Issue Connecting to Azure AD-Enabled AKS Cluster and Unauthorized Error Retrieving Namespaces
I am writing to report an issue we encountered while attempting to connect to our Azure AD-enabled AKS cluster and the subsequent unauthorized error when retrieving namespaces. We have successfully retrieved AKS namespace details in our local environment, which uses Local Accounts with Kubernetes RBAC for authentication and authorization. However, our Azure Dev Environment is configured to use Azure AD Authentication and Authorization with Kubernetes RBAC.
Upon executing the following code snippet:
from azure.mgmt.containerservice import ContainerServiceClient
from kubernetes import client, config
from azure.identity import ClientSecretCredential
# Set the AKS cluster details
resource_group = 'resource_group'
aks_cluster_name = 'aks_cluster_name'
subscription_id = 'subscription_id'
tenant_id = 'tenant_id'
client_id = 'client_id'
client_secret = 'client_secret'
# Create a service principal credential
credentials = ClientSecretCredential(
tenant_id=tenant_id,
client_id=client_id,
client_secret=client_secret
)
# Create the AKS cluster client
cluster_client = ContainerServiceClient(credentials, subscription_id)
# Retrieve the AKS cluster
cluster = cluster_client.managed_clusters.get(resource_group, aks_cluster_name)
# Retrieve the cluster's access credentials
kube_config = cluster_client.managed_clusters.get_access_profile(resource_group, aks_cluster_name, "clusterUser")
# Load the Kubernetes configuration
config.load_kube_config(kube_config.kube_config)
# Create the Kubernetes API client
kubernetes_client = client.CoreV1Api()
# Retrieve all namespaces
namespaces = kubernetes_client.list_namespace().items
# Print the namespace names
for ns in namespaces:
print(ns.metadata.name)
We encountered the following errors:
Error message: "kubelogin" is not installed.
- This error occurred while attempting to connect to the Azure AD-enabled cluster.
Error message: "--environment variable from kubeconfig throwing ERROR:root:'NoneType' object has no attribute 'strip'".
- This error was thrown during the execution of
config.load_kube_config(kube_config.kube_config)
.
Unauthorized Error: Retrieving namespaces using kubernetes_client.list_namespace().items
resulted in an unauthorized error.
Please note that we have ensured the accuracy of the provided credentials (tenant_id, client_id, and client_secret), subscription_id, resource_group, and aks_cluster_name.
We kindly request your assistance in resolving these issues, as we need to successfully connect to the Azure AD-enabled AKS cluster and retrieve the namespaces. Any guidance or steps to troubleshoot and resolve this issue would be greatly appreciated.
Thank you for your attention to this matter. We look forward to your prompt response and resolution.