-
Notifications
You must be signed in to change notification settings - Fork 306
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Get non-AAD credentials from a AAD-enabled Kubernetes cluster setup #600
Comments
@schroedan I raised something sort of similar in #556 . I was redirected to the feedback forum, and was just thinking about raising something there. Ideally we'd be able to do this without having to distribute credentials, which is sort of why I didn't bother investigating further. I really do not want to do that. |
@schroedan raised on feedback forum if you want to vote :-) |
Is there a workaround for this problem? |
@davenewza it appears that you can bypass it by requesting admin credentials as pointed out in the comment here https://feedback.azure.com/forums/914020-azure-kubernetes-service-aks/suggestions/35146387-support-non-interactive-login-for-aad-integrated-c |
Why don't you simply create a service account and use this to login to k8s? https://devopscube.com/kubernetes-api-access-service-account/ |
I came across this issue, linked from Stack Overflow, trying to get Azure Pipelines working with AAD enabled AKS. Thanks to @DenisBiondic for the suggestion to use k8s service account. Created one as per the link and tested it in Azure Pipelines, works really well. Now I just need to scope the service account so it has sane permissions. |
Faced the same issue, the solution provided by @DenisBiondic seems to be the only current solution... |
Closing this issue as old/stale. If this issue still comes up, please confirm you are running the latest AKS release. If you are on the latest release and the issue can be re-created outside of your specific cluster please open a new github issue. If you are only seeing this behavior on clusters with a unique configuration (such as custom DNS/VNet/etc) please open an Azure technical support ticket. |
What happened:
az aks get-credentials --resource-group <resource-group> --name <name> -f -
which returns:What you expected to happen:
az aks get-credentials --resource-group <resource-group> --name <name> -f -
returns:as
az aks get-credentials --resource-group <resource-group> --name <name> -a -f -
does but without the admin privilegesHow to reproduce it (as minimally and precisely as possible):
Anything else we need to know?:
The
admin-client-certificate-data
andadmin-client-key-data
was taken fromaz aks get-credentials --resource-group <resource-group> --name <name> -a -f -
.Environment:
kubectl version
): v1.11.1The text was updated successfully, but these errors were encountered: