How to refresh AKS RBAC role assignment?

Asked Sep 01 '23 at 07:50

Active Sep 01 '23 at 07:50

Viewed 16 times

I depoloyed this rbac manifest to cluster:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: rbac-reader
subjects:
- kind: Group
  name: AKS_READER
roleRef:
  kind: ClusterRole
  name: view
  apiGroup: rbac.authorization.k8s.io

Im applying build-in role: view to the AAD group AKS_READER for a whole cluster. I tested it with my team member account. I deleted him from previously set group which had role: Azure Kubernetes Service Cluster User Role and also deleted him as a Contributor on a cluster and then added him to the new group AKS_READER, but when he ran command: kubectl auth can-i create pods the output is still 'yes'. Do I need somehow refresh these rights? Does the user needs to run again: az aks get-credentials .... ?

asked Sep 01 '23 at 07:50

Michael

How to refresh AKS RBAC role assignment?

0 Answers0