K
Q

How can block azure aks get-credentials --admin and allow azure aks get-credentials only on azure?

12/3/2018

Use azure aks get-credentials --admin can get kubernetes admin config file and azure aks get-credentials can get only user config file on azure.

How to set something to deny user run azure aks get-credentials --admin?

-- Jingqiang Zhang
admin
azure
config
kubernetes

Similar Questions

how to auto scale spark job in kubernetes cluster
How to get number of pods running in prometheus
Failure Err: Not able to connect to any etcd endpoints - etcd: 0/1 connected: kubeadm
how to read docker image label on helm chart template
Controlling pod recovery from "Error: ImagePullBackOff" when Contrainer Registry is also inaccessible

1 Answer

12/3/2018

well, be default they cant run it, unless they have specific azure permissions. so by default you dont have to do anything. they shouldnt have this specific permission:

Microsoft.ContainerService/managedClusters/listClusterAdminCredential/action

which they would get if they are contributor for the AKS resource or resource group. They need this permission to get user credentials:

Microsoft.ContainerService/managedClusters/listClusterUserCredential/action
-- 4c74356b41
Source: StackOverflow