Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

AKS arm template deployment failling with "Required parameter servicePrincipalProfile is missing (null)" when no servicePrincipalProfile is provided

See original GitHub issue

Describe the bug

When deploying an AKS cluster using ARM templates, if no servicePrincipalProfile is specified a validation exception happens preventing the deployment. According to the documentation, the “servicePrincipalProfile” is an optional field.

This is either an ARM bug or a documentation bug.

Command Name az group deployment create

Errors:

Azure Error: InvalidTemplateDeployment
Message: The template deployment 'aks' is not valid according to the validation procedure. The tracking id is 'a7dd8808-1302-4c87-a531-6d27b54cdb7e'. See inner errors for details.
Exception Details:
        Error Code: InvalidParameter
        Message: Provisioning of resource(s) for container service tahoma-dev-dalbe1-aks in resource group tahoma-dev-dalbe1-rg failed. Message: {
  "code": "InvalidParameter",
  "message": "Required parameter servicePrincipalProfile is missing (null).",
  "target": "servicePrincipalProfile"
 }. Details:

To Reproduce:

Steps to reproduce the behavior. Note that argument values have been redacted, as they may contain sensitive information.

Put any pre-requisite steps here…
az group deployment create --resource-group {} --template-file {} --parameters {} --parameters {}

Expected Behavior

According to the documentation deploying a template without this value should succeed.

Environment Summary

Linux-4.4.0-18362-Microsoft-x86_64-with-debian-buster-sid
Python 3.6.5
Shell: bash

azure-cli 2.0.81

Additional Context

Issue Analytics

State:
Created 4 years ago
Comments:15 (4 by maintainers)

Top GitHub Comments

6reactions

naman1901commented, Apr 27, 2020

[cc: @KaiWalter, @Diastro]

Please see the template below to deploy with MSI:

"resources": [
        {
            "apiVersion": "2020-03-01",
            "dependsOn": [],
            "type": "Microsoft.ContainerService/managedClusters",
            "location": "[parameters('location')]",
            "name": "[parameters('resourceName')]",
            "properties": {
                "kubernetesVersion": "[parameters('kubernetesVersion')]",
                "enableRBAC": "[parameters('enableRBAC')]",
                "dnsPrefix": "[parameters('dnsPrefix')]",
                "agentPoolProfiles": [
                    {
                        "name": "agentpool",
                        "osDiskSizeGB": "[parameters('osDiskSizeGB')]",
                        "count": 3,
                        "vmSize": "Standard_DS2_v2",
                        "osType": "Linux",
                        "storageProfile": "ManagedDisks",
                        "type": "VirtualMachineScaleSets",
                        "mode": "System"
                    }
                ],
                "networkProfile": {
                    "loadBalancerSku": "standard",
                    "networkPlugin": "[parameters('networkPlugin')]"
                },
                "apiServerAccessProfile": {
                    "enablePrivateCluster": "[parameters('enablePrivateCluster')]"
                },
                "addonProfiles": {
                    "httpApplicationRouting": {
                        "enabled": "[parameters('enableHttpApplicationRouting')]"
                    },
                    "omsagent": {
                        "enabled": "[parameters('enableOmsAgent')]",
                        "config": {
                            "logAnalyticsWorkspaceResourceID": "[parameters('omsWorkspaceId')]"
                        }
                    }
                }
            },
            "tags": {},
            "identity": {
                "type": "SystemAssigned"
            }
        }

For MSI, you need to use the identity tag. I was able to get help from the AKS team internally for this. They also suggested exporting the ARM template from Portal before deploying for these properties.

This might be a common usecase, would be great if it got documented.

4reactions

qwordycommented, Feb 27, 2020

It’s not a required parameter according the https://github.com/Azure/azure-rest-api-specs/blob/master/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2020-01-01/managedClusters.json If you use az aks create, servicePrincipalProfile will be assembled in request body, no matter you specify it or not. Add service attention to consult AKS people.

Top Results From Across the Web

Unable to create Azure AKS Container Service with Managed ...

I was deploying AKS using a template, and the template look like this. ... The value of parameter servicePrincipalProfile.secret is invalid.

Managed Clusters - Create Or Update - REST API (Azure AKS)

Creates or updates a managed cluster. In this article. URI Parameters; Request Body; Responses; Security; Examples; Definitions. HTTP

Configure AAD integrated Azure Kubernetes Service Clusters ...

Ensure to improve cluster security by centrally govern Administrator access to Azure Active Directory integrated AKS clusters. Mode, Indexed. Type, BuiltIn.

v20180331 - Go Packages

github.com/Azure/aks-engine ... New("At least one agent pool does not have subnet defined") ... New("Failed to parse VnetSubnetID").

azure-native.containerservice.ManagedCluster - Pulumi

Example Usage. TypeScript; Python; Go; C#; Java; YAML. Create Managed Cluster with Azure KeyVault Secrets Provider ...