Using kubelogin with MSI from within a pod

[abhinovntap]

Hi,

if we were to use kubelogin from within a pod to communicate with another cluster.

• How should the kubelogin binary added to the path to recognise the auth-provider options ?
• if this approach were to use MSI, does the MSI have to be in the path for kubelogin convert-kubeconfig -l msi --client-id <client-id> to work ?
• For a k8s cluster, we modified the KubeConfig with auth-provider set to kubelogin but fails with : ERRO[2024-11-12 15:56:31.506] AuthenticationFailed: Failed to initialize Kubernetes client for rlinux cluster [rlinuxcluster-v1] with rest.Config provider block and TLSClientConfig - no Auth Provider found for name "kubelogin" ERRO[2024-11-12 15:56:31.506] DeploymentError: One or more kubernetes object components failed to install or deploy on rlinux cluster - no Auth Provider found for name "kubelogin"

[weinong]

what does your kubeconfig look like? it should look similar to

- name: some_name
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1beta1
      args:
      - get-token
      - --login
      - azurecli
      - --server-id
      - <server app id>
      command: kubelogin
      env: null
      installHint: |2

        kubelogin is not installed which is required to connect to AAD enabled cluster.

        To learn more, please go to https://aka.ms/aks/kubelogin
      interactiveMode: IfAvailable
      provideClusterInfo: false

Since you are running inside the pod, I'd highly recommend using workload identity where AZURE_FEDERATED_TOKEN_FILE is the projected service account token file.