How can we improve the Azure Kubernetes Service (AKS)?

Integrate PIM with AAD enabled clusters

If you elevate yourself to the Cluster Admin Role via PIM you can download cluster admin credentials with the command:

az aks get-credentials -n my_cluster -g my_rg --admin

If you then deactivate the role via PIM, you can still use the admin credentials locally. It would be nice if we could somehow set an expiration time to stop those credentials from working (from the client that requested them via PIM elevation) after the requested time frame, or if we could invalidate them via a token of some sort.

6 votes
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)

We’ll send you updates on this idea

Dylan shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...
An error occurred while saving the comment

Feedback and Knowledge Base