Supporting Azure RBAC for AKS Cluster

[nitinnbisht]

Hello,

I am trying to enable Azure RBAC support for the AKS cluster provisioned by the module.

But it seems that it is not supported yet, locally I have tested the cluster creation by modifying the azurerm_kubernetes_cluster resource with following snippet:

  role_based_access_control {
    enabled = var.enable_role_based_access_control

    dynamic "azure_active_directory" {
      for_each = var.enable_role_based_access_control && var.rbac_aad_managed ? ["rbac"] : []
      content {
        managed                = true
        admin_group_object_ids = var.rbac_aad_admin_group_object_ids
        azure_rbac_enabled     = true
      }
    }

It works great, but is the addition of azure_rbac_enabled something in the works already?

If not, I would be glad to contribute, may be adding another variable to support Azure RBAC?

[sosoriov]

Any progress about this?

[nitinnbisht]

I have raised the PR, let see when it is reviewed.

[tmiroslav]

What is status with this? I am facing same issue I think. While managing AKS cluster using azurerm_kubernetes_cluster resource, it's not possible to manage admin_group_object_ids. Any work has been done so far on managing Azure AD group as part of role_based_access_control in AKS?

role_based_access_control {
    enabled = true
    azure_active_directory {
      managed                = true
      azure_rbac_enabled     = true
      admin_group_object_ids = var.ad_aks_admin_group_id
    }
  }

[lonegunmanb]

Apology for this late reply, I'm closing this issue because I believe this feature has been implemented already, please feel free to reopen it if you have any further question folks, thanks!