azure-docs
azure-docs copied to clipboard
MicrosoftDocs
Unable to set up Azure AD applications for Azure Arc-enabled Kubernetes
Hello Azure team
[Enter feedback here] When I followed instraction, the script, "ad ad app permission grant xxxx", could not run. Error Message: "the following arguments are required: --scope" Need to explain what scope should be added when I run the script, for example Directory.ReadWrite.All , or Directory.Read.All...
Where the error happend? at Step 4 of "Create a server application" at Step 4 of "Create a client application"
Best Regards Hisashi Goto
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 55b2707d-7f51-554d-06dd-2cf71b906237
- Version Independent ID: ab8a566c-adba-5c99-8a16-713f9c979774
- Content: Azure RBAC for Azure Arc-enabled Kubernetes clusters - Azure Arc
- Content Source: articles/azure-arc/kubernetes/azure-rbac.md
- Service: azure-arc
- Sub-service: azure-arc-kubernetes
- GitHub Login: @JnHs
- Microsoft Alias: jenhayes
@starbuckscoffee Thanks for your feedback! We will investigate and update as appropriate.
I too am having issues with this article. It would appear that numerous commands are not correct, perhaps they were written for an older version of the Azure CLI? I'm running azure-cli version 2.39.0.
Some examples I noticed:
SERVER_APP_SECRET=$(az ad sp credential reset --name "${SERVER_APP_ID}" --credential-description "ArcSecret" --query password -o tsv
Produces and error stating that the --name and --credential-description arguments are unrecognized.
CLIENT_APP_ID=$(az ad app create --display-name "${CLUSTER_NAME}Client" --native-app --reply-urls "api://${TENANT_ID}/ServerAnyUniqueSuffix" --query appId -o tsv)
echo $CLIENT_APP_ID
Produces and error stating that the --native-app and --reply-urls arguments are unrecognized.
It would seem that the entire article and instructions need to be evaluated and possibly re-written to ensure its working.
I'm very excited about this feature, but disappointed by the complexity of setting-up Azure AD RBAC. My company is currently evaluating Arc-enabled Kubernetes for a potential project where we'd be deploying 30+ new clusters, but not having Azure AD-integrated RBAC would be a show stopper for us.
@starbuckscoffee thank you for reporting this issue. I am assigning it to our content team for further review and update.
@JnHs , can you please review the issue and share your thoughts. Thank you
Hi @starbuckscoffee and @mrecek - thanks to both of you for your detailed feedback. We are in the process of reviewing and updating this topic to address several issues, including those mentioned here, and ensure it's up to date. It may take some time before this is completed, so I will leave this issue open for now and close it after the changes have been made. We appreciate your taking the time to help us improve our documentation!
Hello again @starbuckscoffee and @mrecek - thanks for your patience! The information in this document has been updated to reflect the current experience. I believe your concerns are all addressed, so I will close this Github issue now, but please let us know if you have further questions or suggestions. Thanks again for taking the time to share your feedback with us and help improve our docs! #please-close