Azure kubernetes – RBAC? – Stack Overflow


We are using the below approach on our Azure kubernetes implementation

  1. Azure devops with service principal to setup the Azure kubernetes clusters
  2. Azure devops with service principal to build and store the docker images on ACR
  3. Azure devops with service principal to build and store the Helm packages on ACR
  4. Azure devops with service principal to deploy the Helm packages on the Azure kubernetes
  5. Auto scaling is enabled at the cluster level
  6. Horizontal pod scaling is set at the application level
  7. Azure managed identity is used to access the Azure resources
  8. Azure devops with service principal is used to handle the Canary deployment
  9. Prometheous and Grafana is used for monitoring
  10. Istio is used as a service mesh

As everything is automated, who would need access to the Azure kubernetes clusters & why? What kind of RBAC permissions they may need.