Team,
We have 3 level of AD roles in Azure kubernetes.
1. Admin --> created while making the cluster
2. SRE --> Have almost 85 to 90% control on AKS.
3. DEV user-> Have less control and only able to work in their specific namespace.
Now if we create this policy, in which root privilege containers are not allowed, then it shall impact all of the 3 categories listed above. I'm unable to find anything like Azure Policy via AKS RBAC.
In azure policy definition, I'm unable to find any way to apply policy only on a specific AD groups or AKS RBAC role. Could you please suggest some resolution otherwise, everyone will entangle in the trap of pod security policies.
Regards,
Tanul