Skip to content

AKS Learn feedback: #257

New issue
New issue
Open
Open
AKS Learn feedback:#257
Labels
Pri3
@anandraowpp

Description

@anandraowpp
anandraowpp
opened on Jun 19, 2025

Type of issue

Outdated article

Feedback

Hi,
There are couple of issues with documentation.

  1. For the Microsoft Entra ID with Azure RBAC for Kubernetes Authorization it says that "The admin roles field on the Configuration tab is irrelevant when Azure RBAC for Kubernetes Authorization is enabled.", but in reality, when I have a cluster with the method "Microsoft Entra ID with Azure RBAC" , I am able to configure an Azure Entra group as admin , and any member of this group has got full admin access. But the document says that admin roles in configuration tab is irrelevant.
  2. With "Microsoft Entra ID with Azure RBAC for Kubernetes Authorization", the kubernetes roles bindings are also working. I can create a native kubernetes role binding using a yaml and use it. I believe this should be added to documentation. The fact is when we have a cluster with "Entra ID authentication with Azure RBAC" method, we can use both the Azure RBAC roles and kubernetes RBAC roles to be able to manage API operations in the cluster. Also the admin group configured for the cluster, gets a kubernetes cluster admin role and able to do any operation.
  3. I also found a potential risk : I removed the user from admin group, but still from the azure portal, this user is able to delete a deployment. The Azure portal is not in sync with the kubectl. Once I removed the user from the admin group, I regenerated the kubeconfig and kubectl stopped working as expected, however, from Azure portal I still had full access and it allowed me to delete the deployment.
  4. If the admin group to work is expected, then the document needs to be updated with the information that "even with Entra ID with Azure RBAC, we can enable an admin group that will have full access to the cluster" These members to not really require one of the "Azure Kubernetes Service RBAC..." roles.
Image Image

I have uploaded the relevant screenshots.

Page URL

https://learn.microsoft.com/en-us/azure/aks/concepts-identity

Content source URL

https://github.com/MicrosoftDocs/azure-aks-docs/blob/main/articles/aks/concepts-identity.md

Author

@palma21

Document Id

b2630e0a-ce96-0dca-54ac-8d799079d99e

Platform Id

bd3f513f-33e9-cac8-677e-932b998bef49

Metadata

Metadata

Assignees

No one assigned

    Labels

    Pri3

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions