Configuring RBAC in AKS
To demonstrate RBAC in AKS, you will create two namespaces and deploy the Azure voting application in each namespace. You will give the group cluster-wide read-only access to pods, and you will give the user the ability to delete pods in only one namespace. Practically, you will need to create the following objects in Kubernetes:
ClusterRole
to give read-only accessClusterRoleBinding
to grant the group access to this roleRole
to give delete permissions in thedelete-access
namespaceRoleBinding
to grant the user access to this role
Figure 8.17: The group getting read-only access to the whole cluster, and the user getting delete permissions to the delete-access namespace
Let's set up the different roles on your cluster:
- To start our example, you will need to retrieve the ID of the group. The following commands will retrieve the group ID:
az ad group show -g 'handson aks users' \ ...