We have an ARM template that does the initial setup of our AKS cluster and add AD integration as part of the install following this guide https://docs.microsoft.com/en-us/azure/aks/aad-integration. We then use the Powershell step to add the target. It adds correctly, but then fails to connect with the following error:
kubectl version to test connectivity
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code
BEM62JFDV to authenticate.
CancelRequest not implemented
Failed to acquire a token: acquiring a new fresh token: waiting for device code authentication to complete: autorest/adal/devicetoken: Error while retrieving OAuth token: Code Expired
Am I missing a permissions step or has anyone seen this? I did add a similar issue on the MS to try to figure out troubleshooting.
From some other posts, it looks like MS added a --admin switch to get-credentials to bypass this and get general admin credentials. In order to do this we might need a way to toggle that switch.