In this lab, you'll create an Azure AD Group for AKS Admins. These "admins" will be the designated users who can access the AKS cluster using kubectl.
- Sufficient permissions to create Azure AD groups
-
Run the Script Execute the following command in your terminal:
./scripts/create-azure-ad-group.sh
-
What the Script Does
The script performs these actions:
- Creates an Azure AD Group named
devopsthehardway-aks-group - Adds the current user (logged into Az CLI) to the
devopsthehardway-aks-group - Outputs the Azure AD Group ID
- Creates an Azure AD Group named
Important Note Make sure to note down the Azure AD Group ID displayed at the end of the script execution. You'll need this for AKS Terraform configurations later.
To ensure the group was created successfully:
- Log into the Azure Portal
- Navigate to Azure Active Directory > Groups
- Search for
devopsthehardway-aks-group - Verify that your user account is listed as a member:
After running the script, consider these questions:
- Why is it beneficial to use Azure AD groups for AKS admin access?
- How does this group-based access improve security compared to individual user access?
- In what ways might you further modify the AD group for different levels of access?
Consider setting up multiple AD groups with different levels of access (e.g., read-only, developer, admin) to implement a more granular access control strategy for your AKS clusters.