Install-AksHciAdAuth
Synopsis
Install Active Directory authentication.
Syntax
Install-AksHciAdAuth -name <String>
-keytab [.\current.keytab]
[-previousKeytab <String>]
-SPN <String>
-adminUser <String>
[-TTL]
Install-AksHciAdAuth -name <String>
-keytab [.\current.keytab]
[-previousKeytab <String>]
-SPN <String>
-adminGroup <String>
[-TTL]
Install-AksHciAdAuth -name <String>
-keytab [.\current.keytab]
[-previousKeytab <String>]
-SPN <String>
-adminUserSID <String>
[-TTL]
Install-AksHciAdAuth -name <String>
-keytab [.\current.keytab]
[-previousKeytab <String>]
-SPN <String>
-adminGroupSID <String>
[-TTL]
Description
Install Active Directory authentication.
Examples
Example
Install-AksHciAdAuth -name mynewcluster1 -keytab <.\current.keytab> -previousKeytab <.\previous.keytab> -SPN <service/principal@CONTOSO.COM> -adminUser CONTOSO\Bob
If a cluster host is domain-joined
Install-AksHciAdAuth -name mynewcluster1 -keytab .\current.keytab -SPN k8s/apiserver@CONTOSO.COM -adminUser contoso\bob
If a cluster host is not domain-joined
Install-AksHciAdAuth -name mynewcluster1 -keytab .\current.keytab -SPN k8
Parameters
-name
The alphanumeric name of your Kubernetes cluster.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-keytab
The file path containing the keytab file. Make sure the file is named current.keytab.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-previousKeytab
The former keytab that was used before the Active Directory account password was updated. This is required when changing Active Directory passwords.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
- Service Principal Name (SPN)
The name of the service principal associated with the API server AD account.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-adminUser
Username of the admin to be given cluster admin permissions.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-adminGroup
The group name to be given cluster admin permissions.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-adminUserSID
The user SID to be given cluster admin permissions.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-adminGroupSID
The group SID to be given cluster admin permissions.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-TTL
Time to live (in hours) for -previousKeytab if given. Default is 10 hours.
Type: System.Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: 10
Accept pipeline input: False
Accept wildcard characters: False
Next steps
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for