I would like to know under whose authority AKS is creating the resource.
I'm trying to create an Internal Loadbalancer in AKS, but it fails without permissions. However, I don't know who to give that privilege to. The account that connected to AKS or the managed identity of AKS ? Or something else ? Is the account that connected to AKS in the first place the same as the account that creates the AKS resources ? It would be great if you could tell me the source of the information as well, as I need the documentation to explain it to my boss. Best regards.
CodePudding user response:
I'm trying to create an Internal Loadbalancer in AKS, but it fails without permissions. However, I don't know who to give that privilege to. The account that connected to AKS or the managed identity of AKS ? Or something else ?
You will have to provide the required permissions to the managed identity of the AKS Cluster . So for your requirement to create a ILB in AKS
you need to give Network Contributor
Role to the identity.
You can refer this Microsoft Documentation
on How to delegate access for AKS to access other Azure resources.
Is the account that connected to AKS in the first place the same as the account that creates the AKS resources ?
The account which is connected to AKS is same as the account that created the AKS resources from Azure Portal (User Account) But different while accessing the Azure resources from inside the AKS (Managed Identity / Service Principal).
For more information you can refer this Microsoft Documentation
.