What RBAC role is needed to access the Networking blade in Azure Kubernetes Service?

Question

I'm trying to allow a user access to the Networking blade of an AKS cluster in order to update the API server IP allowlist.

As a manner of debugging, I've given this user the Owner role across the containing resource group and the cluster, but the user is still seeing an error when navigating to the page. Am I missing some other role?

Answer 1

@ENOTTY Apologies for the delay in response and all the inconvenience caused because of the issue.

Enabling access only to the networking blade on AKS could be done through custom RBAC roles. Below command will give the list of available RBAC's-

Get-AzProviderOperation "Microsoft.Containerservice/*" | FT Operation, Description  

I have tried to create one with below. however, it was not working as expected could you please try this once ? & if its not please open a support case for more investigation.

{  
"Name": "Authrized IP AKS-admin",  
"IsCustom": true,  
"Description": "Manage Authrized IPs in AKS.",  
"Actions": [  
"Microsoft.ContainerService/managedClusters/read"  
],  
"NotActions": [],  
"DataActions": [  
"Microsoft.ContainerService/managedClusters/limitranges/*",  
"Microsoft.ContainerService/managedClusters/extensions/networkpolicies/"  
],  
"NotDataActions": [],  
"AssignableScopes": [  
"/subscriptions/75674f20-4004-48a8-aa99-1f92ebaba884"  
]  
}  

To create a Custom Role please check this document :https://learn.microsoft.com/en-us/azure/aks/manage-azure-rbac#create-custom-roles-definitions

Reference document : https://learn.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations#containers

Hope it helps!!!

Please "Accept as Answer" if it helped so it can help others in community looking for help on similar topics.