Azure-docs: Two different methods of RBAC with AKS

Created on 20 Dec 2018 · 4Comments · Source: MicrosoftDocs/azure-docs

What are the differences between the RBAC setup in this tutorial vs. the one found here: https://docs.microsoft.com/en-us/azure/aks/aad-integration#create-client-application

The results seem very different regarding admin/user credentials, as well as what is set up in Azure Active Directory. I can elaborate on what I've found, but it's kind of complex. I'm hoping that someone who understands this better can summarize, as well as provide a recommendation on which method to use.

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: d4af71a4-648e-580f-7e86-94ce05196de5
Version Independent ID: 134b8ba0-b085-076a-d2e1-16d0ddff5586
Content: Kubernetes on Azure tutorial - Deploy a cluster
Content Source: articles/aks/tutorial-kubernetes-deploy-cluster.md
Service: container-service
GitHub Login: @iainfoulds
Microsoft Alias: iainfou

container-servicsvc cxp in-progress product-question triaged

Source

jpetitte

All 4 comments

Thanks for the feedback! We are currently investigating and will update you shortly.

mimckitt on 20 Dec 2018

@iainfoulds @seanmck could either of you clarify on this?

mimckitt on 20 Dec 2018

The tutorial indicates that by default, Kubernetes RBAC is enabled and is used. The second article is to extend that and integrate Azure Active Directory (AD) so that you can use a central identity for users and groups when you define and apply those Kubernetes role-based access controls.

You can use Kubernetes RBAC without Azure AD. There are a lot more steps involved in the Azure AD integration, which is why it isn't covered in the tutorial.

Not sure what the doc question is?