AKS Access

Previous Next

How to access AKS clusters generated by pltf.

Kubeconfig

  1. Fetch outputs: 
    pltf terraform output -f env.yaml -e <env> --json
    Note k8s_cluster_name, k8s_endpoint, and k8s_ca_data (output names may be prefixed if there are duplicates).
  2. Authenticate and update kubeconfig: 
    az login
az aks get-credentials \
  --name <cluster> \
  --resource-group pltf-<env> \
  --subscription <subscription-id>
    Use the subscription from environments.<env>.account.

Generated Terraform already configures Kubernetes and Helm providers using these outputs when you run pltf terraform plan/apply.

Azure RBAC and Kubernetes RBAC

AKS uses Azure RBAC + Kubernetes RBAC. Assign access through AAD groups and Kubernetes bindings.

Example cluster role binding: 

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: platform-admins
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: Group
    name: "<aad-group-object-id>"
    apiGroup: rbac.authorization.k8s.io

Summary

  • Use az aks get-credentials to access the cluster.
  • Manage access with AAD groups and Kubernetes RBAC bindings.
Overview AKS Upgrade