In this chapter, we learned how to secure your AKS cluster with role-based security by leveraging Azure Active Directory as the authentication provider. We created a service role that lets you assign read-only or read/write access to Kubernetes resources, and we looked at some advanced features.  First, we showed you how to create the AAD server application. Then we created the client application. After that, we showed you how to get the AAD tenant ID and deployed the cluster. Once we had the RBAC-enabled solution deployed, we tested the read-only feature by creating users in the Active Directory. We then created a read-only group and added the user to it. We finished the chapter by creating the read-only user role and binding the role to the AAD group of the user.

In the next chapter, you will learn how to authorize Kubernetes cluster applications to connect to other Azure services, such as Azure SQL databases and Event Hubs.