Skip to main content

Skip MFA with az aks get-credential command


Before the Atik 1.20, AKS is better integrated to Azure Active Directory. In the past, at each az aks get-credentials command you should re-enter MFA using Azure Portal.

From Atik 1.20, the azure credentials will be used to signed the kubeconfig token.

What does it change ?


1) Get AKS kubeconfig 2) Enable manually MFA 3) Access to the cluster


1) Get AKS kubeconfig 2) Skip MFA using a script which use the azure-cli token 3) Access to the cluster

What to do ?


Install kubelogin

# install
$ brew install Azure/kubelogin/kubelogin

# upgrade
$ brew update
$ brew upgrade Azure/kubelogin/kubelogin


# Get AKS kubeconfig
$ az aks get-credentials --name $INSTANCE_NAME --resource-group $INSTANCE_NAME

# use azure-cli token
kubelogin convert-kubeconfig -l azurecli

Then, access to your cluster (without re-enabling MFA)