{"id":41,"date":"2020-12-15T19:33:00","date_gmt":"2020-12-15T19:33:00","guid":{"rendered":"http:\/\/blog.firatyasar.com\/?p=41"},"modified":"2021-03-31T19:48:21","modified_gmt":"2021-03-31T19:48:21","slug":"aks-reset-service-principal","status":"publish","type":"post","link":"https:\/\/blog.firatyasar.com\/?p=41","title":{"rendered":"AKS &#8211; Reset Service Principal"},"content":{"rendered":"\n<p>AKS kurulumu s\u0131ras\u0131nda kullan\u0131lan service principal&#8217;lara ait key&#8217;lerin s\u00fcresi belirli bir s\u00fcre sonra durabilir. B\u00f6yle bir durumda cluster \u00fczerinde yapt\u0131\u011f\u0131n\u0131z ve Azure platformunu editleyecek konfig\u00fcrasyonlar \u00e7al\u0131\u015fmaz. Yani cluster ilgili sp&#8217;yi kullan\u0131p Azure resource&#8217;lar\u0131na eri\u015femez.<\/p>\n\n\n\n<p>Bir \u00f6rnek vermek gerekirse bu durumu cluster \u00fczerine Azure platformu \u00fczerinden disk kullanacak bir deployment s\u0131ras\u0131nda ya\u015fad\u0131m. Deployment sonras\u0131nda pod&#8217;lar running duruma ge\u00e7medi. Pod&#8217;lar \u00fczerinde gerekli kontrolleri sa\u011flad\u0131\u011f\u0131mda cluster&#8217;\u0131n disk provision edemedi\u011fini g\u00f6rd\u00fcm ve SP ile ilgili hataya rastlad\u0131m. Sonras\u0131nda yapt\u0131\u011f\u0131m ara\u015ft\u0131rmalarda SP \u00fczerindeki secret&#8217;\u0131n s\u00fcresinin doldu\u011funu ve yenilemem gerkti\u011fini farkettim.<\/p>\n\n\n\n<p>B\u00f6yle bir durumda service principal&#8217;\u0131n cluster \u00fczerinde yeniden konfig\u00fcre edilmesi gerekir.<\/p>\n\n\n\n<p>Bu konfig\u00fcrasyonun ilk a\u015famas\u0131nda s\u00fcresi dolan secret yerine SP \u00fczerinde yeni bir secret generate edilmelidir.<\/p>\n\n\n\n<p>Bu i\u015flemin ard\u0131ndan SP&#8217;ye ait id ve secret birer de\u011fi\u015fkene atanmal\u0131d\u0131r.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>SP_ID=$(az aks show --resource-group &lt;rg name> --name &lt;cluster name> --query servicePrincipalProfile.clientId -o tsv)<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>SP_SECRET=$(az ad sp credential reset --name $SP_ID --query password -o tsv)<\/code><\/pre>\n\n\n\n<p>\u0130ki gerekli de\u011fi\u015fken elde edildikten sonra cluster \u00fczerinde SP&#8217;yi upgrade etmek i\u00e7in a\u015fa\u011f\u0131daki komutu \u00e7al\u0131\u015ft\u0131rabilirsiniz. Komut biraz s\u00fcre alacakt\u0131r. Ama sonras\u0131nda cluster&#8217;\u0131n\u0131z d\u00fczg\u00fcn \u015fekilde Azure platformu \u00fczerindeki resource&#8217;lar\u0131 y\u00f6netebilecektir.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>az aks update-credentials \\\n    --resource-group &lt;rg name> \\\n    --name &lt;cluster name> \\\n    --reset-service-principal \\\n    --service-principal $SP_ID \\\n    --client-secret $SP_SECRET<\/code><\/pre>\n\n\n\n<p>F\u0131rat<\/p>\n","protected":false},"excerpt":{"rendered":"<p>AKS kurulumu s\u0131ras\u0131nda kullan\u0131lan service principal&#8217;lara ait key&#8217;lerin s\u00fcresi belirli bir s\u00fcre sonra durabilir. B\u00f6yle bir durumda cluster \u00fczerinde yapt\u0131\u011f\u0131n\u0131z ve Azure platformunu editleyecek konfig\u00fcrasyonlar \u00e7al\u0131\u015fmaz. Yani cluster ilgili sp&#8217;yi kullan\u0131p Azure resource&#8217;lar\u0131na eri\u015femez. Bir \u00f6rnek vermek gerekirse bu durumu cluster \u00fczerine Azure platformu \u00fczerinden disk kullanacak bir deployment s\u0131ras\u0131nda ya\u015fad\u0131m. Deployment sonras\u0131nda pod&#8217;lar running\u2026 <span class=\"read-more\"><a href=\"https:\/\/blog.firatyasar.com\/?p=41\">Read More &raquo;<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/posts\/41"}],"collection":[{"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=41"}],"version-history":[{"count":1,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/posts\/41\/revisions"}],"predecessor-version":[{"id":42,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/posts\/41\/revisions\/42"}],"wp:attachment":[{"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=41"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=41"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=41"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}