Default credentials expiration time for Azure Kubernetes RBAC

Tanul 1,291 Reputation points
2023-06-12T10:07:30.1366667+00:00

After enabling RBAC in AKS we need to install kubelogin to interact with AKS via kubectl.

While executing az aks get-credentials we need to login via azure portal authentication. For this, what is the default expiry time. After how many days we have to again run this command to fetch credentials of AKS. Is there any way to change that time.

Azure Kubernetes Service
Azure Kubernetes Service
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,456 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Akram Kathimi 1,281 Reputation points Microsoft Employee
    2023-06-12T10:42:45.9666667+00:00

    Hi @Tanul ,

    Thank you for your question.

    The kubectl client has a certificate for communicating with the AKS cluster, the certificate can be found in the kubeconfig file (~/.kube/config by default).

    The certificate is valid for 2 years, and is rotated/updated automatically for clusters created after May 2019.

    To check the expiration date for the kubectl certificate, run the below command after changing the name:

    kubectl config view --raw -o jsonpath="{.users[?(@.name == 'clusterUser_rg_myAKSCluster')].user.client-certificate-data}" | base64 -d | openssl x509 -text | grep -A2 Validity
    

    Please check this document for all the needed information regarding AKS certificates.

    Please Accept the answer if the information helped you. This will help us and others in the community as well.

    Thank you.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.