Azure-docs: New managed Azure Active Directory integration article fails to mention preview flag
I finished setting up RBAC through AD with kubenetes roles last week. I revisited the page today to find (legacy) on it with a link to this article.
When attempting to upgrade my cluster I get the following message
C:\Users\devgi>az aks update -g <RG> -n <cluster name> --enable-aad --aad-admin-group-object-ids <object id> --aad-tenant-id <tenant id>
Operation failed with status: 'Bad Request'. Details: aadProfile.managed requires Microsoft.ContainerService/AAD-V2 feature flag.
Why is this the case? This feature flag appears to relate to Azure enabled RBAC but I am doing my roles through kubernetes. Why would I need this feature enabled?
Why am I required to enable a preview feature flag when this article does not indicate this is in preview? My organization has a strong stance against using preview features in production.
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 22a4b366-3eac-83f8-05bb-1302ce5c9235
- Version Independent ID: 73a9c88b-784d-2f96-becc-14e8d751834f
- Content: Use Azure AD in Azure Kubernetes Service - Azure Kubernetes Service
- Content Source: articles/aks/managed-aad.md
- Service: container-service
- GitHub Login: @mlearned
- Microsoft Alias: thomasge
devgibsonsp
All 8 comments
Thanks for the feedback! I have assigned the issue to the content author to investigate further and update the document as appropriate.
Karishma-Tiwari-MSFT
on 20 Jul 2020
@devgibsonsp: Our release including managed-AAD GA is delayed. We just restored required preview flags in our docs.
Sorry, for the inconvenience it may cause. Checkout: https://aka.ms/aks/managed-aad
I'm going ahead closing this issue. Feel free to keep commenting, if needed.
TomGeske
on 22 Jul 2020
please-close
TomGeske
on 22 Jul 2020
Hi, @TomGeske when are you going to release a fix?
ElkRom
on 4 Aug 2020
@ElkRom: I think preview flags should be added back to docs. Our deployment to remove those is currently ongoing and it will take a few days to land in all regions.
TomGeske
on 4 Aug 2020
EDIT:
Just Saw Jorge's reply here: https://github.com/Azure/AKS/issues/1489#issuecomment-670046012
I'll test again tomorrow.
This is blocking AKS deployment via ARM template as well. As part of our build process we call the Azure ARM Validation, which fails with the error below. I've not attempted to skip the ARM validation - and just run the deployment, but can if desired.
There were errors in your deployment. Error code: InvalidTemplateDeployment.
[error]The template deployment 'aks-20200806-224317-7320' is not valid according to the validation procedure. The tracking id is '839efe29-e112-447d-a7d0-966d6c1730b9'. See inner errors for details.
[error]Details:
[error]BadRequest: Provisioning of resource(s) for container service [our-clusterName] in resource group [our-cluster-RG-name] failed. Message: {
"code": "BadRequest",
"message": "aadProfile.managed requires Microsoft.ContainerService/AAD-V2 feature flag."
}. Details:
[error]Check out the troubleshooting guide to see if your issue is addressed: https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-resource-group-deployment?view=azure-devops#troubleshooting
[error]Task failed while creating or updating the template deployment.
kevinwedwards
on 7 Aug 2020
Yes, correctly. Roll out is still ongoing. Should finish in a couple of days in all regions.
TomGeske
on 7 Aug 2020
@TomGeske is there a way to monitor which regions require the feature flag and which don't? Our AKS cluster is West US
kevinwedwards
on 7 Aug 2020
Related issues
JeffLoo-ong
·
3Comments
mrdfuse
·
3Comments
monteledwards
·
3Comments
spottedmahn
·
3Comments
bdcoder2
·
3Comments