Skip to content

Commit 7a1651c

Browse files
sethmanheimsethmanheim
committed
Add new AKS Arc kubectl TSG
1 parent 7c7f306 commit 7a1651c

File tree

2 files changed

+40
-0
lines changed

2 files changed

+40
-0
lines changed

AKS-Arc/TOC.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -187,6 +187,8 @@
187187
href: network-validation-errors.md
188188
- name: Network validation error due to .local domain
189189
href: network-validation-error-local.md
190+
- name: Entra authentication prompts when running kubectl
191+
href: entra-prompts.md
190192
- name: Reference
191193
items:
192194
- name: Azure CLI

AKS-Arc/entra-prompts.md

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
---
2+
title: Entra authentication prompts when running kubectl with Kubernetes RBAC
3+
description: Learn how to troubleshoot Entra authentication issues when using kubectl with Kubernetes RBAC.
4+
author: sethmanheim
5+
ms.author: sethm
6+
ms.topic: troubleshooting
7+
ms.date: 06/17/2025
8+
ms.reviewer: leslielin
9+
ms.lastreviewed: 06/17/2025
10+
11+
---
12+
13+
# Troubleshoot Entra authentication prompts when running kubectl with Kubernetes RBAC
14+
15+
This article helps you diagnose and resolve issues related to repeated Entra authentication prompts when using **kubectl** with Kubernetes RBAC on AKS enabled by Azure Arc.
16+
17+
## Symptoms
18+
19+
When you use **kubectl** with [Microsoft Entra authentication and Kubernetes RBAC](kubernetes-rbac-local.md) in AKS on Azure Local, Entra authentication prompts appear after each command execution.
20+
21+
## Possible causes
22+
23+
This issue is caused by a [GitHub bug](https://github.com/Azure/kubelogin/issues/654) introduced in **kubelogin** version 0.2.0 and later.
24+
25+
## Mitigation
26+
27+
To mitigate this issue, you can use one of the following two methods:
28+
29+
- Downgrade **kubelogin** to version 1.9.0. This stable version does not have the bug that causes repeated authentication prompts. You can [download this version from the GitHub repository](https://github.com/int128/kubelogin/releases/tag/v1.9.0). Select the appropriate asset for your OS or architecture, extract it, and replace your existing **kubelogin** binary.
30+
- Alternatively, if you have administrator permissions, you can use the `--admin` flag with the `az aksarc get-credentials` command. This method bypasses **kubelogin** authentication by retrieving admin credentials directly:
31+
32+
```azurecli
33+
az aksarc get-credentials -g $resource_group_name -n $aks_cluster_name --file <file-name> --admin
34+
```
35+
36+
## Next steps
37+
38+
[Troubleshoot issues in AKS enabled by Azure Arc](aks-troubleshoot.md)

0 commit comments

Comments
 (0)