AKS clusters use RBAC

Security · Azure Kubernetes Service · Rule · 2020_06 · Important

Deploy AKS cluster with role-based access control (RBAC) enabled.

Description

AKS supports granting access to cluster resources using role-based access control (RBAC). Additionally Azure Active Directory (AAD) integration with AKS allows, RBAC to be granted based on AAD user or group.

Recommendation

Azure AD integration with AKS provides granular access control for Kubernetes resources using RBAC.

RBAC is a deployment time configuration. Consider redeploying the AKS cluster with RBAC enabled.

Links

• Access and identity options for Azure Kubernetes Service (AKS)
• Authorization with Azure AD
• Best practices for authentication and authorization in Azure Kubernetes Service (AKS)
• Using RBAC Authorization
• Azure deployment reference
• Use role-based access control (RBAC)

Comments