In production systems, you need to allow different personnel access to certain resources; this is known as role-based access control (RBAC). This chapter will take you through how you can turn on RBAC on AKS and practice assigning different roles with different rights. Users would be able to verify that their access is denied when trying to modify resources that they do not have access to. The benefits of establishing RBAC are that it acts not only as a guardrail against the accidental deletion of critical resources but also an important security feature to limit full access to the cluster to roles that really need it.

The following topics will be covered in this chapter:

• Service roles in Kubernetes
• Attaching service roles to Azure AD users
• Verifying RBAC