Is it that I can't edit an AKS cluster on Azure?

Question

Now I want to integrate Azure AD with AKS as Integrate Azure Active Directory with Azure Kubernetes Service.

It is necessary to set these attributes to the AKS cluster:

• aad-server-app-id
• aad-server-app-secret
• aad-client-app-id
• aad-tenant-id

It can do like this:

az aks create \
  --resource-group myResourceGroup \
  --name myAKSCluster \
  --generate-ssh-keys \
  --aad-server-app-id b1536b67-29ab-4b63-b60f-9444d0c15df1 \
  --aad-server-app-secret wHYomLe2i1mHR2B3/d4sFrooHwADZccKwfoQwK2QHg= \
  --aad-client-app-id 8aaf8bd5-1bdd-4822-99ad-02bfaa63eea7 \
  --aad-tenant-id 72f988bf-0000-0000-0000-2d7cd011db47

From the az aks command list I didn't find an edit feature. So if I have created an AKS cluster, isn't there a way to set the Azure AD application IDs on the Kubernetes cluster?

Answer 1

Seems like you can't change the parameters due to the fact that this requires RBAC and you can see in the docs that a limitation is that once you create an non-RBAC cluster you can't modify it to be RBAC.

The way AKS (and EKS and GKE, although GKE allows you to modify more parameters) works is a complete control plane managed Kubernetes solution, so they can dictate whatever you can and cannot modify.

If you'd like to try AKS with AD I recommend creating a new cluster and if you have another older cluster without AD integration and running several workloads, you can move them gradually to the new cluster.

Answer 2

Unfortunately enabling RBAC on existing clusters is not supported at this time. You will need to explicitly create new clusters.

There is something you would want to know when you start to work with AKS. Follow this link to see more details.