OIDC token generated for AzureAD app not able to access AKS resources that has AzureAD enabled.

Ashu Ghildiyal 21 Reputation points
2022-04-28T11:13:07.457+00:00

I have an AKS cluster that has AzureAD, RBAC enabled I also have registered an app on AzureAD. Now I am trying to get a token with the typical go-oidc package flow with the necessary AzureAD configs but the token i get is not able to access AKS resources I get a 401 unauthorized error
Note: I have the required clusterrole and clusterrolebindings that allow the AzureAD group to access all the resources.

more info:
I have tried the same token with a minikube cluster locally which has oidc configured which works there

Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,187 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,447 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vidya Narasimhan 2,126 Reputation points Microsoft Employee
    2022-04-28T14:08:24.773+00:00

    @Ashu Ghildiyal can you try cleaning up the KubeConfig via Kubectl config commands?


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.