Kubelogin is not able to convert the kubeconfig to azurecli format for 1.24.0 AKS cluster #93
Comments
|
This is a blocker for us to deploy the AKS cluster to 1.24.0 |
|
+1, discovered same issue today after upgrading to 1.24.0 |
|
since 1.24.0, AKS default returns exec format kubeconfig so that it doesn't actually need kubelogin conversion. currently, kubelogin's |
|
@gyuvaraj10, the kubeconfig you got from 1.24 cluster should be as good unless you require to use azurecli login? |
|
@weinong I like to connect to cluster and run some commands (example: 'kubectl get nodes') with in a CI pipeline. So, I want to connect to the cluster in non-interactive mode. Can you suggest the approach for the non-interactive communication to the cluster if kubelogin doesn't support. |
|
@gyuvaraj10 how would azurecli mode help? do you use a service principal to login? |
|
Azurecli can be use in a non-interactive mode, as per https://github.com/Azure/kubelogin#azure-cli-token-login-non-interactive |
|
@weinong if we are performing az cli authentication using SPN and get the config using SPN then expectation would be that Kubectl commands execution happens non-interactively which is not the case. its asking us to sign in (SPM is meant for M2M) Even though the config is downloaded in the context of authenticated SPN, the EXEC has property --login with value "devicecode" which is leading to interactive mode |
|
we are working on the fix! |
|
Hi, |
|
Just recently updated kubelogin. On a 1.22 AKS cluster, convert-kubeconfig for azurecli is no longer working for me. The command runs fine, but any kubectl command I get the deprecation warning message as if I never ran the convert command. |
$ kubectl get nodes
W0708 10:02:09.364656 77597 azure.go:92] WARNING: the azure auth plugin is deprecated in v1.22+, unavailable in v1.25+; use https://github.com/Azure/kubelogin instead.
To learn more, consult https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code RE6TRRUJT to authenticate.
^C
$ kubelogin --version
kubelogin version
git hash: v0.0.14/f345047a580aaaf133b009041963d50b98d8d2e2
Go version: go1.17.11
Build time: 2022-07-07T17:00:54Z
$ kubelogin convert-kubeconfig -l azurecli
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
aks-nodepool1-14804407-vmss000000 Ready agent 53m v1.22.6
$ kubectl version --short
Flag --short has been deprecated, and will be removed in the future. The --short output will become the default.
Client Version: v1.24.0
Kustomize Version: v4.5.4
Server Version: v1.22.6
WARNING: version difference between client (1.24) and server (1.22) exceeds the supported minor version skew of +/-1@davidbgonz, unable to repro this on |
|
You are getting the same result as on my end. The behavior prior to updating was after running |
|
@davidbgonz i'm not following. are you saying you are still being prompted to login after converting to azurecli using 0.0.14? Would you mind sharing the converted kubeconfig? you can omit the fqdn and CA to make it generic |
|
@weinong That was the case, but actually I just got it working again. There was some funny business going on with my config. The steps I ran:
I am not sure why the config file got in such a state. I also had to remove a leftover config.lock that would not clear up. This was something else I noticed after the update but not sure if it's related since I was messing around with the az and kubelogin commands. |
|
@davidbgonz no problem. If you encounter the issue consistently, please open a new issue with the kubeconfig before and after conversion. |
Step Performed:
Actual config in the .kube/config file
Expected Config:
Environment (please complete the following information):
git hash: v0.0.13/52e83a071f39e9e039e95aa9a6fbea04855eae13
Go version: go1.17.9
Build time: 2022-04-23T00:49:14Z
The text was updated successfully, but these errors were encountered: