Most of the interaction with
kubelogin is around
which uses the input kubeconfig specified in
KUBECONFIG environment variable
to convert to the final kubeconfig in exec format based on specified login mode.
In this section, the login modes will be explained in details.
The login modes that
kubelogin implements are AAD OAuth 2.0 token grant flows.
kubelogin subcommands, you will see below common flags. In general, these flags are already setup when you get the kubeconfig from AKS.
--tenant-id: Azure AD tenant ID
--client-id: the application ID of the public client application. This client app is only used in device code, web browser interactive, and ropc login modes.
--server-id: the application ID of the web app, or resource server. The token should be issued to this resource.