Share via

Azure Arc Kubernetes - How do you enable AAD Authentication for a given cluster

Duncan House 40 Reputation points
Dec 5, 2024, 2:42 PM

How do you enable AAD Authentication for a given K8s cluster within Azure Arc. I want to manage the use of Azure RBAC for viewing the azure resource(s), namespaces, workloads, etc.

See image below

User's image

Azure Arc
Azure Arc
A Microsoft cloud service that enables deployment of Azure services across hybrid and multicloud environments.
459 questions
Azure Kubernetes Service Edge Essentials
Azure Kubernetes Service Edge Essentials
An on-premises implementation of Azure Kubernetes Service that automates running containerized apps at scale on lightweight PC-class devices.
6 questions
{count} votes

Accepted answer
  1. Jeff Pigott 160 Reputation points Microsoft Employee
    Dec 27, 2024, 4:30 PM

    If you plan to use RBAC you may need to set these commands on the user or group.

    If you had this setup before, you will need to delete this first before resetting the clusterrolebinding. As others mentioned the user or group of users need to have this role assigned "Azure Arc Kubernetes Viewer*"***

    kubectl delete clusterrolebinding demo-user-binding

    For configuring just one user you use the AAD user “name” vs Object ID.

    kubectl create clusterrolebinding demo-user-binding --clusterrole cluster-admin --user=`username@yourdomain.com` 

    When setting this for a Group, use the Object ID for the group vs. the name of the group.

    kubectl create clusterrolebinding demo-user-binding --clusterrole cluster-admin   --group=AAD_GROUP_OBJECT_ID

    https://jpigott.com/2023/11/azure-arc-kubernetes-access-by-rbac-roles-for-a-user-or-groups/

    https://learn.microsoft.com/en-us/azure/azure-arc/kubernetes/cluster-connect?tabs=azure-cli%2Cagent-version


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.