Sequence of commands to replace cluster administrator in AKS (with RBAC)

4/13/2019

I am looking at replacing the current cluster administrator (single user account) with a service account as well as a group account. Does the follow sequence of action make sense? a) Create a cluster role binding (with the 2 new subjects) b) Delete the existing cluster role binding (with the existing subject)

Also, does the act of editing cluster admins have an impact on other resources with the cluster?

-- Nick
azure-aks
kubernetes

1 Answer

4/13/2019
  1. Yes, that would work, just create a new cluster role binding and delete the old one
  2. No, editing cluster role bindings have no effect on other resources unless they are using that service account\user which was using the cluster role binding (i.e. tiller or pod service accounts).
-- 4c74356b41
Source: StackOverflow