Azure-docs: ARM template support
Is there a resource template support for setting the --aad-server-app-id and --aad-server-app-secret parameters?
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: a47c6df7-5103-1336-eb0b-68f95155e6c8
- Version Independent ID: f4420b08-9b57-f581-fcb4-f069afdd5b0c
- Content: Integrate Azure Active Directory with Azure Kubernetes Service
- Content Source: articles/aks/aad-integration.md
- Service: container-service
- GitHub Login: @iainfoulds
- Microsoft Alias: iainfou
rzal
All 4 comments
Thanks for the question! We are investigating and will update you shortly.
mimckitt
on 24 Jul 2018
@iainfoulds are you aware if this is available yet? Seeing as this feature is still in preview we might not have it available yet.
mimckitt
on 25 Jul 2018
@rzal
In your ARM template you can do this:
"type": "Microsoft.ContainerService/managedClusters",
"location": "[parameters('location')]",
"name": "[parameters('resourceName')]",
"properties": {
"aadProfile": {
"clientAppID" : "....",
"serverAppID" : "....",
"serverAppSecret" : "...",
"tenantID" : "..."
},
"kubernetesVersion": "[parameters('kubernetesVersion')]",
"enableRBAC": "[parameters('enableRBAC')]",
ivog
on 25 Jul 2018
@rzal As @ivog notes, you can define some of those parameters in a template, but there is still likely a portal step required to grant permissions for the app depending on what level of automation you're working towards here. There are some in-progress updates to provide a more automated way of provisioning these, and there's some existing information available here that may help with what you're trying to achieve - https://github.com/shanepeckham/AKS_Security/blob/master/Azure/AD_RBAC/README.md
You can also file feature requests against AKS for new scenarios with regards to the AAD integration at https://aka.ms/aks/feedback
@MicahMcKittrick-MSFT For now, #please-close
iainfoulds
on 25 Jul 2018
Related issues
bdcoder2
·
3Comments
JamesDLD
·
3Comments
Ponant
·
3Comments
paulmarshall
·
3Comments
spottedmahn
·
3Comments
Most helpful comment
@rzal As @ivog notes, you can define some of those parameters in a template, but there is still likely a portal step required to grant permissions for the app depending on what level of automation you're working towards here. There are some in-progress updates to provide a more automated way of provisioning these, and there's some existing information available here that may help with what you're trying to achieve - https://github.com/shanepeckham/AKS_Security/blob/master/Azure/AD_RBAC/README.md
You can also file feature requests against AKS for new scenarios with regards to the AAD integration at https://aka.ms/aks/feedback
@MicahMcKittrick-MSFT For now, #please-close