Jingqiang Zhang
Reputation: 1049
How can block azure aks get-credentials --admin and allow azure aks get-credentials only on azure?
Use azure aks get-credentials --admin can get kubernetes admin config file and azure aks get-credentials can get only user config file on azure.
How to set something to deny user run azure aks get-credentials --admin?
Upvotes: 1
Views: 1561
Answers (1)
4c74356b41
Reputation: 72171
well, be default they cant run it, unless they have specific azure permissions. so by default you dont have to do anything. they shouldnt have this specific permission:
Microsoft.ContainerService/managedClusters/listClusterAdminCredential/action
which they would get if they are contributor for the AKS resource or resource group. They need this permission to get user credentials:
Microsoft.ContainerService/managedClusters/listClusterUserCredential/action
Upvotes: 3
Related Questions
- Azure Kubernetes Error when running "az aks get-credentials" command
- Use AKS services with Azure API Management
- disable kubelogin for azure kubernetes services
- How to obtain Azure credentials using kubectl?
- How to access Azure Key Vault with Network Security Policy enables?
- Azure Kubernetes Service- Get kubeconfig for non-admin AD app identity
- AKS: --api-server-authorized-ip-ranges filter
- Where to find Kubernetes API credentials with AKS?
- Disabling Azure Active Directory RBAC in Azure Kubernetes Service
- Security in Azure Managed Kubernetes Service (AKS)