This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 87%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Hi Team,
Is there any way to recreate or recover a System nodepool that has no nodes available?
This happened after I tried updating the service principal for the AKS cluster.
az aks update-credentials --resource-group myResourceGroup --name myAKSCluster--reset-service-principal --service-principal <app_id> --client-secret <password> kubectl uncordon myNode What steps can I take to fix the system nodepool? I've tried adding another system nodepool but it failed because the cluster is using an old Kubernetes version (1.16) which is no longer supported. It also won't let me upgrade the Kubernetes version of the cluster because it's currently in a "Failed" state.
Welcome to Microsoft Q&A Platform, thanks for posting your query here.
Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused.
This issue needs deeper investigation. Failure/timeout in resetting Service Principle can occur by multiple cases, support team be able to check this with cluster details to be able to understand better on what happened. I would recommend you to open a azure support case.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 98%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
@James ,
Can you try running below command (It will try to reconcile the cluster to last known good state)
az resource update -n aksclustername -g aksresourcegroup --namespace Microsoft.ContainerService --resource-type ManagedClusters
Once you run that command, cluster will go to updating state - wait for couple of mins to see if it can turn to healthy state.
FYI - To see why the cluster was stuck in RefreshServicePrinciplaProfile , try running kubectl get events --all-namespaces .
Can you try running below command (It will try to reconcile the cluster to last known good state)
az resource update -n aksclustername -g aksresourcegroup --namespace Microsoft.ContainerService --resource-type ManagedClusters
I'll give this a try, thanks!
FYI - To see why the cluster was stuck in RefreshServicePrinciplaProfile , try running kubectl get events --all-namespaces .
Unfortunately, the original cause doesn't seem to be in the events anymore as I've stopped and restarted the cluster previously.
Can you try running below command (It will try to reconcile the cluster to last known good state)
az resource update -n aksclustername -g aksresourcegroup --namespace Microsoft.ContainerService --resource-type ManagedClusters
After running for a couple of hours, the command stopped with an error.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 88%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETT%3C/text%3E%3C/svg%3E)
Hello
i am having currently the same issue. Did a cluster restart solved the problem?
I am still unable to access to the kube-apiserver via the clusterIP service. Istio is trying to use the api to read/write the secret so it can update the proxies with a new certificate.