I need some help with Azure Kubernetes and security; this assignment was given to me at the last minute because HE waited until the last minute. I have three groups of AAD users: IT Management, Security Management, and Developers (multiple groups of developers). I believe that IT Management and Security Management should be given cluster-level permissions and that developers should be given access only to the namespace in which they should work. Now, I know next to nothing about this so I'm having problems.

First question: I'm having trouble finding out what the verbs actually do, which I figure are essentially to security (this is for RBAC btw, if that matters).

Second question is what permissions, cluster and namespace levels, should these groups actually have? I figured Security would need the ability to get, list, watch, and delete pods so that they can be monitored and destroyed if there were a security issue. IT Management I didn't figure was much different except they probably need to be able to create, update, and patch as well. Both of these groups, which will be AAD groups, would have these permissions cluster-wide. Namespace-wise, I would think developers would have full control of the development namespace and NO permissions beyond this. This way they can control access to anything within the dev namespace but not touch anything beyond it.

Third question is how do I see what AAD groups are actually assigned any permissions at all within the cluster or a namespace? I can describe both, but I can't seem to find out which groups are members of which groups. Like how do I see which groups are members of the cluster-admin group?

I'm sorry for being such a noob, I've researched for quite a while and I'm just not making the progress I need when combined with my other work, I wasn't expecting to have to do this, esp. last minute.

Thank you all