You may not know, but by default, AKS clusters are created with a service principal and that service principal has a one-year expiration time. Luckily there is an easy solution to update the credentials and this blog post is going to show you how to do it!
Note: You will need Azure CLI 2.0.65 or later to be able to follow this blog post. To check what version you have run az-version to find your version. To upgrade or install you can follow this guide. tps://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest
Time to start
So, first, you need to get the service principal that we are using for your AKS cluster. To do that in your terminal use the following. Just make sure to change it to match your resource group and AKS cluster.
1 |
SP_ID=$(az aks show --resource-group rabbit-aks-dev --name rabbit-aks-dev --query servicePrincipalProfile.clientId -o tsv) |
Don’t worry about the orange text in my terminal. I have been playing with the AKS-preview commands so it is just a warning. You will not see it.
So now we have the Service Principal ID saved as a SP_ID variable. We will be using it next.
Let’s update the Service Principal
In the same window using the following to update your service principal with a password automatically generated by Azure. The code also saves the new password to a variable so you can find it later to update your password manager. You might need it for IaC deployments.
1 |
SP_SECRET=$(az ad sp credential reset --name $SP_ID --query password -o tsv) |
If you want to see your Service Principal credentials use the following.
1 2 |
echo $SP_ID echo $SP_SECRET |
Awesome, you have updated your service principal credentials, but you are not finished yet. Now you have to Update your AKS cluster with the new credentials.
Update AKS
In the same window enter the following code. You will need to change your resource group name and AKS cluster name.
1 |
az aks update-credentials --resource-group rabbit-aks-dev --name rabbit-aks-dev --reset-service-principal --service-principal $SP_ID --client-secret $SP_SECRET |
That’s it! You have now updated your service principals credentials and also updated your AKS cluster with the new credentials.
Add an entry in your calendar to repeat this next year.
I hope you found this article helpful. If you have any questions or comments reach out below or via social media.
1 Comment
Robin · January 15, 2021 at 12:18 pm
Thank you very much, you’re a life saver!