Last active
January 4, 2023 23:06
-
-
Save djpadz/902ff091a58e5baaf60551b8b7a77780 to your computer and use it in GitHub Desktop.
Azure DevOps: Authenticate using your subscription to AKS >= 1.24
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
ns="$1" | |
if [[ -z ${ns} ]]; then | |
echo "Usage: $0 <namespace>" >&2 | |
exit 1 | |
fi | |
echo "Watching for an azdev service account in namespace ${ns}..." | |
service_account="" | |
while [[ -z ${service_account} ]]; do | |
service_account=$(kubectl get -n "${ns}" sa | grep -F azdev | awk '{print $1}') | |
done | |
echo "Service account: ${service_account}" | |
token_obj="azdev-sa-token-${service_account##*-}" | |
echo "Token object: ${token_obj}" | |
kubectl apply -f - <<EOF | |
apiVersion: v1 | |
kind: Secret | |
type: kubernetes.io/service-account-token | |
metadata: | |
name: ${token_obj} | |
namespace: ${ns} | |
annotations: | |
kubernetes.io/service-account.name: ${service_account} | |
EOF | |
(kubectl get -n "${ns}" sa "${service_account}" -o yaml ; echo 'secrets:'; echo " - name: ${token_obj}") | kubectl apply -f - |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is a script I wrote, which will allow you to use your Azure Subscription to authenticate to an AKS cluster running 1.24 or later. It works by waiting for the service account to appear in the namespace, and then quickly creating a token secret and linking it to the service account object.
Usage:
create-token-for-azure-devops-sa.sh <namespace>
Then, go back to Azure devops and create the desired environment with a Kubernetes resource, using the subscription for authentication.