I've recently been running a few Kubernetes lab scenarios in Azure.
Usually I try to set such things up via Azure Powershell.
However this has been a learning experience of the feature disparity between Azure Powershell and Azure CLI.
Background
Extensive details can be found in Microsoft documentation
To sum up, Azure Powershell is a set of Powershell cmdlets, while Azure CLI is a set of platform independent CLI commands (similar to AWS CLI).
The documentation does point out that "Feature parity for Azure services doesn't always exist between Azure CLI and Azure PowerShell.".
Initial dive-in
Azure Powershell is generally more verbose, and tab completion works immediately (Azure CLI has working tab completion in some but not all cases, and requires addiitonal configuration in others).
The extra verbose syntax is more readable (especially if code is used as examples for beginners).
Additionally, much of documented Azure examples use Azure Powershell and its idiomatic set up steps of piping one Powershell object into an Azure Powershell "Set" cmdlet.
Powershell being generally integrated into Microsoft's own Windows OS also tends to make Azure Powershell the intuitively natural choice.
However that is not always the better choice.
The Missing Parts
As can be expected from the article headline, I quickly found deficiencies during my last cloud resource deployment.
Creating an AKS (Azure Kubernetes Service) cluster is a well documented and simple process.
Azure portal, Azure CLI, and Azure Powershell are all listed as usable methods.
Following the docs exactly I was initially surprised when the Powershell commands would return errors for no apparent reason.
The cluster creation command New-AzAksCluster
would run and start attempting to create a Service Principal (and fail) - despite, as per documentation, being configured not to do that.
Eventually the command would either time out, or appear to complete but no resources would be created.
The command used and given was New-AzAksCluster -ResourceGroupName myResourceGroup -Name myAKSCluster -NodeCount 1 -EnableManagedIdentity -GenerateSshKey
- which is expected to not require a separate Service Principal at all as a Managed Identity is used.
Troubleshooting was a strange journey of reading the docs, realising the docs are wrong, and wondering why this error even exists.
Further searching brought up a Github issue from 2022 that seemed somewhat relevant as it was raised due to Azure Powershell outright lacking support for Managed Identity - and finding that to be resolved as support was added, also in 2022.
Reading the related "fix" also showed an issue from 2021 showing the (even at the time) different behaviour between Powershell and CLI/Portal.
This would indicate that the commands "should" work and the issue was fixed 2 years ago, except that they didn't and it wasn't... or a different issue exists.
Finally, further searching brought up this Stack Overflow question - a much more recent discussion, this was posted at the end of 2023.
The description is close enough to what I had observed in my testing.
The comments are rather limited in exploring solutions - the only solution is to use Azure CLI instead (az aks create
).
Summary
While I was initially reluctant to switch from a previously-working tool, this has been an interesting discovery that makes me question the point of Azure Powershell.
I'd thought that Azure CLI mostly offered the same features while being less verbose and lacking Tab completion.
Troubleshooting this issue revealed that Tab completion was now apparently feature, and that Azure CLI was the way to get a working CLI tool for running Azure tasks.
While larger scale interdependent deployments would call for a declarative deployment via Azure Resource Manager, Bicep, or Terraform, smaller scale lab set ups can still benefit from a directly invoked or scripted CLI approach, and it is essential to have a reliable command line interface for this purpose.