From d54aa03fe1a900fce052ebf6e20f46cbfdc8f769 Mon Sep 17 00:00:00 2001 From: Simon Waight Date: Thu, 29 Jan 2026 17:19:09 +1100 Subject: [PATCH 1/2] Tidy up auth TSG --- support/azure/kubernetes-fleet/toc.yml | 2 +- .../unable-connect-azure-fleet-manager.md | 36 +++++++++---------- 2 files changed, 17 insertions(+), 21 deletions(-) diff --git a/support/azure/kubernetes-fleet/toc.yml b/support/azure/kubernetes-fleet/toc.yml index 320b2cdfadf..64e0116b21a 100644 --- a/support/azure/kubernetes-fleet/toc.yml +++ b/support/azure/kubernetes-fleet/toc.yml @@ -1,7 +1,7 @@ items: - name: Welcome href: welcome-azure-kubernetes-fleet.yml -- name: Unable to connect to Azure Fleet Manager +- name: Unable to connect to Azure Kubernetes Fleet Manager href: unable-connect-azure-fleet-manager.md - name: Cluster Resource Placement diff --git a/support/azure/kubernetes-fleet/unable-connect-azure-fleet-manager.md b/support/azure/kubernetes-fleet/unable-connect-azure-fleet-manager.md index bc6178dfcda..c0de3618b71 100644 --- a/support/azure/kubernetes-fleet/unable-connect-azure-fleet-manager.md +++ b/support/azure/kubernetes-fleet/unable-connect-azure-fleet-manager.md @@ -1,31 +1,27 @@ --- -title: Can't connect to Azure Fleet Manager -description: This article provides guidance for actions to take when you can't connect to Azure Fleet Manager. -ms.date: 01/13/2026 -ms.author: jarrettr +title: Can't connect to Azure Kubernetes Fleet Manager hub cluster +description: This article provides guidance for actions to take when you can't connect to an Azure Kubernetes Fleet Manager hub cluster. +ms.date: 01/29/2026 +ms.author: simonwaigh ms.reviewer: chiragpa, v-ryanberg ms.service: azure-kubernetes-fleet-manager ms.custom: sap:Other issue or questions related to Fleet manager --- -# Unable to connect to Azure Fleet Manager +# Unable to connect to Azure Kubernetes Fleet Manager hub cluster -This article helps you resolve an issue that prevents you from connecting to Azure Fleet Manager. +This article helps you resolve an issue preventing you from connecting to an Azure Kubernetes Fleet Manager hub cluster via `kubectl`. ## Symptoms -You try to connect to Azure Fleet Manager by retrieving the kubeconfig file for the Fleet Manager hub cluster. You initially run the following command:  +You try to connect to an Azure Kubernetes Fleet Manager's hub cluster using credentials obtained using the following command:  -```powershell -az fleet get-credentials --resource-group \${GROUP} --name +```azurecli-interactive +az fleet get-credentials \ + --resource-group rg-contoso-01 \ + --name flt-contoso-01 ``` -Then, you run the following command: - -```powershell -kubectl get pods -``` - -On the Fleet Manager API server, you're prompted to enter a device code in another browser to authenticate your identity. +When attempting to call any API on the Fleet Manager hub cluster via `kubectl`, you're prompted to enter a device code to authenticate. If your organization enforces Conditional Access policies that block device code flows, you might receive a message that resembles the following message: @@ -37,14 +33,14 @@ The following screenshot shows an example of this kind of message. ## Cause -The kubeconfig file that's generated by the `az fleet get-credentials` command defaults to device code authentication. Conditional Access policies can block this flow and prevent access to the Fleet Manager API server. +The kubeconfig file that's generated by the `az fleet get-credentials` command defaults to device code authentication. Conditional Access policies can block this flow and prevent access to the Fleet Manager hub cluster. ## Resolution -To resolve this issue, modify kubeconfig to use Azure CLI authentication instead of device code authentication. To make this change, run the following command: +To resolve this issue, modify using the following command to modify your kubeconfig to use Azure CLI authentication instead of device code authentication: -```powershell +```bash kubelogin convert-kubeconfig -l azurecli ``` -This command updates the kubeconfig file so that it authenticates by using your existing Azure CLI sign-in session. This action bypasses the device code prompt. +Now, when using `kubectl` your existing Azure sign-in session will be used, or a non-device flow will be initiated if you aren't already authenticated. From b63d178a8b6ff3a1cdae333431ae6310b372e761 Mon Sep 17 00:00:00 2001 From: Simon Waight Date: Thu, 29 Jan 2026 17:24:19 +1100 Subject: [PATCH 2/2] fix author --- .../kubernetes-fleet/unable-connect-azure-fleet-manager.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/support/azure/kubernetes-fleet/unable-connect-azure-fleet-manager.md b/support/azure/kubernetes-fleet/unable-connect-azure-fleet-manager.md index c0de3618b71..2d3fd8f5f0b 100644 --- a/support/azure/kubernetes-fleet/unable-connect-azure-fleet-manager.md +++ b/support/azure/kubernetes-fleet/unable-connect-azure-fleet-manager.md @@ -2,7 +2,7 @@ title: Can't connect to Azure Kubernetes Fleet Manager hub cluster description: This article provides guidance for actions to take when you can't connect to an Azure Kubernetes Fleet Manager hub cluster. ms.date: 01/29/2026 -ms.author: simonwaigh +ms.author: simonwaight ms.reviewer: chiragpa, v-ryanberg ms.service: azure-kubernetes-fleet-manager ms.custom: sap:Other issue or questions related to Fleet manager