az aks jwtauthenticator
Note
This reference is part of the aks-preview extension for the Azure CLI (version 2.61.0 or higher). The extension will automatically install the first time you run an az aks jwtauthenticator command. Learn more about extensions.
Commands to manage JWT authenticators in Azure Kubernetes Service.
JWT authenticators enable external JWT token validation for Kubernetes authentication. For more information, see https://aka.ms/aks-external-issuers-docs.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az aks jwtauthenticator add |
Add a JWT authenticator to a managed cluster. |
Extension | GA |
| az aks jwtauthenticator delete |
Delete a JWT authenticator from a managed cluster. |
Extension | GA |
| az aks jwtauthenticator list |
List all JWT authenticators in a managed cluster. |
Extension | GA |
| az aks jwtauthenticator show |
Show details of a JWT authenticator in a managed cluster. |
Extension | GA |
| az aks jwtauthenticator update |
Update a JWT authenticator in a managed cluster. |
Extension | GA |
az aks jwtauthenticator add
Add a JWT authenticator to a managed cluster.
Adds a new JWT authenticator configuration to the managed cluster for external JWT validation. The configuration will be applied to the kube-apiserver to enable JWT token authentication.
az aks jwtauthenticator add --cluster-name
--config-file
--name
--resource-group
[--aks-custom-headers]
[--no-wait]Examples
Add a JWT authenticator from a configuration file
az aks jwtauthenticator add -g MyResourceGroup --cluster-name MyCluster --name myjwt --config-file config.jsonRequired Parameters
Name of the managed cluster.
Path to JSON file containing the JWT authenticator configuration.
The JSON file should contain the properties schema for one JWT authenticator. For details on how to configure the properties of a JWT authenticator, please refer to the Kubernetes documentation at https://kubernetes.io/docs/reference/access-authn-authz/authentication/#using-authentication-configuration. Please note that not all fields available in the Kubernetes documentation are supported by AKS. For troubleshooting, please see https://aka.ms/aks-external-issuers-docs.
Name of the JWT authenticator (must be unique within the cluster).
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Send custom headers. When specified, format should be Key1=Value1,Key2=Value2.
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Default value: | False |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az aks jwtauthenticator delete
Delete a JWT authenticator from a managed cluster.
Removes the JWT authenticator configuration from the managed cluster and updates the kube-apiserver.
az aks jwtauthenticator delete --cluster-name
--name
--resource-group
[--aks-custom-headers]
[--no-wait]
[--yes]Examples
Delete a JWT authenticator
az aks jwtauthenticator delete -g MyResourceGroup --cluster-name MyCluster --name myjwtRequired Parameters
Name of the managed cluster.
Name of the JWT authenticator to delete.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Send custom headers. When specified, format should be Key1=Value1,Key2=Value2.
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Default value: | False |
Do not prompt for confirmation.
| Property | Value |
|---|---|
| Default value: | False |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az aks jwtauthenticator list
List all JWT authenticators in a managed cluster.
az aks jwtauthenticator list --cluster-name
--resource-group
[--aks-custom-headers]Examples
List all JWT authenticators in a cluster
az aks jwtauthenticator list -g MyResourceGroup --cluster-name MyClusterRequired Parameters
Name of the managed cluster.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Send custom headers. When specified, format should be Key1=Value1,Key2=Value2.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az aks jwtauthenticator show
Show details of a JWT authenticator in a managed cluster.
az aks jwtauthenticator show --cluster-name
--name
--resource-group
[--aks-custom-headers]Examples
Show a specific JWT authenticator configuration
az aks jwtauthenticator show -g MyResourceGroup --cluster-name MyCluster --name myjwtRequired Parameters
Name of the managed cluster.
Name of the JWT authenticator to show.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Send custom headers. When specified, format should be Key1=Value1,Key2=Value2.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az aks jwtauthenticator update
Update a JWT authenticator in a managed cluster.
Updates an existing JWT authenticator configuration. The entire configuration will be replaced with the configuration from the provided file.
az aks jwtauthenticator update --cluster-name
--config-file
--name
--resource-group
[--aks-custom-headers]
[--no-wait]Examples
Update a JWT authenticator configuration
az aks jwtauthenticator update -g MyResourceGroup --cluster-name MyCluster --name myjwt --config-file updated-config.jsonRequired Parameters
Name of the managed cluster.
Path to JSON file containing the updated JWT authenticator configuration.
The JSON file should contain the properties schema for one JWT authenticator. For details on how to configure the properties of a JWT authenticator, please refer to the Kubernetes documentation at https://kubernetes.io/docs/reference/access-authn-authz/authentication/#using-authentication-configuration. Please note that not all fields available in the Kubernetes documentation are supported by AKS. For troubleshooting, please see https://aka.ms/aks-external-issuers-docs.
Name of the JWT authenticator to update.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Send custom headers. When specified, format should be Key1=Value1.
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Default value: | False |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
