azure-devopsazure-aks
Azure DevOps Pipeline Fails with Device Login Prompt During Helm Deployment to AKS
I'm trying to deploy a Helm application to an AKS cluster using an Azure DevOps pipeline. However, the pipeline fails with a device login prompt. Here's the relevant section of my pipeline YAML file:
pool:
name: '*'
variables:
AKS_RESOURCE_GROUP: '*'
AKS_CLUSTER_NAME: '*'
KUBECONFIG: $(Build.SourcesDirectory)/kubeconfig
HELM_RELEASE_NAME: '*'
HELM_CHART_PATH: '*'
HELM_NAMESPACE: '*'
stages:
- stage: Deploy
jobs:
- job: DeployToAKS
steps:
- task: AzureCLI@2
inputs:
azureSubscription: '*'
scriptType: 'bash'
scriptLocation: 'inlineScript'
inlineScript: |
# Get AKS credentials and configure kubectl context
az aks get-credentials --resource-group $(AKS_RESOURCE_GROUP) --name $(AKS_CLUSTER_NAME) --file $(KUBECONFIG)
# Set KUBECONFIG environment variable
export KUBECONFIG=$(KUBECONFIG)
# Upgrade the existing Helm release or install if it doesn't exist
helm upgrade --install $(HELM_RELEASE_NAME) $(HELM_CHART_PATH) --namespace $(HELM_NAMESPACE) --kubeconfig $(KUBECONFIG) --values $(HELM_CHART_PATH)/values.yaml
# (Optional) Verify the deployment by checking the Helm release status
helm status $(HELM_RELEASE_NAME) --namespace $(HELM_NAMESPACE) --kubeconfig $(KUBECONFIG)
displayName: 'Deploy Helm Application to AKS'
However, when I run this pipeline, it fails with the following error:
[Error] The operation was canceled.
WARNING: Merged "my cluster name" as current context in /home/myazureuser/myagent/_work/8/s/kubeconfig
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code C5D7UEJAFF to authenticate.
I Verified that the service principal of the service connection has the necessary permissions to access the AKS cluster.
How can I modify my Azure DevOps pipeline or the service principal configuration to avoid the device login prompt and allow the pipeline to run non-interactively? Any help or suggestions would be greatly appreciated!
Solution
You can use Kubernetes@1 task with login command to authenticate to AKS.
Sample code yaml:
pool:
name: wadepool
variables:
ServiceConnection: ARMConn1
AKSCluster: wadeAKS1
ResourceGroup: YourResourceGroup
HELM_RELEASE_NAME: 'clamav'
HELM_CHART_PATH: './charts/clamav/'
HELM_NAMESPACE: 'nmsw-dev'
steps:
- task: Kubernetes@1
inputs:
connectionType: 'Azure Resource Manager'
azureSubscriptionEndpoint: '$(ServiceConnection)'
azureResourceGroup: '$(ResourceGroup)'
kubernetesCluster: '$(AKSCluster)'
useClusterAdmin: true
command: 'login'
- task: HelmInstaller@1
inputs:
helmVersionToInstall: 'latest'
- task: AzureCLI@2
inputs:
azureSubscription: $(ServiceConnection)
scriptType: bash
scriptLocation: inlineScript
inlineScript: |
echo "Setting up AKS credentials"
az aks get-credentials --resource-group $(ResourceGroup) --name $(AKSCluster) --overwrite-existing
kubectl config use-context $(AKSCluster)
# Upgrade the existing Helm release or install if it doesn't exist
helm upgrade --install $(HELM_RELEASE_NAME) $(HELM_CHART_PATH) --namespace $(HELM_NAMESPACE) --values $(HELM_CHART_PATH)/values.yaml
# (Optional) Verify the deployment by checking the Helm release status
helm status $(HELM_RELEASE_NAME) --namespace $(HELM_NAMESPACE)
displayName: 'Set up AKS Credentials and Test Connection'
The pipeline works, i didn't specify $(KUBECONFIG) on my side:
- Get the permissions of users with respect to the repositories via the API of ADO
- How do you specify the sourceBranch for a Run of Pipelines via the REST API?
- Azure DevOps REST api - Run pipeline with variables
- Predefined type 'System.Void' is not defined or imported during Visual Studio Online build of ASP.NET 5
- Azure Pipelines: Why does parameter comparison work in one job condition but fail in others?
- How to force renovate to set azure pipeline task from "x@1" to "x@2" instead of "[email protected]"
- How to run a pipeline with parameters
- Two different projects sharing secret.json locally
- Weird IP Address while GIT pull
- Azure DevOps Pipeline - Updating BuildNumber
- How to Migrate TFVS project to Azure Git Repos from different Organization
- Azure DevOps REST API - Update pre-deployment artifacts
- How to branch from non-default branch in Azure DevOps GitHub.com integration?
- Timezone error creating SQL instance in Azure using Terraform
- Can't provide NuGet package source credentials to Azure Function
- Azure Pipelines: How to make a task dependent on a previous task?
- How to use multiple environments from one Azure pipeline?
- Azure DevOps pipeline continues to run despite removing schedule
- How to prevent creating a new branch of a certain branch
- Azure Active Directory App service Principal create new client secret
- Pass a Terraform Output to an Azure DevOps Varibale
- Azure Devops Pipeline - Use Microsoft Visual Studio Installer Projects
- Azure DevOps yaml - Get current date with MMM (month short name)
- Accessing azure custom field using OData query
- build validation and status check policy on branch for Python code
- How to connect to Azure VM Windows Admin Center from Azure DevOps without enabling PSRemoting in VM
- Bash Task in Azure DevOps not able to recognize variable in set in Classic Release pipeline
- Is it possible to have a link to raw content of file in Azure DevOps
- USING RUNTIME VARIABLES IN AZURE YAML CHECKOUT
- How to configure Dependabot on Azure DevOps to create only one PR for minor/patch updates