Hi team,
I have deployed Jekins controller in AKS cluster: Kubernetes. Now need to configure cloud agent with k8s plugin.
- instead of using service account for RBAC, we want to use azure service principal:
Use Microsoft Entra ID and Kubernetes RBAC for clusters - Azure Kubernetes Service | Microsoft Learn
here are steps we have done:
-
enable AAD for AKS at first.
az aks update -g myResourceGroup -n myManagedCluster --enable-aad -
Create SP and assign the “Azure Kubernetes Service Cluster User Role" to make sure it is able to get AKS credentials.
az role assignment create --assignee $objectID --role “Azure Kubernetes Service Cluster User Role” --scope $AKS_ID -
Create role and rolebinding for SP.
-
Run command “az aks get-credentials -g RGname -n AKSname”, not it won’t return any cert yet.
-
Configure kubelogin with SP, now you can check kubeconfig file, the client is changed to SP.
kubelogin convert-kubeconfig -l spn --client-id $AAD_SERVICE_PRINCIPAL_CLIENT_ID --client-secret $AAD_SERVICE_PRINCIPAL_CLIENT_SECRET -
Use the new kubeconfig file in Jekin credential.
But when test connection, it reports kubelogin command not found. I am wondering how can we install kubelogin in cloudagent.
Thanks for your help!