How to connect to AKS clusters after Kubernetes v1.26 update
Learn how to use the new Azure kubelogin tool to autheticate to your AKS cluster through Azure AD — Now Microsoft Entra ID
Kubernetes v1.24 introduced some important changes in the way we used to connect to Azure Kubernetes Service — AKS clusters. With the arrival of v1.26 on January 18, 2023 Kubernetes was dropped the built-in support for gcp and azure auth plugins that until then came inside kubectl.
Now, each cloud provider should provide a cloud-specific replacement for the auth plug-in that was dropped from kubectl in v1.26
The first thing to do is to download and install the latest version of Azure CLI. If you don’t have it yet, you can download it for Windows, macOS and Linux at https://learn.microsoft.com/en-us/cli/azure/install-azure-cli
After downloading and installing Azure CLI, open a PowerShell terminal and type:
az login
You will be prompted to log in with your work (or personal) Microsoft account, as usual.
If your tenant have more than one subscription, use the
az account set --subscriptioncommand to switch to the subscription where your AKS cluster resides.
# Show all subscriptions in my tenant
az account subscription list
# Switch to a different subscription
az account set --subscription <subscription-id>
# Don't forget to replace <subscription-id> above with your subscription name or id.After logging in using your Microsoft Account, use the Azure CLI’s az aks get-credentials command to populate your local kubeconfig file with your AKS cluster credentials, as usual.
az aks get-credentials --resource-group my-rg-name --name my-aks-cluster-name
# Don't forget to replace my-rg-name and my-aks-cluster-name above with your Resource Group and AKS Cluster names.
Now, you need to install azure-kubelogin. It is now responsible for implementing and performing the authentication. To do this, use the command bellow:
az aks install-cli
az aks install-cli will download and install the latest version of kubectl and azure-kubelogin that is now needed to perform authentication on AKS clusters through Azure AD — now Microsoft Entra ID.
In some cases, after running
az aks install-cliAzure CLI may ask you to add kubelogin.exe to your PATH environment variable manually. If it asks you to, go to Control Panel -> System -> Advanced -> Environment Variables and include the provided path for kubelogin.exe (and kubectl.exe if you already don’t have it) to the list.
⚠️After the installation, close PowerShell and open it again. Otherwise, kubelogin will not be recognized.
Now, use Kubelogin to convert your kubeconfig and populate it with the AAD tokens. To do so, type the following command on your PowerShell terminal:
kubelogin convert-kubeconfigNow you will be able to use kubectl as usual.
# List all my k8s Deployments
kubectl get deployments - all-namespaces=true
And you will be able to access you cluster using Lens also if you want.
If you have any trouble with Lens, don’t forget to quit Lens and open it again before trying to connect to AKS.
See the Kuberentes v1.26.0 changelog deprecation notice at https://gist.github.com/superbrothers/7409b6f4df10501304e7a85e137d7269#deprecation
