@Uday Kiran Reddy (ureddy)
I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this!
Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer. Accepted answers show up at the top, resulting in improved discoverability for others.
Issue: With service principal logged in with azure cli, below command got this error:
az aks command invoke --resource-group rg-licanltcs-aks-prod --name aks-licanltcs-prod-eastus --command "kubectl create namespace testing"
Error from server (Forbidden): namespaces "testing" is forbidden: User "db6023d1-75df-444d-ac2a-10c16a090fcc" cannot delete resource "namespaces" in API group "" in the namespace "testing"
Solution: It got fixed once we create a group with access to it while creating cluster.
resource aks 'Microsoft.ContainerService/managedClusters@2021-08-01' = {
name: 'aks-${prefix}-${environmentType}-${location}'
location: location
identity: {
type: 'UserAssigned'
userAssignedIdentities: {
'${aksIdentityId}' : {}
}
}
sku: {
name: 'Basic'
tier: aksSkuTier
}
properties: {
dnsPrefix: 'aks-${prefix}-${environmentType}'
enableRBAC: true
aadProfile: {
managed: true
adminGroupObjectIDs: [
adminGroupObjectId
]
}
........
If your issue remains unresolved or have further questions, please let us know in the comments how we can assist. We are here to help you and strive to make your experience better and greatly value your feedback.