Support for kubelogin for Azure AKS clusters


With Azure pushing for AKS to become more deeply integrated with Azure AD they are encouraging admins to disable the --admin flag when getting credentials which creates a local admin account on the cluster. This creates a problem with service principal login since authentication passes but an OAuth device code flow is forced that cannot be disabled. For a while this was a blocker for user service principals.

Recently the Azure team released kubelogin to assist with the process Azure/kubelogin: A Kubernetes credential (exec) plugin implementing azure authentication ( Based on this it appears that this could be leveraged to allow the flow without a local admin account.

Hi @tcreveal,

Thank you for contacting Octopus Support.

I have passed this information along to the relevant internal team as a feature request.

If there is anything else we can assist with, please don’t hesitate to ask.

Best Regards,

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.