How to use Azure service principal in cloud agent to connect AKS cluster

Hi team,

I have deployed Jekins controller in AKS cluster: Kubernetes. Now need to configure cloud agent with k8s plugin.

  1. instead of using service account for RBAC, we want to use azure service principal:
    Use Microsoft Entra ID and Kubernetes RBAC for clusters - Azure Kubernetes Service | Microsoft Learn

here are steps we have done:

  1. enable AAD for AKS at first.
    az aks update -g myResourceGroup -n myManagedCluster --enable-aad

  2. Create SP and assign the “Azure Kubernetes Service Cluster User Role" to make sure it is able to get AKS credentials.
    az role assignment create --assignee $objectID --role “Azure Kubernetes Service Cluster User Role” --scope $AKS_ID

  3. Create role and rolebinding for SP.

  4. Run command “az aks get-credentials -g RGname -n AKSname”, not it won’t return any cert yet.

  5. Configure kubelogin with SP, now you can check kubeconfig file, the client is changed to SP.
    kubelogin convert-kubeconfig -l spn --client-id $AAD_SERVICE_PRINCIPAL_CLIENT_ID --client-secret $AAD_SERVICE_PRINCIPAL_CLIENT_SECRET

  6. Use the new kubeconfig file in Jekin credential.

But when test connection, it reports kubelogin command not found. I am wondering how can we install kubelogin in cloudagent.

Thanks for your help!