I would like to use python kubernetes-client to connect to my AKS cluster api.
To do that I try to use the example give by kubernetes:
config.load_kube_config()
v1 = client.CoreV1Api()
print("Listing pods with their IPs:")
ret = v1.list_pod_for_all_namespaces(watch=False)
for i in ret.items:
print("%s\t%s\t%s" % (i.status.pod_ip, i.metadata.namespace, i.metadata.name))
It is supposed to load my local kubeconfig and get a pods list but I get the following error:
Traceback (most recent call last): File "test.py", line 4, in config.load_kube_config() File "/Users//works/test-kube-api-python/env/lib/python2.7/site-packages/kubernetes/config/kube_config.py", line 661, in load_kube_config loader.load_and_set(config) File "/Users//works/test-kube-api-python/env/lib/python2.7/site-packages/kubernetes/config/kube_config.py", line 469, in load_and_set self._load_authentication() File "/Users//works/test-kube-api-python/env/lib/python2.7/site-packages/kubernetes/config/kube_config.py", line 203, in _load_authentication if self._load_auth_provider_token(): File "/Users//works/test-kube-api-python/env/lib/python2.7/site-packages/kubernetes/config/kube_config.py", line 221, in _load_auth_provider_token return self._load_azure_token(provider) File "/Users//works/test-kube-api-python/env/lib/python2.7/site-packages/kubernetes/config/kube_config.py", line 233, in _load_azure_token self._refresh_azure_token(provider['config']) File "/Users//works/test-kube-api-python/env/lib/python2.7/site-packages/kubernetes/config/kube_config.py", line 253, in _refresh_azure_token refresh_token, client_id, '00000002-0000-0000-c000-000000000000') File "/Users//works/test-kube-api-python/env/lib/python2.7/site-packages/adal/authentication_context.py", line 236, in acquire_token_with_refresh_token return self._acquire_token(token_func) File "/Users//works/test-kube-api-python/env/lib/python2.7/site-packages/adal/authentication_context.py", line 128, in _acquire_token return token_func(self) File "/Users//works/test-kube-api-python/env/lib/python2.7/site-packages/adal/authentication_context.py", line 234, in token_func return token_request.get_token_with_refresh_token(refresh_token, client_secret) File "/Users//works/test-kube-api-python/env/lib/python2.7/site-packages/adal/token_request.py", line 343, in get_token_with_refresh_token return self._get_token_with_refresh_token(refresh_token, None, client_secret) File "/Users//works/test-kube-api-python/env/lib/python2.7/site-packages/adal/token_request.py", line 340, in _get_token_with_refresh_token return self._oauth_get_token(oauth_parameters) File "/Users//works/test-kube-api-python/env/lib/python2.7/site-packages/adal/token_request.py", line 112, in _oauth_get_token return client.get_token(oauth_parameters) File "/Users//works/test-kube-api-python/env/lib/python2.7/site-packages/adal/oauth2_client.py", line 291, in get_token raise AdalError(return_error_string, error_response) adal.adal_error.AdalError: Get Token request returned http error: 400 and server response: {"error":"invalid_grant","error_description":"AADSTS65001: The user or administrator has not consented to use the application with ID '' named 'Kubernetes AD Client '. Send an interactive authorization request for this user and resource.\r\nTrace ID: \r\nCorrelation ID: \r\nTimestamp: 2019-10-14 12:32:35Z","error_codes":[65001],"timestamp":"2019-10-14 12:32:35Z","trace_id":"","correlation_id":"","suberror":"consent_required"}
I really don't understand why it doesn't work.
When I use kubectl, all work fine.
I read some docs but I'm not sure to understand the adal error.
Thanks for your help
If you are not a tenant admin, you cannot give admin consent
From https://github.com/Azure-Samples/active-directory-angularjs-singlepageapp-dotnet-webapi/issues/19