Authenticate with a MSI to AKS: Identity not found #592
Closed
pascalnaber
started this conversation in
General
Replies: 3 comments
-
|
Should use kubelogin convert-kubeconfig -l azurecli for a managed identity to AKS... |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
succeeded using azurecli instead of msi for a managed identity... |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I'm provisioning a private AKS cluster. Authentication is configured with 'Microsoft Entra ID authentication with Azure RBAC'.
And I've also provisioned a managed identity. This managed identity has the "Azure Kubernetes Service RBAC Cluster Admin" role on the whole subscription.
When I run the following in github actions, where this Managed Identity is authenticated.
az aks get-credentials --resource-group rg-play --name aks-play --overwrite-existing
kubelogin convert-kubeconfig -l msi --client-id xyz1234-cdd2-46ef-ac3c-xyz1234
kubectl get nodes
I get the following error:
Error: failed to get token: adal: Refresh request failed. Status Code = '400'. Response body: {"error":"invalid_request","error_description":"Identity not found"} Endpoint http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&client_id=***&resource=6dae42f8-4368-4678-94ff-3960e28e3630
What am I missing to make this work?
Beta Was this translation helpful? Give feedback.
All reactions