The problem:
When enabling Azure Active Directory integration for your Azure Kubernetes Service cluster, kubectl and Helm commands will require Azure Active Directory authentication. Running Azure Pipelines is a non-interactive environment, i.e. Azure DevOps cannot perform interactive login. Therefore we must use https://github.com/Azure/kubelogin inside on Azure CLI task, which will allow kubelogin to retrieve credentials for AKS using Azure CLI. The same principle applies for any other CD solution, however we will be using Azure DevOps for this example.
The solution:
Below is a snippet from a YAML pipeline using kubelogin to authenticate with Azure AD integrated AKS cluster:
- task: AzureCLI@2
displayName: Login to AKS cluster using kubelogin
inputs:
azureSubscription: <Name of the Azure Resource Manager service connection>
scriptType: bash
scriptLocation: inlineScript
inlineScript: |
export KUBECONFIG=$(Pipeline.Workspace)/kubeconfig
kubelogin convert-kubeconfig -l azurecli # This will configure the kubeconfig file to use Azure CLI for retrieving credentials
echo "##vso[task.setvariable variable=KUBECONFIG;]${KUBECONFIG}" # Instruct subsequent tasks to use the kubeconfig file generated by kubelogin
# Install NGINX Ingress Controller chart to verify Helm can authenticate with AKS cluster
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install ingress-nginx ingress-nginx/ingress-nginx
No responses yet