Closed arodindev closed 3 months ago
I think https://azure.github.io/kubelogin/topics/k8s-oidc-aad.html should work for you
This config indeed worked for me
kubectl config set-credentials "azure-user" \
--exec-api-version=client.authentication.k8s.io/v1beta1 \
--exec-command=kubelogin \
--exec-arg=get-token \
--exec-arg=--environment \
--exec-arg=AzurePublicCloud \
--exec-arg=--server-id \
--exec-arg=$AAD_CLIENT_ID \
--exec-arg=--client-id \
--exec-arg=$AAD_CLIENT_ID \
--exec-arg=--tenant-id \
--exec-arg=$AAD_TENANT_ID \
--exec-arg=--login \
--exec-arg=interactive
thank you @weinong
We want to authenticate to an Amazon EKS cluster using Azure Entra ID. For that we have created an Azure app that issues an ID token containing the Entra ID groups information of the user. For getting started we used this guide https://aws.amazon.com/blogs/containers/using-azure-active-directory-to-authenticate-to-amazon-eks/
This works fine when the "Allow public client flow" is enabled. However, due to internal security regulations we are forced to set the app to private. There is a community version of kubelogin that allows to provide a
--oidc-client-secret
flag. Do we have something similar with the Azure kubelogin and can someone guide me on how to set this up?Thanks!