{"id":1749,"date":"2025-06-03T11:34:06","date_gmt":"2025-06-03T18:34:06","guid":{"rendered":"http:\/\/blog.nillsf.com\/?p=1749"},"modified":"2025-06-03T11:34:08","modified_gmt":"2025-06-03T18:34:08","slug":"fixing-aks-workload-identity-login-in-azure-cli","status":"publish","type":"post","link":"https:\/\/blog.nillsf.com\/index.php\/2025\/06\/03\/fixing-aks-workload-identity-login-in-azure-cli\/","title":{"rendered":"Fixing AKS Workload Identity Login in Azure CLI"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">I just spent 2 hours trying to figure out how to log into Azure CLI using workload identity, and I hope to document how to fix it very quicly. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The situation<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">You have an AKS cluster with workload identity setup, and while trying to log into Azure CLI with a federated identity, you get the following error:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl exec -n $NAMESPACE $POD_NAME -- bash -c \\\n  \"az login \\\n     --identity \\\n     --allow-no-subscriptions \\\n     --client-id \\$AZURE_CLIENT_ID\"\nERROR: Identity not found\nInteractive authentication is needed. Please run:\naz login\ncommand terminated with exit code 1<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">The solution<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">To fix this, you need to login with the federated identity file that&#8217;s automatically mounted for you.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl exec -n $NAMESPACE $POD_NAME -- bash -c \\\n  \"az login \\\n     --service-principal \\\n     -u \\$AZURE_CLIENT_ID \\\n     -t \\$AZURE_TENANT_ID \\\n     --federated-token \\$(cat \/var\/run\/secrets\/azure\/tokens\/azure-identity-token)\"\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><\/h2>\n","protected":false},"excerpt":{"rendered":"<p>I just spent 2 hours trying to figure out how to log into Azure CLI using workload identity, and I hope to document how to fix it very quicly. The situation You have an AKS cluster with workload identity setup, and while trying to log into Azure CLI with a federated identity, you get the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1749","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.nillsf.com\/index.php\/wp-json\/wp\/v2\/posts\/1749","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.nillsf.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.nillsf.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.nillsf.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.nillsf.com\/index.php\/wp-json\/wp\/v2\/comments?post=1749"}],"version-history":[{"count":1,"href":"https:\/\/blog.nillsf.com\/index.php\/wp-json\/wp\/v2\/posts\/1749\/revisions"}],"predecessor-version":[{"id":1750,"href":"https:\/\/blog.nillsf.com\/index.php\/wp-json\/wp\/v2\/posts\/1749\/revisions\/1750"}],"wp:attachment":[{"href":"https:\/\/blog.nillsf.com\/index.php\/wp-json\/wp\/v2\/media?parent=1749"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.nillsf.com\/index.php\/wp-json\/wp\/v2\/categories?post=1749"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.nillsf.com\/index.php\/wp-json\/wp\/v2\/tags?post=1749"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}