Enable RBAC after the deployment

[SamirFarhat]

Hi,

It's possible to enable the RBAC after the deployment of AKS. Something like az aks set ....

It's good to see it on the documentation too. Thanks

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: a47c6df7-5103-1336-eb0b-68f95155e6c8
• Version Independent ID: f4420b08-9b57-f581-fcb4-f069afdd5b0c
• Content: Integrate Azure Active Directory with Azure Kubernetes Service
• Content Source: articles/aks/aad-integration.md
• Service: container-service
• GitHub Login: @iainfoulds
• Microsoft Alias: iainfou

[mimckitt]

Thanks for the feedback! We are currently investigating and will update you shortly.

[mimckitt]

@iainfoulds @neilpeterson do either of you know if it is possible to do this on an existing cluster? I thought I remembered we could not do it at this point as the feature is still in preview. But I am not finding any actual references to it so I am not sure.

[mimckitt]

@SamirFarhat we reached out to the product teams and confirmed it is not possible to enable after deployment.

@iainfoulds can we get this info added to the doc for future reference?

[iainfoulds]

@MicahMcKittrick-MSFT Yep, I'll a note to the doc to make it clear.

[SamirFarhat]

This is not a good news. But, i think that you have to recommand tge following. "Because enabling RBAC after deployment is not supported, we recommand that you create an empty Security group and assign it permissions during the AKS clisyer creation. You can add users to this group on the future. IMHO, this is a good workaround. Thanks

[CriGrigore]

Hi @MicahMcKittrick-MSFT I am really interested in this topic. If we have deployed the cluster when AKS was in preview mode and RBAC was not supported now the AKS is in GA do we have to create a new cluster with RBAC support or we can modify the existing one?

Thanks a lot!

[iainfoulds]

@CriGrigore You'd need to recreate the cluster with RBAC enabled at creation time. It's not currently supported to enable RBAC on an existing cluster.

[CriGrigore]

@iainfoulds Thanks for your answer. Is here any ETA for when it will be supported to enable RBAC on an existing cluster? Moreover, do you know when the online documentation will be uptaded?

[iainfoulds]

@CriGrigore Sorry, I don't have an ETA. The PG simply let us know it wasn't currently possible. I don't think there would be any enablement for clusters created pre-GA or even pre-RBAC preview. RBAC itself is due to come out preview shortly, at which point there may be more information as to whether this functionality will be implemented. Docs are updated in sync with updated features from engineering going live.

[badalk]

Folks, I have the existing deployment and the RBAC was enabled on the existing cluster. We did not set the server application id, secrent and client application id at that point, so how do you now associate all of that to the cluster. i.e. instead of providing it in the create command, be able to update it later? I dont see any option on the portal too. Do I have to re-create the cluster?