https://pulumi.com logo
Title
k

kind-mechanic-53546

05/14/2020, 4:50 AM
Hey friendly folks, Has anyone experienced constant prompts to sign in with a device token when deploying resources to an AKS cluster?
To sign in, use a web browser to open the page <https://microsoft.com/devicelogin> and enter the code HUUTYL7CP to authenticate.
I've deployed the crosswalk stacks to AKS but when I go to deploy resources to the cluster, I get 3 prompts per deployment The only way to successfully deploy resources is to do an unattended deploy and output the logs to a file and watch the file for the devicelogin prompts
pulumi up --yes  > debug.log
Frustrating 🙂
j

jolly-bear-34819

05/14/2020, 4:38 PM
I never used Crosswalk, but I'm familiar with the prompt are you using the AAD integration for AKS?
k

kind-mechanic-53546

05/14/2020, 10:20 PM
@jolly-bear-34819, maybe? 😕 The Crosswalk guide provisions an Identity stack which looks similar (but not the same) as the MS AAD with AKS docs So yes, it is using AAD (I believe) but not 100% sure if it's correct sorry. I'm very new to k8s and AKS sorry 😣
j

jolly-bear-34819

05/15/2020, 8:13 AM
If you integrate your cluster with AAD, Azure will create two kubeconfigs: a "normal" and an admin config the prompt comes when you are using the normal config, which requires you to log in with your Azure user I'm not sure how you deploy resources to the cluster, but if possible try to use the admin config, which doesn't require a log in
k

kind-mechanic-53546

05/18/2020, 10:16 PM
Thanks @jolly-bear-34819, using the admin config helped in that it reduced the number of times I'm prompted from 3 to 1 but i still get prompted
I may have to try a service principal again but previously that didn't work either, maybe it was misconfigured