Hello, and welcome to Managing Access to AKS with Azure RBAC.

Azure RBAC (Role-Based Access Control) is a feature that allows you to provide granular access to AKS resources across one or more subscriptions. It allows you to define access to the Kubernetes configuration file in AKS by using Azure role definition and role assignments. Azure RBAC allows you to assign built-in roles or to create custom roles, just as you would with Kubernetes roles.

For example, you can use the AKS Contributor role to upgrade a cluster. However, the Azure Kubernetes Service Cluster Admin role only allows permission to pull the Admin kubeconfig. You could give your user the general Contributor role, which allows the user to perform every action possible on the AKS resource, except managing permissions. It's important to note that you need to enable Azure RBAC for Kubernetes authorization before using Azure RBAC for Kubernetes Authorization.

AKS provides four built-in roles, similar to the Kubernetes built-in roles, but with a few differences, like supporting CRDs. The built-in roles are Azure Kubernetes Service RBAC Reader, Azure Kubernetes Service RBAC Writer, Azure Kubernetes Service RBAC Admin, and Azure Kubernetes Service RBAC Cluster Admin. Each role has different permissions. The table on your screen shows how these permissions differ.

So, the key takeaway here is that Azure RBAC is a feature that allows you to control access to AKS resources across one or more subscriptions. It allows you to assign built-in roles or create custom roles, and it uses Azure role definition and role assignments to manage permissions. You need to enable Azure RBAC for Kubernetes authorization before using this feature, and you should familiarize yourself with the four built-in roles that AKS provides.