How to configure RBAC for human user in AKS without Azure AD Integration

Currently Azure recommend to use AAD Integration with AKS if there is requirement for human user rbac management.

Since AKS is a managed kubernetes cluster, user won’t be able to get the access to the CA private key. If we want to sign client certificate for different user, we could use ‘

Note: The AKS version in this blog is v1.21.7.

Below are detailed steps.

  1. Install cfssl/openssl in your local environment
  2. We are going to create a CSR and private key for user named ‘testuser1’

3. Send the CSR to apiserver

4. Get the CSR approved

5. Download the issued certificate

6. Configure the kubeconfig file

kubectl config set-cluster

kubectl config set-credential

kubectl config set-context

7. Configure the rbac

Before we configure the rbac

After we configure the rbac

It needs some manual work to distribute the certificate to different user but doesn’t require AAD integration.



Interested in CloudNative | CKA&Azure Associate Admin&ITIL |

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store