I have following kubectl
command to obtain the credentials for my Azure cluster:
kubectl config set-credentials token --token="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" --auth-provider=azure
However, this throws following error:
creating a new azure token source for device code authentication: client-id is empty
After doing some investigation, I found out that we need to supply additional information for client id
, tenant id
, and apiserver id
:
kubectl config \
set-credentials "<username>" \
--auth-provider=azure \
--auth-provider-arg=environment=AzurePublicCloud \
--auth-provider-arg=client-id=<kubectl-app-id> \
--auth-provider-arg=tenant-id=<tenant-id> \
--auth-provider-arg=apiserver-id=<apiserver-app-id>
How should we obtain the client id
, tenant id
, and apiserver id
details?
CodePudding user response:
Command kubectl config set-credentials
is used to set credentials as the name implies. If you want to get some information from your cluster you have several ways to do. For example you can use Azure Portal. Everything is described in this article. For example to get Tenant ID you need to:
- Login into your azure account.
- Select azure active directory in the left sidebar.
- Click properties.
- Copy the directory ID.
To get Client ID:
- Login into your azure account.
- Select azure active directory in the left sidebar.
- Click Enterprise applications.
- Click All applications.
- Select the application which you have created.
- Click Properties.
- Copy the Application ID .
To get Client Secret:
- Login into your azure account.
- Select azure active directory in the left sidebar.
- Click App registrations.
- Select the application which you have created.
- Click on All settings.
- Click on Keys.
- Type Key description and select the Duration.
- Click save.
- Copy and store the key value. You won't be able to retrieve it after you leave this page.
You can also find these informations using cli based on oficial documentation.
You can also find additional example for Tenant ID (example with Azure portal and cli options):
az login
az account list
az account tenant list