Describe the bug
we would like to use workloadidentity login from the azure devops. it works fine with plugins like kubernetes and kubectl taks but az cli its inlinscript we are not able to kubelogin and it don;t have federated token environment.
Related command
azure_federate_token_file how to get it from azure pipeine az clli task. kubernetes task is giving it
Errors
[azureuser@agentpool-vm ~]$ kubectl get pods --kubeconfig=/home/azureuser/myagent/_work/7/a/kubeconfig-dev
Error: clientID cannot be empty
Unable to connect to the server: getting credentials: exec: executable kubelogin failed with exit code 1
Issue script & Debug output
[azureuser@agentpool-vm ~]$ kubectl get pods --kubeconfig=/home/azureuser/myagent/_work/7/a/kubeconfig-dev
Error: clientID cannot be empty
Unable to connect to the server: getting credentials: exec: executable kubelogin failed with exit code 1
Expected behavior
it should populate the below environment in the azure pipeline so that we can create multiple kubeconfig and connect the same.
AZURE_CLIENT_ID is Azure Active Directory application ID that is federated with workload identity
AZURE_TENANT_ID is Azure Active Directory tenant ID
AZURE_FEDERATED_TOKEN_FILE is the file containing signed assertion of workload identity. E.g. Kubernetes projected service account (jwt) token
AZURE_AUTHORITY_HOST is the base URL of an Azure Active Directory authority. E.g. https://login.microsoftonline.com/
Environment Summary
[azureuser@agentpool-vm ~]$ az version
{
"azure-cli": "2.58.0",
"azure-cli-core": "2.58.0",
"azure-cli-telemetry": "1.1.0",
"extensions": {}
}
Additional context
No response
Describe the bug
we would like to use workloadidentity login from the azure devops. it works fine with plugins like kubernetes and kubectl taks but az cli its inlinscript we are not able to kubelogin and it don;t have federated token environment.
Related command
azure_federate_token_file how to get it from azure pipeine az clli task. kubernetes task is giving it
Errors
[azureuser@agentpool-vm ~]$ kubectl get pods --kubeconfig=/home/azureuser/myagent/_work/7/a/kubeconfig-dev
Error: clientID cannot be empty
Unable to connect to the server: getting credentials: exec: executable kubelogin failed with exit code 1
Issue script & Debug output
[azureuser@agentpool-vm ~]$ kubectl get pods --kubeconfig=/home/azureuser/myagent/_work/7/a/kubeconfig-dev
Error: clientID cannot be empty
Unable to connect to the server: getting credentials: exec: executable kubelogin failed with exit code 1
Expected behavior
it should populate the below environment in the azure pipeline so that we can create multiple kubeconfig and connect the same.
AZURE_CLIENT_ID is Azure Active Directory application ID that is federated with workload identity
AZURE_TENANT_ID is Azure Active Directory tenant ID
AZURE_FEDERATED_TOKEN_FILE is the file containing signed assertion of workload identity. E.g. Kubernetes projected service account (jwt) token
AZURE_AUTHORITY_HOST is the base URL of an Azure Active Directory authority. E.g. https://login.microsoftonline.com/
Environment Summary
[azureuser@agentpool-vm ~]$ az version
{
"azure-cli": "2.58.0",
"azure-cli-core": "2.58.0",
"azure-cli-telemetry": "1.1.0",
"extensions": {}
}
Additional context
No response