Comments (2)
mathieu-benoit
commented on June 2, 2024
az role assignment list --assignee $spId --all -o table
Before az aks create:
Principal Role Scope
------------------- ----------- ----------------------------------------------------------------------------------------------------------------
http://$rg Contributor /subscriptions/$subscriptionId
After az aks create:
Principal Role Scope
------------------- ----------- ----------------------------------------------------------------------------------------------------------------
http://$rg Contributor /subscriptions/$subscriptionId
http://$rg Contributor /subscriptions/$subscriptionId/resourceGroups/MC_$rg_$aks_$location
from myakscluster.
mathieu-benoit
commented on June 2, 2024
Not working yet with a dedicated SP per AKS cluster, with least privilege and scoped to that AKS resource.
Need to take into account this on the "master" SP:
If you're authenticating using a Service Principal then it must have permissions to both Read and write all applications and Sign in and read user profile within the Windows Azure Active Directory API.
Taken from this: https://www.terraform.io/docs/providers/azurerm/r/azuread_service_principal_password.html
hashicorp/terraform-provider-azuread#35
I can't do that with the Microsoft's AAD.
from myakscluster.
Related Issues (20)
- (Alpha) Etcd with Azure CosmosDB
- Leverage Azure Security Center
- Availability Zones HOT 3
- CIS Kubernetes Benchmark with kube-bench
- [ACR] Patch base image
- Hunt for security weaknesses with kube-hunter
- [KeyVault] VNET and Firewall rules integration
- [Pipelines] Private Agent in VNET HOT 1
- Standard Load Balancer
- Windows nodes pool HOT 1
- Multiple Node Pools HOT 2
- [kured] Use the Helm chart HOT 1
- [kured] Notifications when OS upgrade process triggered/done HOT 1
- Azure Application Gateway Ingress Controller
- [ACR] Azure Monitor with ACR
- Private Cluster
- [Monitor] Optimize data collection HOT 4
- Managed Identity HOT 4
- Add NSGs HOT 2
- Uptime SLA HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from myakscluster.