Comments (6)
Hi, @zohebs341! Opening issues in this AKS Engine repo unfortunately will not get you any answers about deploying AKS in Azure Stack Hub. Please open an issue in the Azure Stack Docs repo https://github.com/MicrosoftDocs/azure-stack-docs/issues so that team can guide you in the right direction - thanks!
from aks-engine.
Hello @zohebs341, I can answer quickly.
How can I renew it in the future as the validation will be one year for that secret?
You can either execute aks-engine upgrade
using the new secret, deploy a new cluster or manually update /etc/kubernetes/azure.json
on each node.
If the secret is expired then the cluster will not be operational/functional.
True, operations that require K8s to CRUD IaaS resources will fail.
Or do I need to contact the Azure Stack Hub cloud operator to provide Service Principal name/secret details
You would need just a new secret for the SPN.
from aks-engine.
@jadarsie Thank you Javier.
If I use aks-engine upgrade command with new SPN client ID/client Secret. It will just upgrade existing cluster right? Rather than creating a new cluster. I mean to say, existing VMs/LoadBalncers/ deployed applications will remain unchanged.
New Client ID & Secret with below command is fine I guess?
aks-engine upgrade
--azure-env AzureStackCloud
--location xyz
--resource-group kube-rg
--subscription-id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
--api-model kube-rg/apimodel.json
--client-id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
--client-secret xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
--force
from aks-engine.
I would also update servicePrincipalProfile
just in case.
existing VMs/LoadBalncers/ deployed applications will remain unchanged
VMs will be recreated and pods moved around, storage is something else to consider, please read this.
Depending on your capacity/networking constraints and/or the type of deployed applications, it may be worthwhile considering a cluster upgrade process that consists of creating new clusters instead of upgrading existing ones.
from aks-engine.
@jadarsie Hi Javier.
For secrets, we can create an SPN first and then create a secret with an expiry of 2 years right? at least, in this case, the secret expiry will be for two years rather than one year.
from aks-engine.
yes you can
from aks-engine.
Related Issues (20)
- Disabling Unattended Upgrades Ignored HOT 2
- Addition & Deletion of NodePool using aks-engine - 0.67.0 & AKS Version 1.20.11 HOT 11
- aks-engine binary has linked in vulnerabilities HOT 1
- Load Balancer directing traffic to one Backend pool(VM) : aks-engine 0.67.0 & AKS 1.20.11 HOT 6
- Asset names for v0.73.0 are wrong (version is missing) HOT 4
- aks-engine quick start tutorial is failing, due to error: SkuNotAvailable HOT 3
- Image pull error for k8s-device-plugin in mooncake HOT 5
- SGX driver installation fails HOT 2
- Quickstart with default 1.24 kubernetes release template broken
- Release 0.75.1 is just like 0.75.0 (did not include the GPU SKU changes) HOT 3
- Replace references to k8s.gcr.io HOT 1
- [Question] ADFS integration with k8 RBAC HOT 6
- Error: failed to start containerd task "podname": hcs::System::CreateProcess podname: The directory name is invalid.: unknown HOT 2
- Any documentation for recent HNS/wcifs registry changes? HOT 5
- How to download apimodel.json of existing cluster HOT 5
- Health probe creation for Azure Internal Load Balancer - to one Backend pool(VM) : aks-engine 0.67.0 & AKS 1.20.11 HOT 1
- Creating AKS-engine Cluster - VM Extension CSE Exit Code 30 HOT 2
- Unattended Upgrades will cause AKS Engine clusters to break HOT 1
- AKS Engine is unable to find the node HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aks-engine.