Create the following file and save it as readonly-azure-aad-group.yaml:
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: read-only
roleRef:
kind: ClusterRole #this must be Role or ClusterRole
name: read-only # this must match the name of the Role or ClusterRole you wish to bind to
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: Group
apiGroup: rbac.authorization.k8s.io
name: "<insert the read-only group id here"
Run the following command to create the read-only role, but this time access is given to anyone who is present in the group:
kubectl create -f readonly-azure-aad-group.yaml