I deployed my application pods in azure kubernetes service through VSTS. I have idea on kubernetes with RBAC on on-premise cluster through create users. Now what i want to do is like create some roles and assign different permissions on kubernetes resources for my developers and testers as well in azure kubernetes service. I researched on this and gone through differents links, but i didn't get any proper idea on that. As per my understanding, we can assign permissions for roles only users who have access on Azure Active Directory. if i am wrong Could anybody correct me.
I found one way like OpenID Connect Tokens. For this i referred the following link. but i don't have idea on what exactly identity provider is and how to generate the different tokens from Identity provider and client id and client token which are mentioned in the above link?
Could anybody help me out to do RBAC in Azure Kubernetes Service or Any alternative ways for this rather than which i mentioned above?
You can use Azure AD RBAC and or internal k8s RBAC (which is exactly the same as the one on your on-premises cluster).
For Azure AD RBAC you would use the same approach as for the internal k8s users, but you'd need to bind roles to Azure AD entities:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: binding_name
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: "azure_ad_group_guid"For internal k8s RBAC read the official doc.
For Azure AD RBAC read the official doc