通过

你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn

az aks jwtauthenticator

Note

This reference is part of the aks-preview extension for the Azure CLI (version 2.61.0 or higher). The extension will automatically install the first time you run an az aks jwtauthenticator command. Learn more about extensions.

Commands to manage JWT authenticators in Azure Kubernetes Service.

JWT authenticators enable external JWT token validation for Kubernetes authentication. For more information, see https://aka.ms/aks-external-issuers-docs.

Commands

Name Description Type Status
az aks jwtauthenticator add

Add a JWT authenticator to a managed cluster.

 Extension GA
az aks jwtauthenticator delete

Delete a JWT authenticator from a managed cluster.

 Extension GA
az aks jwtauthenticator list

List all JWT authenticators in a managed cluster.

 Extension GA
az aks jwtauthenticator show

Show details of a JWT authenticator in a managed cluster.

 Extension GA
az aks jwtauthenticator update

Update a JWT authenticator in a managed cluster.

 Extension GA

az aks jwtauthenticator add

Add a JWT authenticator to a managed cluster.

Adds a new JWT authenticator configuration to the managed cluster for external JWT validation. The configuration will be applied to the kube-apiserver to enable JWT token authentication.

az aks jwtauthenticator add --cluster-name
                            --config-file
                            --name
                            --resource-group
                            [--aks-custom-headers]
                            [--no-wait]

Examples

Add a JWT authenticator from a configuration file

az aks jwtauthenticator add -g MyResourceGroup --cluster-name MyCluster --name myjwt --config-file config.json

Required Parameters

--cluster-name

Name of the managed cluster.

--config-file

Path to JSON file containing the JWT authenticator configuration.

The JSON file should contain the properties schema for one JWT authenticator. For details on how to configure the properties of a JWT authenticator, please refer to the Kubernetes documentation at https://kubernetes.io/docs/reference/access-authn-authz/authentication/#using-authentication-configuration. Please note that not all fields available in the Kubernetes documentation are supported by AKS. For troubleshooting, please see https://aka.ms/aks-external-issuers-docs.

--name -n

Name of the JWT authenticator (must be unique within the cluster).

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--aks-custom-headers

Send custom headers. When specified, format should be Key1=Value1,Key2=Value2.

--no-wait

Do not wait for the long-running operation to finish.

Property Value
Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az aks jwtauthenticator delete

Delete a JWT authenticator from a managed cluster.

Removes the JWT authenticator configuration from the managed cluster and updates the kube-apiserver.

az aks jwtauthenticator delete --cluster-name
                               --name
                               --resource-group
                               [--aks-custom-headers]
                               [--no-wait]
                               [--yes]

Examples

Delete a JWT authenticator

az aks jwtauthenticator delete -g MyResourceGroup --cluster-name MyCluster --name myjwt

Required Parameters

--cluster-name

Name of the managed cluster.

--name -n

Name of the JWT authenticator to delete.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--aks-custom-headers

Send custom headers. When specified, format should be Key1=Value1,Key2=Value2.

--no-wait

Do not wait for the long-running operation to finish.

Property Value
Default value: False
--yes -y

Do not prompt for confirmation.

Property Value
Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az aks jwtauthenticator list

List all JWT authenticators in a managed cluster.

az aks jwtauthenticator list --cluster-name
                             --resource-group
                             [--aks-custom-headers]

Examples

List all JWT authenticators in a cluster

az aks jwtauthenticator list -g MyResourceGroup --cluster-name MyCluster

Required Parameters

--cluster-name

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--aks-custom-headers

Send custom headers. When specified, format should be Key1=Value1,Key2=Value2.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az aks jwtauthenticator show

Show details of a JWT authenticator in a managed cluster.

az aks jwtauthenticator show --cluster-name
                             --name
                             --resource-group
                             [--aks-custom-headers]

Examples

Show a specific JWT authenticator configuration

az aks jwtauthenticator show -g MyResourceGroup --cluster-name MyCluster --name myjwt

Required Parameters

--cluster-name

Name of the managed cluster.

--name -n

Name of the JWT authenticator to show.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--aks-custom-headers

Send custom headers. When specified, format should be Key1=Value1,Key2=Value2.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az aks jwtauthenticator update

Update a JWT authenticator in a managed cluster.

Updates an existing JWT authenticator configuration. The entire configuration will be replaced with the configuration from the provided file.

az aks jwtauthenticator update --cluster-name
                               --config-file
                               --name
                               --resource-group
                               [--aks-custom-headers]
                               [--no-wait]

Examples

Update a JWT authenticator configuration

az aks jwtauthenticator update -g MyResourceGroup --cluster-name MyCluster --name myjwt --config-file updated-config.json

Required Parameters

--cluster-name

Name of the managed cluster.

--config-file

Path to JSON file containing the updated JWT authenticator configuration.

The JSON file should contain the properties schema for one JWT authenticator. For details on how to configure the properties of a JWT authenticator, please refer to the Kubernetes documentation at https://kubernetes.io/docs/reference/access-authn-authz/authentication/#using-authentication-configuration. Please note that not all fields available in the Kubernetes documentation are supported by AKS. For troubleshooting, please see https://aka.ms/aks-external-issuers-docs.

--name -n

Name of the JWT authenticator to update.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--aks-custom-headers

Send custom headers. When specified, format should be Key1=Value1.

--no-wait

Do not wait for the long-running operation to finish.

Property Value
Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False