question

akhan avatar image
0 Votes"
akhan asked srbose-msft edited

AKS permissions from azure portal - couple of issues

  1. i am trying to give a user access to the AKS in azure portal only , we have RBAC enabled/AAD managed cluster. My use case is to use one of the azure RBAC roles to give user permissions to view contents under the 'Kubernetes resources' pane (Namespaces, Workloads, services & ingresses, storage, configuration). The only RBAC role that seems to give that info is the 'Azure Kubernetes Service RBAC Cluster Admin' role , which also gives them admin permission on the cluster which is unacceptable for us. I tried the other AKS RBAC Reader / Writer roles but they dont display any of the information on Azure Portal.

  2. If i give user RBAC Cluster Admin then it tends to stick even after i have removed the permissions, user is still able to do everything in azure portal as well as on AKS which sounds like a blarring bug.

I have not found any info on this online and i have talked to support who referred me initially to AKS docs and then to this channel



azure-kubernetes-service
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@akhan , This has been a lingering problem for quite some time and I have seen users face this issue time and again in the past. We have been internally investigating a fix for this issue. In the meanwhile, a possible workaround is to use the kubectl CLI in conjunction with the Azure Kubernetes Service Cluster User role. Can you please check if that would be feasible in your use-case? In the meanwhile, we shall try to get some traction on this internally.

0 Votes 0 ·

0 Answers