I have AKS cluster (1.18.17) with aad enabled and since couple of days I get following error from kubectl
error: You must be logged in to the server (Unauthorized)
az login
az account set --subscription <subscription>
az aks get-credentials --resource-group <group name> --name <aks name>
kubectl get nodes
however, if I load credentials with admin parameter everything works fine.
az aks get-credentials --resource-group <group name> --name <aks name> --admin
my client kubectl version is 1.21
while troubleshooting this issue I've noticed such error in logs (LogAnalytics - AzureDiagnostics | where Category == "guard")
http: TLS handshake error from X.X.X.X:58022: remote error: tls: bad certificate