Disabling Azure Active Directory RBAC in Azure Kubernetes Service

1/2/2019

Is it possible to temporarily disable Azure Active Directory RBAC in Azure Kubernetes Service? The reason I ask is because we are unable to set up automated tasks (like continuous integration) because authenticating against kubectl now requires human intervention to complete device code auth - I have another post here regarding that. Perhaps even just disabling Kubernetes RBAC will bypass the need to authenticate with AD? I would do this until a solution to the issue is available.

-- Dave New
azure
azure-active-directory
azure-kubernetes

1 Answer

1/3/2019

Although there is no document exactly say that you cannot disable the RBAC of an existing AKS cluster. But it shows that enabling role-based access control (RBAC) on existing clusters isn't supported at this time. In my opinion, it also means that you cannot disable the RBAC on existing AKS cluster. And it seems there is no way to achieve it, no matter Azure CLI, PowerShell or REST API.

I think the RBAC is a setting for AKS cluster and it could not be changed after it created now. We can expect that it could be changed in the future. Hope this will help you.

-- Charles Xu
Source: StackOverflow