When deploying an AKS cluster, even if you configure RBAC or AAD integration, local accounts will be enabled by default. This means that, given the right set of permitions, a user will be able to run the az get-credentials command with the --admin flag which will give you a non-audtibale access to the cluster. But …

One question I often get from by my customers is how to use Azure Active Directroy to protect their Node.js or .NET APIs. Every single time I answer by redirecting them to this amazing post (Proteger una API en Node.js con Azure Active Directory ), written in spanish, by my friend and peer Gisela Torres (0gis0 ). …