The use of Azure Active Directory for AKS

[mlouage]

Hello

First of all, thanks for the great resource! I was wondering if the approach you took with creating a managed identity for the api server and the client is now considered legacy? I came across this documentation.

Which option would you use as of today?

[starkfell]

Hi Martin,

I'm glad to hear you are finding the content useful!

I would recommend choosing the option that's best suited to your environment with the following in mind:

• You are deploying your AKS Cluster in such a way that you can tear it down and recreate without loss of data.
• The AAD Integration that you choose is integrated into your teardown/redeployment process.

Unless you have a specific scenario you are dealing with, I'd go with the AKS-managed Azure Active Directory integration option as it requires less management overhead on your part.

If you have a specific scenario whereby you think you need to use Legacy integration, let me know.

[mlouage]

Thanks for the reply Ryan. The main requirement that I have is that the cluster is created with a managed identity so that no regular user is owner of the cluster. But I would like to easily manage the admins of the cluster. Since all of our users are part of the AAD the AKS-managed AAD integration seems a good fit indeed.

I'm finding the content you create very useful. I have discovered it through the Inside Azure Management channel on YouTube. I'm primarily a fullstack dev and I have used AKS more than actively setting it up. What still is a big unknown to me is how different users can have different rights in a AKS cluster, what rights are available etc. If that is a topic you would want to create a video about I would be very interested. I'm also willing to help out on that, I find that the best way to learn something is to want to teach it. Feel free to reach out!