Azure Lighthouse delegated subscription's resource AKS cluster access

Jitu Lene 21 Reputation points
2022-10-12T07:45:42.813+00:00

I have onboarded the customer account to Azure Lighthouse and accessed all the Azure services (e.g. AKS cluster) of the delegated subscription but unable to access the cluster resources.

The problem is the AKS cluster has roles and role bindings for customer tenant users (not service provider's users). If I add the cluster roles and role bindings for Service Provider users, the cluster doesn't allow service provider users to authenticate (because it is not present in the customer tenant).

Is there any way I can add a service provider users in the delegated subscription's AKS cluster without adding them to the customer tenant?

Azure Lighthouse
Azure Lighthouse
An Azure service that provides secure managed services and access control for partners and customers.
71 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,965 questions
0 comments
Accepted answer
  1. Stanislav Zhelyazkov 21,931 Reputation points MVP
    2022-10-12T12:03:54.01+00:00

    Hi,
    Lighthouse supports only actions that target the management plane of Azure. In this case I think you are trying to give access to the data plane of the AKS resource which is not possible with Lighthouse as it does not support data plane operations, only management plane ones. The only option is to add users from your tenant - they can be guest users or members.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest