Migration from non-RBAC to RBAC

Azure / AKS

Azure Kubernetes Service

https://azure.github.io/AKS/

1.97k stars 306 forks source link

Migration from non-RBAC to RBAC #3287

Open CocoWang-wql opened 2 years ago

CocoWang-wql commented 2 years ago

Is your feature request related to a problem? Please describe. We used terraform to create AKS clusters which are not enabled RBAC by default. Now all the non-RBAC enabled clusters could not use many security features such as TLS bootstrap, cert auto-rotation.

Currently we need to rebuild but no other good choice to migrate cluster from non-RBAC to RBAC.

Describe the solution you'd like A feature that supports migrating cluster from non-RBAC to RBAC.

carvido1 commented 2 years ago

Hello @CocoWang-wql.

We have a cluster that is using Local accounts with Kubernetes RBAC and we can change the configuration to start using either Azure ID authentication with Kubernetes RBAC or Azure ID authentication with Azure RBAC.

Can you check your cluster configuration to see if you can enable any of the both options mentioned before?

EJASKHAN commented 1 year ago

Hello @CocoWang-wql.

We have a cluster that is using Local accounts with Kubernetes RBAC and we can change the configuration to start using either Azure ID authentication with Kubernetes RBAC or Azure ID authentication with Azure RBAC.

Can you check your cluster configuration to see if you can enable any of the both options mentioned before?

For us, RBAC is disabled in our cluster, is it possible to enable it without recreating the cluster ?

CocoWang-wql commented 1 year ago

Hello @EJASKHAN, Kubernetes RBAC is enabled by default during AKS creation currently. If your cluster is not enabled Kubernetes RBAC, you need to rebuild the AKS cluster. For CLI client, you need the Azure CLI version 2.0.61 or later installed and configured. For terraform client, you need to use v2.99.0 or later.