Set-AksHciRegistration
Synopsis
Registers AKS hybrid with Azure.
Syntax
Set-AksHciRegistration -subscriptionId<String>
-resourceGroupName <String>
[-tenantId <String>]
[-armAccessToken <String>]
[-graphAccessToken <String>]
[-accountId <String>]
[-environmentName <String>]
[-credential <PSCredential>]
[-region <String>]
[-useDeviceAuthentication]
[-skipLogin]
Description
Registers AKS hybrid with Azure.
Examples
Register AKS hybrid using a subscription ID and resource group name
Set-AksHciRegistration -subscriptionId aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e -resourceGroupName myresourcegroup
Register with a device login or while running in a headless shell
Set-AksHciRegistration -subscriptionId myazuresubscription -resourceGroupName myresourcegroup -UseDeviceAuthentication
Register AKS hybrid using a service principal
If you do not have access to a subscription on which you're an "Owner", you can register your AKS host to Azure for billing using a service principal.
Log in to Azure using the Connect-AzAccount PowerShell command:
Connect-AzAccount
Set the subscription you want to use to register your AKS host for billing as the default subscription by running the Set-AzContext command.
Set-AzContext -Subscription myAzureSubscription
Verify that your login context is correct by running the Get-AzContext PowerShell command. Verify that the subscription, tenant, and account are what you want to use to register your AKS host for billing.
Get-AzContext
Name Account SubscriptionName Environment TenantId
---- ------- ---------------- ----------- --------
myAzureSubscription (92391anf-... user@contoso.com myAzureSubscription AzureCloud xxxxxx-xxxx-xxxx-xxxxxx
Retreive your tenant ID.
$tenant = (Get-AzContext).Tenant.Id
Create a service principal by running the New-AzADServicePrincipal PowerShell command. This command creates a service principal with the "Contributor" role and sets the scope at a subscription level. For more information on creating service principals, visit create an Azure service principal with Azure PowerShell.
$sp = New-AzADServicePrincipal -Role "Contributor" -Scope "/subscriptions/myazuresubscription"
Retrieve the password for the service principal by running the following command:
$secret = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($sp.Secret))
Write-Host "Application ID: $($sp.ApplicationId)"
Write-Host "App Secret: $secret"
From the output above, you now have the application ID and the secret available when deploying AKS hybrid. You should take a note of these items and store them safely. Now that you have the application ID and secret available, in the Azure portal, under Subscriptions, Access Control, and then Role Assignments, you should see your new service principal.
Store your service principal credentials (the application ID and secret) with Get-Credential, then set the registration.
$credential = Get-Credential
Set-AksHciRegistration -SubscriptionId myazuresubscription -ResourceGroupName myresourcegroup -TenantId $tenant -Credential $credential
Parameters
-subscriptionId
The ID of the Azure subscription to be used.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-resourceGroupName
Name of the resource group to place Arc resources.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-tenantId
The tenant Id of your Azure service principal.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-armAccessToken
The token for accessing Azure Resource Manager.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-graphAccessToken
The token for accessing the graph.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-accountId
ID of the Azure account.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: 1
Accept pipeline input: False
Accept wildcard characters: False
-environmentName
The name of the intended public cloud.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-credential
A PSCredential that holds the user's service principal.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-region
The Azure location.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-useDeviceAuthentication
Outputs a code to be used in the browser.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-skipLogin
Skips the Connect-AzAccount call. This flag is useful in automation or when running from a connected shell.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False