AAD integration
mathieu-benoit opened this issue · comments
https://www.cncf.io/blog/2019/09/16/5-kubernetes-rbac-mistakes-you-must-avoid/
For users:
- https://docs.microsoft.com/en-us/azure/aks/azure-ad-integration-cli
- https://docs.microsoft.com/en-us/azure/aks/azure-ad-rbac
- https://medium.com/faun/playing-with-aks-aad-568bf7bc5ae8
- https://blog.jcorioland.io/archives/2018/11/20/azure-aks-kubernetes-rbac-azure-active-directory-terraform.html
- https://www.danielstechblog.io/azure-kubernetes-service-and-azure-active-directory-integration/
For SPs:
- https://feedback.azure.com/forums/914020-azure-kubernetes-service-aks/suggestions/35146387-support-non-interactive-login-for-aad-integrated-c
- Azure/AKS#600
- https://medium.com/@jakekitchener/kubernetes-serviceaccounts-for-use-in-automated-systems-515297974982
- https://devopscube.com/kubernetes-api-access-service-account/
Blocked with Azure/AKS#1045
For tests purposes, check if an SA can perform specific actions:
kubectl auth can-i <verb> <resource> --as=system:serviceaccount:<namespace>:<serviceaccountname> [-n <namespace>]
Waiting for the AAD integration v2 with AKS (~end of March 2020)
AAD integration v2 in Public Preview now: https://docs.microsoft.com/en-us/azure/aks/azure-ad-v2