Azure-docs: az aks create: The request did not have a subscription or a valid tenant level resource provider.

Thanks for the feedback! We are currently investigating and will update you shortly.

Looks like you didn't connect or specify the subscription you want to use.

use az account set --subscription XXXXXXXXXXX to set the subscription then retry the commands.

I have the same issue. i've tried the az account set as well but didn't work.

ERROR: The request did not have a subscription or a valid tenant level resource provider.

is there something related to the resource provider on the subscription?

Can you both try the simple AKS walkthrough as well?

https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough

if I try using my main user as SP it works, my az aks create on my pipeline uses vnets and other stuffs, which the basic sample above does not working because the SP generated hasn't permissions I believe.

I am looking into this page right now:
https://docs.microsoft.com/en-us/azure/aks/kubernetes-service-principal#delegate-access-to-other-azure-resources

Sounds like a SP permissions issue really.

You can create your own SP to use

https://docs.microsoft.com/en-us/azure/aks/kubernetes-service-principal

Then you just need to make sure that SP has the correct permissions on the specific subscription

Thank you very much for your answers and your support.

I did an "az account set" before I tried the cluster creation. So I think this was not the reason.

I made a new attempt according to the AKS walk through and it worked:

az aks create --resource-group TRS-aks-test --name myAKSCluster --node-count 1 --enable-addons monitoring --generate-ssh-keys
SSH key files '/home/treimers/.ssh/id_rsa' and '/home/treimers/.ssh/id_rsa.pub' have been generated under ~/.ssh to allow SSH access to the VM. If using machines without permanent storage like Azure Cloud Shell without an attached file share, back up your keys to a safe location
Waiting for AAD role to propagate[################################ ] 90.0000%Could not create a role assignment for monitoring addon. Are you an Owner on this subscription?

Note that we have an own set up at my company, I am not owner of the subscription but of the resource group.

After that I added my additional parameters step by step and found that the problem was the vNet I provided. I did use the vNet name and not the id.

Maybe the error mesage can be improved for this situation.

Thanks for your help!

Please note that the hint with the service principal was very helpful also!

As of our Azure set up I could not grant permission for the service principal on my own virtual network. I got:

Could not create a role assignment for subnet. Are you an Owner on this subscription?

After omitting the virtual network parameter the command created a network in the cluster resource group and granted the permission for the service principal on that virtual network.

Hy, i got the same issue..

az aks create --resource-group K8s-RG --name K8s --network-plugin azure --vnet-subnet-id 11.2.0.0/16 --docker-bridge-address 172.17.0.1/16 --dns-service-ip 11.1.0.10 --service-cidr 11.1.0.0/16 --kubernetes-version 1.14.8 --node-vm-size B2s --node-count 2 --location northeurope --vm-set-type VirtualMachineScaleSets --load-balancer-sku standard --load-balancer-managed-outbound-ip-count 1 --node-resource-group K8s-Nodes-RG --max-pods 110 --enable-addons monitoring --subscription ID #ID# --vnet-subnet-id #ID#

I've also tried creating the SP manually without success.
Some ideas how to solve the issue? thanks!

EDIT: I'm global Admin and got all permission i should need for

Hi Berndinox,

did you try to follow the AKS walk through? And did it work?

What I am wondering is your parameter "--vnet-subnet-id 11.2.0.0/16". Is this really correct?

Cheers
Thorsten

@treimers Hej, thanks for the fast reposonse.

Indeed, vnet-subnet-id looks malformed, will look into it.

EDIT:
Could solve it! vNet-Subnet-ID ist not a IP Range!

For Reference, you can find your Subnet ID with:
az network vnet subnet list --vnet-name vNET-K8s -g K8s-RG

Looks Like:"id": "/subscriptions/11111-2222-33333-44444-5555/resourceGroups/K8s-RG/providers/Microsoft.Network/virtualNetworks/vNET-K8s/subnets/Pod-Network"

Also changed the VM Size: Standard_B2s
The Node-RG should not be precreated!

Thanks!

Make sure to run this (more details from here https://docs.microsoft.com/en-us/azure/aks/configure-azure-cni

az network vnet subnet list \
    --resource-group myVnet \
    --vnet-name myVnet \
    --query "[0].id" --output tsv

and copy the full output from this command and pass it to

az aks create
    --resource-group myResourceGroup
    --name myAKSCluster
    --network-plugin azure
    --vnet-subnet-id "/subscriptions/5a8ae0f8-bccb-455c-8354-9cdb07d845a6/resourceGroups/teamResources/providers/Microsoft.Network/virtualNetworks/vnet/subnets/vm-subnet "
    --docker-bridge-address 172.17.0.1/16
    --dns-service-ip 10.2.0.10
    --service-cidr 10.2.0.0/24
    --generate-ssh-keys