
这篇关于如何找到我的AKS群集的服务主体机密?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!