I am building various automations to use with AKS, and don’t for the time being want to manage ’.kube’ context files – Instead I want to only use the tokens AZ CLI grants me, to avoid the whole context shebang.
Luckily you can use the API, to do direct KubeCTL commands against the API
(Please note. this applies only to AAD -integrated clusters)
Solution in AZ CLI (full)
token=$(az account get-access-token --resource=6dae42f8-4368-4678-94ff-3960e28e3630 --query accessToken --output tsv)
uri=$(az aks show --name "aksf-eu3234" --resource-group "rg-aks-aksf-eu3234" --query "azurePortalFqdn" -o tsv)
az rest --method get --url "https://$uri/api/v1/services?limit=200" --headers authorization="Bearer $token"
Solution in Node.JS automation using AZ CLI (snippet)
//AzNodeRest
module.exports = async function (item) {
var returnObject = new returnObjectInit(item,__filename.split('/').pop())
//var tkn = await runner('az account get-access-token --resource=6dae42f8-4368-4678-94ff-3960e28e3630 --query accessToken --output json')
var tkn = await getAKStoken()
let customOpt = {
url:`https://${item.properties?.azurePortalFQDN}/api/v1/services?limit=200`,
method:"get",
headers:{
authorization: `Bearer ${tkn}`,
'kubectl-session': randomUUID()
}
}
try{
const {data} = await axios(customOpt,{timeout:1000})
console.log(data)
} catch (error) {
console.log(error )
}
returnObject.metadata={}
returnObject.isHealthy="manual"
return returnObject
}
SecureCloudBlog 
0 comments on “Getting data from AKS without kubeCTL”