K
Q

Minimum permission to view live data - Azure Kubernetes

9/30/2019

I have enabled Kubernetes RBAC authorization in all my Azure kubernetes clusters. Now I need to give permissions for viewing live data in containers tab

enter image description here

How can I do it? Which is the minimum premission needed?

Thanks

-- exitista
azure
azure-aks
azure-kubernetes

Similar Questions

replace code yaml with code replacer plugin version 1.5.1
Production ready Kubernetes redis
service kube-system/heapster has no node port, Grafana no health point
Pod template for specifying tolerations when running Spark on Kubernetes

1 Answer

10/26/2019

As far as I understand from my investigation, if you want to do it using Azure Built-in roles, you need the following three roles at the very least:

  • Reader role assignment scoped to the AKS cluster to be able to discover the cluster
  • Azure Kubernetes Service Cluster User Role role assignment scoped to the AKS cluster as mentioned in the note atop the page in the docs. This is needed to allow access to Microsoft.ContainerService/managedClusters/listClusterUserCredential/action API call. This API call lists the cluster user credentials.
  • Log Analytics Contributor role assignment scoped to the Log Analytics workspace associated to the AKS cluster. This is needed to execute an Analytics query for data, i.e., perform a /workspaces/{workspaceId}/query API call. More here.

This should let one pull up the live data for containers. If not comfortable with this approach, you might also create a Custom Role allowing only those exact actions.

Hope this helps!

-- BhargaviAnnadevara-MSFT
Source: StackOverflow