Enable Role Based Access Control in Azure Kubernetes Services
There are so many moving parts in a Kubernetes cluster, one of them is security. Azure handles the critical tasks like health and maintenance of hosted K8s cluster. Azure Kubernetes Service can be configured to use Azure Active Directory and Role Based Access Control, to make life even more easier.
Disclaimer: Currently I am employed by Microsoft, but my views and thoughts are still my own. The reason I joined Microsoft was, the work Microsoft have been doing for last couple of years in Open Source Space. Today I am a advocate for Open Source representing Microsoft.
Prerequisites
Assuming you have:
- Azure Subscription
- Azure CLI installed
- Logged in to Azure CLI
- Created a Resource Group for AKS cluster
- Deployed a AKS cluster
- Install and Configure
kubectl
Setup
Once you have AKS deployed and kubectl configured you can run the following command:
kubectl create clusterrolebinding kubernetes-dashboard -n kube-system --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard
The command will create ClusterRoleBinding, this will give the service account kube-system:kubernetes-dashboard the role of cluster-admin.
Further Reading
Use Azure AD and RBAC for clusters - Azure Kubernetes Service | Microsoft Docs