https://pulumi.com logo
Title
r

red-lighter-44012

10/29/2020, 4:01 PM
And one more question since I already invested over half an hour of googling 😄 AKS, I want to create a separate namespace (e.g.
team-foobar
) and have a kubeconfig that only includes permissions for that namespace. How should that be done, any docs on this? So far I've tried the following: - create new namespace - create new SP - create a new assignment, set Scope to
namespace.Id
and RoleDefinitionName to
Azure Kubernetes Service RBAC Writer
Is this correct and if yes - how do I get the kubeconfig?
Alright it seems that I was quite off-target. This seems to cover what im trying to achieve: https://docs.microsoft.com/en-us/azure/aks/azure-ad-rbac Now I need a way to do it the pulumi way. Might be a good opportunity for a new sample : D
b

billowy-army-68599

10/29/2020, 7:57 PM
let me know if I can help here, I have a little experience in this area!
r

red-lighter-44012

10/29/2020, 8:08 PM
Thanks @billowy-army-68599 I'll make sure to poke you tomorrow morning (in the middle of the night in your TZ) 😄 ! jk
I started following the same steps I used to set up the AKS service principal which has too much rights (provisioning load balancers and network resources). I think that this is what I actually need: https://www.pulumi.com/docs/guides/crosswalk/kubernetes/configure-access-control/ Just need to adapt it to our env, test it a bit, figure out how to get the kubeconfig and its probably gonna be half past midnight again 🤷‍♂️