Configure Kubelogin
Portworx Backup (PXB) now supports Azure kubelogin, enabling secure and token-based authentication with Azure Kubernetes Service (AKS) clusters. By leveraging Azure Active Directory (Azure AD) integration, kubelogin eliminates the need for static credentials or Azure AD service accounts, enhancing security and compliance with modern identity management practices.
Kubelogin is specifically designed for AKS clusters integrated with Azure AD. PXB dynamically uses kubelogin to fetch tokens during authentication. For long-running operations, manual re-authentication may be required if tokens expire.
Before you begin
Before using kubelogin with PXB:
-
Install PXB version 2.8.1 or later
-
Ensure your AKS cluster is configured with Azure AD integration for RBAC.
-
Ensure the Azure AD user or service principal has access to the AKS cluster.
Add kubelogin AKS cluster
-
Refer to generate kubeconfig with service prinicipal and generate a kubeconfig file.
-
After generating the kubeconfig file, refer to Add AKS cluster to add the Azure cluster with Azure AD enabled.
PXB currently supports Service Principal and Managed Service Identity login modes for kubelogin.