如何使用 kubectl 获取 Azure 凭据?
How to obtain Azure credentials using kubectl?
我有以下 kubectl 命令来获取我的 Azure 集群的凭据:
kubectl config set-credentials token --token="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" --auth-provider=azure
但是,这会引发以下错误:
creating a new azure token source for device code authentication: client-id is empty
经过一些调查,我发现我们需要为 client id、tenant id 和 apiserver id:
提供额外的信息
kubectl config \
set-credentials "<username>" \
--auth-provider=azure \
--auth-provider-arg=environment=AzurePublicCloud \
--auth-provider-arg=client-id=<kubectl-app-id> \
--auth-provider-arg=tenant-id=<tenant-id> \
--auth-provider-arg=apiserver-id=<apiserver-app-id>
我们应该如何获取 client id、tenant id 和 apiserver id 详细信息?
命令kubectl config set-credentials用于set credentials as the name implies. If you want to get some information from your cluster you have several ways to do. For example you can use Azure Portal. Everything is described in this article。例如,要获取租户 ID,您需要:
- Login into your azure account.
- Select azure active directory in the left sidebar.
- Click properties.
- Copy the directory ID.
获取客户端 ID:
- Login into your azure account.
- Select azure active directory in the left sidebar.
- Click Enterprise applications.
- Click All applications.
- Select the application which you have created.
- Click Properties.
- Copy the Application ID .
获取客户端密码:
- Login into your azure account.
- Select azure active directory in the left sidebar.
- Click App registrations.
- Select the application which you have created.
- Click on All settings.
- Click on Keys.
- Type Key description and select the Duration.
- Click save.
- Copy and store the key value. You won't be able to retrieve it after you leave this page.
您也可以使用基于oficial documentation的cli找到这些信息。
您还可以找到 Tenant ID 的其他示例(带有 Azure 门户和 cli 选项的示例):
az login
az account list
az account tenant list
我有以下 kubectl 命令来获取我的 Azure 集群的凭据:
kubectl config set-credentials token --token="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" --auth-provider=azure
但是,这会引发以下错误:
creating a new azure token source for device code authentication: client-id is empty
经过一些调查,我发现我们需要为 client id、tenant id 和 apiserver id:
kubectl config \
set-credentials "<username>" \
--auth-provider=azure \
--auth-provider-arg=environment=AzurePublicCloud \
--auth-provider-arg=client-id=<kubectl-app-id> \
--auth-provider-arg=tenant-id=<tenant-id> \
--auth-provider-arg=apiserver-id=<apiserver-app-id>
我们应该如何获取 client id、tenant id 和 apiserver id 详细信息?
命令kubectl config set-credentials用于set credentials as the name implies. If you want to get some information from your cluster you have several ways to do. For example you can use Azure Portal. Everything is described in this article。例如,要获取租户 ID,您需要:
- Login into your azure account.
- Select azure active directory in the left sidebar.
- Click properties.
- Copy the directory ID.
获取客户端 ID:
- Login into your azure account.
- Select azure active directory in the left sidebar.
- Click Enterprise applications.
- Click All applications.
- Select the application which you have created.
- Click Properties.
- Copy the Application ID .
获取客户端密码:
- Login into your azure account.
- Select azure active directory in the left sidebar.
- Click App registrations.
- Select the application which you have created.
- Click on All settings.
- Click on Keys.
- Type Key description and select the Duration.
- Click save.
- Copy and store the key value. You won't be able to retrieve it after you leave this page.
您也可以使用基于oficial documentation的cli找到这些信息。
您还可以找到 Tenant ID 的其他示例(带有 Azure 门户和 cli 选项的示例):
az login
az account list
az account tenant list