I have created my VNET & SubNet as mentioned below
RESOURCE_GROUP="POC-RG"
LOCATION="westus"
APIMNAME="poc-apim-98"
PUBLISHER="Demo"
PUBLISHEREMAIL="myemail#demo.com"
SKU="Premium"
VNETNAME="app-vnet"
APITYPE="External"
az network vnet create \
--resource-group ${RESOURCE_GROUP} \
--name ${VNETNAME} \
--location ${LOCATION}
az network vnet subnet create \
--resource-group ${RESOURCE_GROUP} \
--vnet-name ${VNETNAME} \
--name apim \
--address-prefixes 10.0.5.0/24
and I want to provision the Azure API Management in the apim subnet created above
az apim create --name ${APIMNAME} -g ${RESOURCE_GROUP} -l ${LOCATION} --sku-name ${SKU} --publisher-email ${PUBLISHEREMAIL} --publisher-name ${PUBLISHER} --virtual-network ${APITYPE}
Looks like Azure CLI does not take the subnet parameter while creating the APIM, how do I set the subnet and create the Azure API Management using azure cli?
You are right. For some reason az apim create does not provide option to input a subnet reference of a VNET.
You have 2 options:
Use ARM template. Refer Create an API Management service in External Virtual Network for sample template.
az group deployment create --resource-group <my-resource-group> --template-uri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/201-api-management-create-with-external-vnet/azuredeploy.json
Or,
Use az resource command to add subnet reference after you create APIM.
az apim create --name ${APIMNAME} -g ${RESOURCE_GROUP} -l ${LOCATION} --sku-name ${SKU} --publisher-email ${PUBLISHEREMAIL} --publisher-name ${PUBLISHER} --virtual-network ${APITYPE}
$apimResourceId = az apim show -n ${APIMNAME} -g ${RESOURCE_GROUP} --query 'id' -o json
$subnetResourceId = az network vnet subnet show -g ${RESOURCE_GROUP} -n apim --vnet-name ${VNETNAME} --query 'id' -o json
az resource update --ids $apimResourceId --set properties.virtualNetworkConfiguration.subnetResourceId=$subnetResourceId
Related
I am using Azure CLI version 2.34.1. I ran following commands to create a resource group and then a virtual machine. Note that I used options to delete relevant resources when the VM is deleted.
az group create --name myTestRG --location eastus
az vm create --resource-group myTestRG --name myTestWindows11VM --image MicrosoftWindowsDesktop:windows-11:win11-21h2-pro:22000.493.220201 --admin-username someusername --os-disk-delete-option delete --nic-delete-option delete
Later I deleted the VM using following command.
az vm delete --name MyTestWin11VM --resource-group myTestRG -y
However, when I browse to the portal, the resource group still showing following resources that are relevant to the VM.
What I may be doing wrong? Is there anyway to delete all resources associated to VM when I delete the virtual machine itself?
UPDATE ITS A BUG:
The way Azure works is to group resources in Resource Groups - its a mandatory field in all creation of services. Azure does this because many resources have dependencies, such as a VM with a NIC, VNet & NSG.
You can use this to your advantage and simply delete the Resource Group:
az group delete --name myTestRG
Azure will work out the dependency order, eg NSG, VNet, NIC, VM. You can read up on how it does the ordering: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/delete-resource-group?tabs=azure-cli
What happens if I have multiple VMs in a Resource Group and I only want to delete one?
There's 3 new options --os-disk-delete-option, --data-disk-delete-option, --nic-delete-option to support deleting VMs and dependencies:
az vm create \
--resource-group myResourceGroup \
--name myVM \
--image UbuntuLTS \
--public-ip-sku Standard \
--nic-delete-option delete \
--os-disk-delete-option delete \
--admin-username azureuser \
--generate-ssh-keys
Otherwise script the whole thing using Azure Resource Manager Templates (ARM Templates), or the new tool to generate ARM Templates called Bicep. It's worth continuing with raw CLI commands and delete dependencies in order. IF you get good with the CLI you end up with a library of commands that you can use with ARM templates.
We are actually deploying container to Azure using Azure CLI and the create command as specify the sample documentation below :
https://learn.microsoft.com/en-us/azure/container-instances/container-instances-vnet
In this dosucmentation it is clearly specify from the sample command below that when the container and the Vnet/Subnet gets created, azure create for you a Network Profile Id ( that is need for yaml deplyoement)
az container create --name appcontainer --resource-group myResourceGroup --image mcr.microsoft.com/azuredocs/aci-helloworld --vnet aci-vnet --vnet-address-prefix 10.0.0.0/16 --subnet aci-subnet --subnet-address-prefix 10.0.0.0/24
After the container gets created successfully you are supposed to get Network profile name or ID, which you can obtain using "az network profile list"
Which in fact does not return anything
UPDATE :
I update m Azure CLI to 2.30 in powershell but the result is the same the output of the command return nohing even if container and vnet gets succesfully created
Output result
Thanks for your help
regards
I have tested in my environment.
I deployed a container to a new virtual network using the below command:
az container create --name appcontainer --resource-group myResourceGroup --image mcr.microsoft.com/azuredocs/aci-helloworld --vnet aci-vnet --vnet-address-prefix 10.0.0.0/16 --subnet aci-subnet --subnet-address-prefix 10.0.0.0/24
The container got successfully created.
To get the Network Profile ID, I used the below command:
az network profile list --resource-group myResourceGroup --query [0].id --output tsv
In this way, we can fetch the Network Profile ID
If network profile is not getting created using CLI, try using ARM template
The same happened to me. I solve it using Azure CLI version 2.27.2. Any newer version leaves me with the same problem.
There seems to be a problem with the latest versions of the Azure CLI
I am trying to find a way to delete an Instance in azure and all its associated resources. But I don't see any straightforward approach to accomplish it. I am using az vm delete -g resourcegroup -n myinstancename--yes command which currently only deletes instances. In my scenario, I can't use powershell.
For testing ,I created a VM with 1 NIC, 1 Public IP and 2 Data disks.
Then, I used the below az CLI script :
$osDisk = (az vm show --resource-group ansumantest --name ansumantest --query "storageProfile.osDisk.name" --output tsv)
$datadisks = (az vm show --resource-group ansumantest --name ansumantest --query "storageProfile.dataDisks[].name" --output tsv)
$nics= (az vm show --resource-group ansumantest --name ansumantest --query "networkProfile.networkInterfaces[].id" --output tsv)
foreach ($nic in $nics){
$publicIps=az network nic show --id $nic --query "ipConfigurations[].publicIpAddress.id" --output tsv
}
az vm delete --resource-group ansumantest --name ansumantest --yes
if ($osDisk) {
az disk show --resource-group ansumantest --name $osDisk --yes
}
foreach ($datadisk in $Datadisks){
az disk delete --resource-group ansumantest --name $datadisk --yes
}
foreach ($nic in $nics){
az network nic delete --id $nic
}
foreach ($publicIp in $publicIps){
az network public-ip delete --id $publicIp
}
Outputs:
OR
You can directly delete all the resources while the running the VM delete Command as well but there are some Prerequisites for this method i.e. While creating the VM using CLI you have to configure couple of features like below :
As per Microsoft Document in az vm create section:
[--os-disk-delete-option {Delete, Detach}]
Specify the behavior of
the managed disk when the VM gets deleted i.e whether the managed
disk is deleted or detached.
accepted values: Delete, Detach
[--data-disk-delete-option]
Specify whether data disk should be deleted or detached upon VM deletion.
[--nic-delete-option]
Specify what happens to the network interface when the VM is
deleted. Use a singular value to apply on all resources, or use = to
configure the delete behavior for individual resources. Possible
options are Delete and Detach.
If the above 3 are configured to delete while creating the VM then , when you run the az vm delete it defaults to delete these resources when the VM is to be deleted.
Reference:
Github Support
Update:
A colleague who works for Microsoft said:
Changelog entry for this behaviour change is here: https://github.com/MicrosoftDocs/azure-docs-cli/blob/master/docs-ref-conceptual/release-notes-azure-cli.md#aks-3
I'm following the proper instructions and the documentation must be out of date.
https://learn.microsoft.com/en-us/azure/aks/kubernetes-service-principal
Automatically create and use a service principal.
When you create an AKS cluster in the Azure portal or using the az aks create command, Azure can automatically generate a service principal.
In the following Azure CLI example, a service principal is not specified. In this scenario, the Azure CLI creates a service principal for the AKS cluster. To successfully complete the operation, your Azure account must have the proper rights to create a service principal.
az aks create --name myAKSCluster --resource-group myResourceGroup
This is what happened a few months ago - see Finished service principal creation:
Now when I try I get Add role propagation:
The problem is querying the servicePrincipalProfile.clientId results in msi, I need the guid of the service principal not the Managed Service Identity.
$CLIENT_ID=$(az aks show --resource-group $AKS_RESOURCE_GROUP --name $AKS_CLUSTER_NAME --query "servicePrincipalProfile.clientId" --output tsv)
echo $CLIENT_ID
Used to work:
Now its changed:
How do I create the Kubernetes Cluster with a Service Principal as the documentation states and how it used to work?
Repro steps:
https://github.com/MeaningOfLights/AzureTraining/blob/master/Hands-On-Labs-That-Work/80-Kubernetes.md
https://github.com/MeaningOfLights/AzureTraining/blob/master/Hands-On-Labs-That-Work/85-Kubernetes-Deployment.md
For Reference: I got the same and following your link I found that this worked.
az aks show -g aks -n cluster --query identityProfile.kubeletidentity.clientId -o tsv
and this returned the appropriate guide, that I could use for my RBAC assignment
# get the clientId of the cluster
$clientId = (az aks show -g aks -n cluster --query identityProfile.kubeletidentity.clientId -o tsv)
# get the resourceId of the registry
$acrId=(az acr show -g acr -n myacr --query id -o tsv)
# give authority for cluster id to the acr pull
az role assignment create $clientId --role AcrPull --scope $acrId
I have a resource group with all of my networking in it. I need to create a VM in another resource group but using the vnets/subnet in the other resource group. It is failing miserably at the cli. Here's the command I'm using:
az vm create --name vm-jmp-poc-e --resource-group rg-mgmt-poc-eastus-001 --public-ip-address "" --image Win2016Datacenter --data-disk-sizes-gb 10 --admin-user adminuser --admin-password ThisIsThePass123$ --availability-set av-cpe-poc-eastus-001 --subnet subscriptions/938b61f6-ecac-4c61-ad3b-7e856c377660/resourceGroups/providers/Micosoft.Network/virtualNetworks/rg-sql-cpe-poc-eastus-001/vnet-primary-poc-eastus-001/subnets/snet-mgmt-poc-eastus-002 --location eastus
Here is the error:
ValidationError: incorrect usage: --subnet ID | --subnet NAME
--vnet-name NAME
Please help!!!
The problem is that you have provided a wrong subnet ID, the correct format is that
/subscriptions/<subscriptionID>/resourceGroups/<rgName>/providers/Microsoft.Network/virtualNetworks/<vnetName>/subnets/<subnetName>
You can get the subnet ID via
az network vnet subnet show -g <rgName> -n <subnetName> --vnet-name <vnetName> --query id -o tsv
You lack the resource group name in your providing subnet ID.
subscriptions/xxxx/resourceGroups/providers/Micosoft.Network/virtualNetworks/rg-sql-cpe-poc-eastus-001/vnet-primary-poc-eastus-001/subnets/snet-mgmt-poc-eastus-002
Result