Home > Enterprise >  az aks with --admin switch does not require a password?
az aks with --admin switch does not require a password?

Time:04-21

If I connect to my AKS cluster with,

az aks get-credentials --resource-group <rgname> --name <clustername> --admin

it does not require any credentials. Is this expected? Or is it using my "Az login" credentials and passing that through? My cluster is enabled for AD access but I was reading that the --admin flag can be used to force it to use the k8s admin. Should this be blocked for security reasons?

Sorry, quite new to AKS and Kubernetes.

CodePudding user response:

Yes, The below cmdlet will not require any addinational credential to connect to the AKS, Az login is enough to connect to the AKS who has access of subscription in which AKS created.

 az aks get-credentials --resource-group <rgname> --name <clustername> --admin

--admin flag can be used to force it to use the k8s admin. Should this be blocked for security reasons?

Yes you are correct,This should be blocked for secuirity purpose, But unfortunatlly switch –admin access on or off using a simple switch with az aks commands still in preview state, This is not recommanded for production use as of now.

For more information how to disable local user account (–admin) in Azure Kubernetes Service you can refer this document

There is also workaround given in this Github Disccussion you can also go through that.

  • Related