You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/aks/azure-ad-v2.md
+15-14Lines changed: 15 additions & 14 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,23 +1,22 @@
1
1
---
2
-
title: Use Azure AD v2.0 in Azure Kubernetes Service
3
-
description: Learn how to use Azure AD v2.0 in Azure Kubernetes Service (AKS)
2
+
title: Use Azure AD in Azure Kubernetes Service
3
+
description: Learn how to use Azure AD in Azure Kubernetes Service (AKS)
4
4
services: container-service
5
5
manager: gwallace
6
6
ms.topic: article
7
7
ms.date: 03/24/2020
8
8
---
9
9
10
-
# Integrate Azure AD v2.0 in Azure Kubernetes Service (Preview)
10
+
# Integrate Azure AD in Azure Kubernetes Service (Preview)
11
11
12
12
> [!Note]
13
-
> Existing Azure AD v1.0 clusters are not affected by the new Azure AD v2.0 feature for Azure Kubernetes Service (AKS).
13
+
> Existing AKS v1 clusters with AD integration are not affected by the new AKS v2 experience.
14
14
15
-
Azure AD v2.0 is designed to simplify the Azure AD v1.0 experience, where users were required to create a client app, a server app, and required the Azure AD tenant to grant Directory Read permissions.
16
-
In the new version, the AKS resource provider manages the client and server apps for you. Instead of using a persistent "Application Permission," the AKS resource provider uses a "Delegated Permission" via an on-behalf-of flow to get an access token to Graph API. Azure AD v2.0 enabled clusters use a limited scoped Graph API privilege (GroupMembers.Read.All) to query group membership only when the overage indicator is present (when there are more than 250 group claims).
15
+
Azure AD integration with AKS v2 is designed to simplify the Azure AD integration with AKS v1 experience, where users were required to create a client app, a server app, and required the Azure AD tenant to grant Directory Read permissions. In the new version, the AKS resource provider manages the client and server apps for you.
17
16
18
17
## Limitations
19
18
20
-
* You can't currently upgrade an existing Azure AD v1.0 cluster to Azure AD v2.0.
19
+
* You can't currently upgrade an existing Azure AD enabled AKS v1 cluster to the v2 experience.
21
20
22
21
> [!IMPORTANT]
23
22
> AKS preview features are available on a self-service, opt-in basis. Previews are provided "as-is" and "as available," and are excluded from the Service Level Agreements and limited warranty. AKS previews are partially covered by customer support on a best-effort basis. As such, these features are not meant for production use. For more information, see the following support articles:
@@ -74,7 +73,7 @@ When the status shows as registered, refresh the registration of the `Microsoft.
74
73
az provider register --namespace Microsoft.ContainerService
75
74
```
76
75
77
-
## Create an AKS cluster with Azure AD v2.0 enabled
76
+
## Create an AKS cluster with Azure AD enabled
78
77
79
78
You can now create an AKS cluster by using the following CLI commands.
80
79
@@ -117,7 +116,7 @@ A successful creation of an Azure AD v2 cluster has the following section in the
117
116
118
117
The cluster is created within a few minutes.
119
118
120
-
## Accessing an Azure AD v2.0 enabled cluster
119
+
## Access an Azure AD enabled cluster
121
120
To get the admin credentials to access the cluster:
0 commit comments