skip to Main Content

By following this document https://github.com/Azure/kubelogin/blob/master/README.md#user-principal-login-flow-non-interactive,
i had enabled kubelogin auth to azure kubernetes services. It didnt work as expected and now i want to disable kubelogin auth. But even for the new AKS clusters that I create with the option ‘Azure AD auth with Kubernetes rbac’ enabled, when I get credentials

az aks get-credentials –resource-group centralus-aks-01-rg –name aks-centralus-01

i see below in kube config file. It is still using kubelogin auth.

users:
- name: clusterUser_centralus-aks-01-rg_aks-private-centralus-01
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1beta1
      args:
      - get-token
      - --environment
      - AzurePublicCloud
      - --server-id
      - 6xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx0
      - --client-id
      - xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx0
      - --tenant-id
      - xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx0
      - --login
      - devicecode
      command: kubelogin
      env: null
      interactiveMode: IfAvailable
      provideClusterInfo: false

Can someone let me know how to disable kubelogin and get to regular auth provider on getting the credentials. So when I do Kubectl get nodes, i should get a new browser tab open and i can enter the user and the code. I couldn’t find any reference to disable this.

2

Answers


  1. You can get the old form of the kubeconfig file by using the format flag.

    az aks get-credentials --format azure ...
    

    However, from aks 1.25 onwards, you will have to use kubelogin. So It’s probably good to stick to it.


    If your issue is the behaviour of the kubelogin plugin, you can adjust the flags you have there in the exec array. You can review https://github.com/Azure/kubelogin to see possible options.

    Login or Signup to reply.
  2. See, https://github.com/Azure/AKS/issues/2728 – kubelogin is becoming mandatory, so you’ll need to get used to the process.

    Try to run "kubectl config unset clusters" to clear config, then you’ll need to get-credentials and you’ll be prompted to use your browser on running a kubectl command.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search