Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Synopsis
Install Active Directory authentication.
Syntax
Install-AksHciAdAuth -name <String>
-keytab [.\current.keytab]
[-previousKeytab <String>]
-SPN <String>
-adminUser <String>
[-TTL]
Install-AksHciAdAuth -name <String>
-keytab [.\current.keytab]
[-previousKeytab <String>]
-SPN <String>
-adminGroup <String>
[-TTL]
Install-AksHciAdAuth -name <String>
-keytab [.\current.keytab]
[-previousKeytab <String>]
-SPN <String>
-adminUserSID <String>
[-TTL]
Install-AksHciAdAuth -name <String>
-keytab [.\current.keytab]
[-previousKeytab <String>]
-SPN <String>
-adminGroupSID <String>
[-TTL]
Description
Install Active Directory authentication.
Examples
Example
Install-AksHciAdAuth -name mynewcluster1 -keytab <.\current.keytab> -previousKeytab <.\previous.keytab> -SPN <service/principal@CONTOSO.COM> -adminUser CONTOSO\Bob
If a cluster host is domain-joined
Install-AksHciAdAuth -name mynewcluster1 -keytab .\current.keytab -SPN k8s/apiserver@CONTOSO.COM -adminUser contoso\bob
If a cluster host is not domain-joined
Install-AksHciAdAuth -name mynewcluster1 -keytab .\current.keytab -SPN k8
Parameters
-name
The alphanumeric name of your Kubernetes cluster.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-keytab
The file path containing the keytab file. Make sure the file is named current.keytab.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-previousKeytab
The former keytab that was used before the Active Directory account password was updated. This is required when changing Active Directory passwords.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
- Service Principal Name (SPN)
The name of the service principal associated with the API server AD account.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-adminUser
Username of the admin to be given cluster admin permissions.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-adminGroup
The group name to be given cluster admin permissions.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-adminUserSID
The user SID to be given cluster admin permissions.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-adminGroupSID
The group SID to be given cluster admin permissions.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-TTL
Time to live (in hours) for -previousKeytab if given. Default is 10 hours.
Type: System.Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: 10
Accept pipeline input: False
Accept wildcard characters: False