This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 67%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENA%3C/text%3E%3C/svg%3E)
Hi All,
We are trying to limit user access to particular namespace in AKS . To achieve this we have assigned user the following permission.
But we are now getting below error message - Please suggest
PS C:\Users\abc> kubectl get pods -n namespacename
Unable to connect to the server: getting credentials: exec: executable kubelogin not found
It looks like you are trying to use a client-go credential plugin that is not installed.
To learn more about this feature, consult the documentation available at:
https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins
Welcome to Microsoft Q&A Platform, thanks for posting your query here.
Based on the details you shared, I would request you to run the az aks install-cli command. This should help resolved the error.
Ref: https://learn.microsoft.com/en-us/cli/azure/aks?view=azure-cli-latest#az-aks-install-cli
Hope this helps.
Kubectl and Azure CLI is already installed and path in the env variable is defined.
Thanks for responding back on this.
Can you run az aks update -g myResourceGroup -n myAKSCluster --enable-azure-rbac to enable the azure rbac for the cluster to use the RBAC role.
See if this helps.
This is already enabled for the cluster. We did that.
Thanks for your patience on this. As you have tried all the things and you are seeing the issue, I would recommend to open a support case for investigating this issue.
Support team will be able to check and help on this. I would recommend you to open a azure support case.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 14.000000000000002%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGO%3C/text%3E%3C/svg%3E)
@Niren Adhikary (NAD) based on the error message, it seems like that either you don’t have kubelogin installed, or it’s not in PATH.
I wrote a guide that explains in details what kubelogin is and how to use it. That might help you as well https://aptakube.com/blog/how-to-use-azure-kubelogin
The key part here is to download kubelogin and put it in a folder that is part of your PATH environment variable. Use the command “where kubelogin” to confirm if it’s correctly installed.
We have installed kubectl on the local machine and the path defined in the environment variable correctly. On the lower environment it works.
Can you try deleting the kube cache folder under the current user logged in to the windows machine you ran the command and try again? It looks like the following folder for me
----------
--please don't forget to upvote and Accept as answer if the reply is helpful--
There is no cache folder only config file, but instead we tried deleting the .kube folder
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 68%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
same issue here. the aks getcredentials seems to works but then kubectl fails.
I suspect a difference of version between client (which is 1.25.3 for me) and the server is 1.23.X.
edit: after upgrading the aks cluster to 1.24.6, then I can now use kubectl without issue, but I can't connect to a hub (aks fleet) which is 1.24.6. super weird
I am not if the version conflict is the issue here but we have the latest version of kubernetes in aks and client kubectl tool in the local vm.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 84%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAF%3C/text%3E%3C/svg%3E)
Hello Niren,
Have you tried pulling the credentials again using:
az aks get-credentials -n <clustername> -g <resourcegroup>
Also to further troubleshoot this, is this happening only for this user or many others too? On the other hand, have you tried getting the credentials from a different terminal where you do not have any client-go credentials pre-installed like cloudshell, if this is a private cluster you could use this doc to run commands from cloudshell:
https://learn.microsoft.com/en-us/azure/aks/command-invoke
Also to troubleshoot you could enable the --admin flag when pulling the cluster credentials.