Azure-docs: az aks create ... command results in error: The password must contain at least 1 special character
Something seems to be broken with the content in this tutorial. I've tried three different types of AAD secrets, and even tried not including any AAD information at all. This leads me to believe that this error is related to different functionality.
I'm running azure-cli v2.0.60
Full error details:
The password must contain at least 1 special character. paramName: PasswordCredentials, paramValue: , objectType: Microsoft.Online.DirectoryServices.Application
Command being run:
az aks create --resource-group $resourceGroup `
--name $clusterName `
--generate-ssh-keys `
--aad-server-app-id $serviceId `
--aad-server-app-secret **redacted** `
--aad-client-app-id $clientId `
--aad-tenant-id $tenant
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: a47c6df7-5103-1336-eb0b-68f95155e6c8
- Version Independent ID: f4420b08-9b57-f581-fcb4-f069afdd5b0c
- Content: Integrate Azure Active Directory with Azure Kubernetes Service
- Content Source: articles/aks/aad-integration.md
- Service: container-service
- GitHub Login: @iainfoulds
- Microsoft Alias: iainfou
kellsMS
All 8 comments
Thanks for the feedback! We are currently investigating and will update you shortly.
mimckitt
on 15 Mar 2019
@kellsMS can you try creating the SP with az ad sp create-for-rbac --skip-assignment and specify with az aks create --service-principal --client-secret as per https://docs.microsoft.com/en-us/azure/aks/kubernetes-service-principal#manually-create-a-service-principal
Also, looking at your username I was curious as to if you were an FTE, if so please ping me offline as well :)
mimckitt
on 15 Mar 2019
Closing as discussed offline :)
mimckitt
on 15 Mar 2019
What was the result of this when discussed offline? Would like to know so I can fix for myself
kendallroden
on 27 Mar 2019
Just an update for everyone. The doc works as expected. People seeing issues are internal MSFT employees. This is due to the permissions on the MSFT AAD. So if you are an internal FTE you should create the SP with az ad sp create-for-rbac --skip-assignment and specify with az aks create --service-principal --client-secret as per https://docs.microsoft.com/en-us/azure/aks/kubernetes-service-principal#manually-create-a-service-principal
Or of course, use a personal subscription instead.
mimckitt
on 27 Mar 2019
@kendallroden / @MicahMcKittrick-MSFT We pushed a fix for this so updating to v2.0.61 should include a fix.
jluk
on 27 Mar 2019
@kendallroden / @MicahMcKittrick-MSFT We pushed a fix for this so updating to v2.0.61 should include a fix.
Observing the same issue on AZ -CLI v2.0.61.
desreela
on 28 Mar 2019
For the lazy (like me) the precise replacement that worked is to change the Lab's current line of:
az aks create --resource-group k8s-aks-cluster-rg-INITALS --name aks-k8s-cluster -disable-rbac --node-count 1 --node-vm-size "Standard_A1" --generate-ssh-keys
To a two step process, first:
az ad sp create-for-rbac --skip-assignment
And use the return from that call to complete the second rewritten line, replacing INITIALS from earlier steps within the lab, and <appID> and <password> from the step 1 above:
az aks create --resource-group k8s-aks-cluster-rg-INITIALS --name aks-k8s-cluster --service-principal <appID> --client-secret <password> --disable-rbac --node-count 1 --node-vm-size "Standard_D2_v2" --generate-ssh-keys
It took about 30 minutes to complete!
Edit: As an aside, this might be due to accidentally choosing the wrong azure subscription. Login to portal.azure.com, click on "all services", and navigate to "subscriptions". The subscription listed there with the role "account admin" should work sufficiently.
gabebryant
on 9 May 2019
Related issues
AronT-TLV
·
3Comments
jebeld17
·
3Comments
mrdfuse
·
3Comments
ianpowell2017
·
3Comments
Agazoth
·
3Comments
Most helpful comment
Observing the same issue on AZ -CLI v2.0.61.