By following this document https://github.com/Azure/kubelogin/blob/master/README.md#user-principal-login-flow-non-interactive,
i had enabled kubelogin auth to azure kubernetes services. It didnt work as expected and now i want to disable kubelogin auth. But even for the new AKS clusters that I create with the option ‘Azure AD auth with Kubernetes rbac’ enabled, when I get credentials
az aks get-credentials –resource-group centralus-aks-01-rg –name aks-centralus-01
i see below in kube config file. It is still using kubelogin auth.
users:
- name: clusterUser_centralus-aks-01-rg_aks-private-centralus-01
user:
exec:
apiVersion: client.authentication.k8s.io/v1beta1
args:
- get-token
- --environment
- AzurePublicCloud
- --server-id
- 6xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx0
- --client-id
- xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx0
- --tenant-id
- xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx0
- --login
- devicecode
command: kubelogin
env: null
interactiveMode: IfAvailable
provideClusterInfo: false
Can someone let me know how to disable kubelogin and get to regular auth provider on getting the credentials. So when I do Kubectl get nodes, i should get a new browser tab open and i can enter the user and the code. I couldn’t find any reference to disable this.
2
Answers
You can get the old form of the kubeconfig file by using the format flag.
However, from aks 1.25 onwards, you will have to use kubelogin. So It’s probably good to stick to it.
If your issue is the behaviour of the kubelogin plugin, you can adjust the flags you have there in the exec array. You can review https://github.com/Azure/kubelogin to see possible options.
See, https://github.com/Azure/AKS/issues/2728 – kubelogin is becoming mandatory, so you’ll need to get used to the process.
Try to run "kubectl config unset clusters" to clear config, then you’ll need to get-credentials and you’ll be prompted to use your browser on running a kubectl command.