Azure DevOps Pipeline Fails with Device Login Prompt During Helm Deployment to AKS
I'm trying to deploy a Helm application to an AKS cluster using an Azure DevOps pipeline. However, the pipeline fails with a device login prompt. Here's the relevant section of my pipeline YAML file:
pool:
name: '*'
variables:
AKS_RESOURCE_GROUP: '*'
AKS_CLUSTER_NAME: '*'
KUBECONFIG: $(Build.SourcesDirectory)/kubeconfig
HELM_RELEASE_NAME: '*'
HELM_CHART_PATH: '*'
HELM_NAMESPACE: '*'
stages:
- stage: Deploy
jobs:
- job: DeployToAKS
steps:
- task: AzureCLI@2
inputs:
azureSubscription: '*'
scriptType: 'bash'
scriptLocation: 'inlineScript'
inlineScript: |
# Get AKS credentials and configure kubectl context
az aks get-credentials --resource-group $(AKS_RESOURCE_GROUP) --name $(AKS_CLUSTER_NAME) --file $(KUBECONFIG)
# Set KUBECONFIG environment variable
export KUBECONFIG=$(KUBECONFIG)
# Upgrade the existing Helm release or install if it doesn't exist
helm upgrade --install $(HELM_RELEASE_NAME) $(HELM_CHART_PATH) --namespace $(HELM_NAMESPACE) --kubeconfig $(KUBECONFIG) --values $(HELM_CHART_PATH)/values.yaml
# (Optional) Verify the deployment by checking the Helm release status
helm status $(HELM_RELEASE_NAME) --namespace $(HELM_NAMESPACE) --kubeconfig $(KUBECONFIG)
displayName: 'Deploy Helm Application to AKS'
However, when I run this pipeline, it fails with the following error:
[Error] The operation was canceled.
WARNING: Merged "my cluster name" as current context in /home/myazureuser/myagent/_work/8/s/kubeconfig
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code C5D7UEJAFF to authenticate.
I Verified that the service principal of the service connection has the necessary permissions to access the AKS cluster.
How can I modify my Azure DevOps pipeline or the service principal configuration to avoid the device login prompt and allow the pipeline to run non-interactively? Any help or suggestions would be greatly appreciated!
Solution
You can use Kubernetes@1 task with login command to authenticate to AKS.
Sample code yaml:
pool:
name: wadepool
variables:
ServiceConnection: ARMConn1
AKSCluster: wadeAKS1
ResourceGroup: YourResourceGroup
HELM_RELEASE_NAME: 'clamav'
HELM_CHART_PATH: './charts/clamav/'
HELM_NAMESPACE: 'nmsw-dev'
steps:
- task: Kubernetes@1
inputs:
connectionType: 'Azure Resource Manager'
azureSubscriptionEndpoint: '$(ServiceConnection)'
azureResourceGroup: '$(ResourceGroup)'
kubernetesCluster: '$(AKSCluster)'
useClusterAdmin: true
command: 'login'
- task: HelmInstaller@1
inputs:
helmVersionToInstall: 'latest'
- task: AzureCLI@2
inputs:
azureSubscription: $(ServiceConnection)
scriptType: bash
scriptLocation: inlineScript
inlineScript: |
echo "Setting up AKS credentials"
az aks get-credentials --resource-group $(ResourceGroup) --name $(AKSCluster) --overwrite-existing
kubectl config use-context $(AKSCluster)
# Upgrade the existing Helm release or install if it doesn't exist
helm upgrade --install $(HELM_RELEASE_NAME) $(HELM_CHART_PATH) --namespace $(HELM_NAMESPACE) --values $(HELM_CHART_PATH)/values.yaml
# (Optional) Verify the deployment by checking the Helm release status
helm status $(HELM_RELEASE_NAME) --namespace $(HELM_NAMESPACE)
displayName: 'Set up AKS Credentials and Test Connection'
The pipeline works, i didn't specify $(KUBECONFIG) on my side:
- Use variables in Approval and Check Azure Devps Pipeline
- Is it possible to create a pull request for an azure dev ops repo in vs code?
- Azure devops pipeline stages template nesting
- How to pass specific values for Get-AzSubscription
- How to "swap" staging and production slots in release pipeline?
- Azure DevOps Pipelines: TerraformTaskV4: init with different subscription and Workflow Identity Federation
- How to search across many Azure Devops Git project and find all files which contain specific text AND which filename contains "Resource"
- How can I add a database reference to another database on the same server without a .dacpac, so Visual Studio recognizes cross-database reference?
- Azure DevOps - compare two commits right in the web UI?
- Is there a way to get the equivalent of a git diff on a pull request in Azure DevOps?
- ACI mount gitrepo-url using Managed Identity from Azure DevOps
- Git Azure DevOps URL Not Supported Error When Running dotnet new -i <Azure DevOps Repo URL> (Even with PAT)
- vsts-npm-auth is not recognized as the name of a cmdlet
- How to force renovate to set azure pipeline task from "x@1" to "x@2" instead of "x@2.0.5"
- Unable to clone Azure DevOps repository via SSH, password required
- How to Perform SonarQube Scans on Synapse Notebooks in Azure DevOps?
- Unable to Fetch Data from Custom Analytics Views in Azure DevOps API
- Self hosted azure devops build agent not getting tool from $PATH
- Azure DevOps build pipeline logid for a specific task - dynamically
- How to display a VSTS Build Badge in a README.md file hosted on GitHub?
- How can you insert suggestions on a PR in Azure Devops?
- Azure DevOps project description page (a dynamic readMe file possible?)
- Azure DevOps Webhook for Pull Request Approval (git.pullrequest.approved) Not Available in UI
- Is there still no way to reset the counter in the Azure pipeline?
- Cannot run Azure CLI task on yaml build
- How to setup submodules Azure DevOps
- EMail Filters For DevOps Emails
- Azure Devops: dotnet publish can't find the package because it's searching in the wrong source
- Azure DevOps release pipeline throws error on Gitversion updatebuildnumber
- Azure DevOps Wiki page usage analytics