OIDC token generated for AzureAD app not able to access AKS resources that has AzureAD enabled.

Ashu Ghildiyal 21 Reputation points

I have an AKS cluster that has AzureAD, RBAC enabled I also have registered an app on AzureAD. Now I am trying to get a token with the typical go-oidc package flow with the necessary AzureAD configs but the token i get is not able to access AKS resources I get a 401 unauthorized error
Note: I have the required clusterrole and clusterrolebindings that allow the AzureAD group to access all the resources.

more info:
I have tried the same token with a minikube cluster locally which has oidc configured which works there

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,744 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,333 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vidya Narasimhan 2,191 Reputation points Microsoft Employee

    @Ashu Ghildiyal can you try cleaning up the KubeConfig via Kubectl config commands?