You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/aks/azure-ad-rbac.md
+28-2Lines changed: 28 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@ titleSuffix: Azure Kubernetes Service
4
4
description: Learn how to use Azure Active Directory group membership to restrict access to cluster resources using Kubernetes role-based access control (Kubernetes RBAC) in Azure Kubernetes Service (AKS)
5
5
services: container-service
6
6
ms.topic: article
7
-
ms.date: 03/17/2021
7
+
ms.date: 12/07/2022
8
8
9
9
---
10
10
@@ -18,7 +18,32 @@ This article shows you how to control access using Kubernetes RBAC in an AKS clu
18
18
19
19
This article assumes that you have an existing AKS cluster enabled with Azure AD integration. If you need an AKS cluster, see [Integrate Azure Active Directory with AKS][azure-ad-aks-cli].
20
20
21
-
You need the Azure CLI version 2.0.61 or later installed and configured. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI][install-azure-cli].
21
+
Kubernetes RBAC is enabled by default during AKS cluster creation. If Kubernetes RBAC wasn't enabled when you originally deployed your cluster, you'll need to delete and recreate your cluster.
22
+
23
+
- The Azure CLI version 2.0.61 or later is installed and configured. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI][install-azure-cli].
24
+
- If using Terraform, install [Terraform][terraform-on-azure] version 2.99.0 or later.
25
+
26
+
To verify if Kubernetes RBAC is enabled, you can check from Azure portal or Azure CLI.
27
+
28
+
#### [Azure portal](#tab/portal)
29
+
30
+
From your browser, sign in to the [Azure portal](https://portal.azure.com).
31
+
32
+
Navigate to Kubernetes services, and from the left-hand pane select **Cluster configuration**. On the page, under the section **Authentication and Authorization**, verify the option **Local accounts with Kubernetes RBAC** is shown.
33
+
34
+
:::image type="content" source="./media/azure-ad-rbac/rbac-portal.png" alt-text="Example of Authentication and Authorization page in Azure portal.":::
35
+
36
+
#### [Azure CLI](#tab/azure-cli)
37
+
38
+
To verify RBAC is enabled, you can use the `az aks show` command.
39
+
40
+
```azuecli
41
+
az aks show --resource-group myResourceGroup --name myAKSCluster`
42
+
```
43
+
44
+
The output will show that the value for `enableRbac` is `true`.
45
+
46
+
---
22
47
23
48
## Create demo groups in Azure AD
24
49
@@ -435,3 +460,4 @@ For best practices on identity and resource control, see [Best practices for aut
0 commit comments