azure-cli: Getting "permission denied" during az aks get-credentials
Environment summary
Shell: Powershell Installed via MSI az --version 2.0.20
Getting permission denied when running az aks get-credentials
command. Powershell is being run as administrator
PS C:\Users\admin> az aks get-credentials --resource-group Kubernetes-RG --name=Kubernetes-Cluster
[Errno 13] Permission denied: 'D:\\temp\\tmpl34_mzlt'
Traceback (most recent call last):
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\main.py", line 36, in main
cmd_result = APPLICATION.execute(args)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\core\application.py", line 212, in execute
result = expanded_arg.func(params)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\core\commands\__init__.py", line 377, in __call__
return self.handler(*args, **kwargs)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\core\commands\__init__.py", line 620, in _execute_command
reraise(*sys.exc_info())
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\six.py", line 693, in reraise
raise value
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\core\commands\__init__.py", line 602, in _execute_command
result = op(client, **kwargs) if client else op(**kwargs)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\command_modules\acs\custom.py", line 1288, in aks_get_credentials
merge_kubernetes_configurations(path, additional_file.name)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\site-packages\azure\cli\command_modules\acs\custom.py", line 829, in merge_kubernetes_configurations
with open(addition_file) as stream:
PermissionError: [Errno 13] Permission denied: 'D:\\temp\\tmpl34_mzlt'
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Reactions: 1
- Comments: 32 (5 by maintainers)
We have released the new update. It has version number 2.0.21. Get the new MSI at https://aka.ms/InstallAzureCliWindows.
We are releasing early next week.
+1 here on Windows too.
As a workaround, I used the command below to write the YAML to my kubectl config. Careful not to overwrite your existing configuration!
This is definitely a problematic issue. As a workaround, to access the dashboard:
(you might need to change the Pod name; get it using
kubectl get all --namespace kube-system
)Then open http://localhost:9090/
+1 I get the same error running:
az aks get-credentials --name AksKubernetes --resource-group AksKubernetesResourceGroup
from a command-prompt ran as an administrator.
Note:
I created an ACS\K8s cluster with az acs a few days ago and
az acs get-credentials --name AcsKubernetes --resource-group AcsKubernetesResourceGroup
worked as expected. I’m blocked.
Shell: Command-Prompt (run as administrator) Azure CLI installed via MSI az --version 2.0.20
Same here (works fine in WSL/Ubuntu, error only manifests itself with the Windows version of the CLI). I have full access to the Temp dir. I deactivated “Controlled Folder Access” to no avail.
The following workaround worked for me: Use ‘-f=-’ to redirect to STDOUT, then redirect output to a file using ‘>kube.config’
Example: az aks get-credentials -g=resourcegroupname -n=clustername -f=- >kube.config
Here is the workaround on windows if you don’t have any clusters configured yet:
Please note that it will replace existing kubectl configuration
Workaround for anybody having the same issue.
az aks get-credentials -g Kubernetes-RG -n Kubernetes-Cluster
cp .kube/config /usr/<your username>/clouddrive/config
.kube\config
With this steps it works for me on Windows desktop.
browse
still broken though.I managed to run the command under sudo in WSL and then copy the
~/.kube/config
out to my Windows filesystem e.g.c:\Users\foo\.kube\config
to get the kubectl working in PowerShell.However
az aks broswe
still fails with permissions problems, and I can’t get the Kubernetes dashboard working in AKS via any other means.This is a big blocker, given that AKS is high profile new service I expect a lot of people will be hitting this. These commands are literally in the Azure docs quick start guide for AKS