AKS Learn feedback: Performing upgrade operations requires more permissions than the Microsoft.ContainerService/managedClusters/agentPools/write RBAC role. #62
Recently customer raised one case about the required permission to upgrade the AKS cluster. I find the AKS document mentions that Microsoft.ContainerService/managedClusters/agentPools/write RBAC role is required.
When it comes to "Microsoft.OperationsManagement/solutions/write", if you have Insights enabled, you will encounter the error message as below. The permission is related to the Log Analytics Workspace.
Please double check this and update the document if needed. Thank you!
schaffererin
commented
5 days ago
Type of issue
Missing information
Feedback
Recently customer raised one case about the required permission to upgrade the AKS cluster. I find the AKS document mentions that Microsoft.ContainerService/managedClusters/agentPools/write RBAC role is required.
https://learn.microsoft.com/en-us/azure/aks/upgrade-aks-cluster?tabs=azure-cli
However, after testing in my side, I find the following permissions are needed.
"Microsoft.ContainerService/managedClusters/read" "Microsoft.ContainerService/managedClusters/write", "Microsoft.ContainerService/managedClusters/agentPools/write", "Microsoft.OperationsManagement/solutions/write",
When it comes to "Microsoft.OperationsManagement/solutions/write", if you have Insights enabled, you will encounter the error message as below. The permission is related to the Log Analytics Workspace.
Please double check this and update the document if needed. Thank you!
Page URL
https://learn.microsoft.com/en-us/azure/aks/upgrade-aks-cluster?tabs=azure-cli
Content source URL
https://github.com/MicrosoftDocs/azure-aks-docs/blob/main/articles/aks/upgrade-aks-cluster.md
Author
@schaffererin
Document Id
8d00782b-677b-819b-4709-c23a76510b07