We have build AKS with Active directory and kubernetes RBAC enabled. The moment we disable the local admin account, deployment of any object becomes impossible with terraform.
I don’t want anyone to use --admin flag with az aks get-credentials. Any suggestion how to deploy kubernetes object in AKS using terraform without local account enabled.
In local machine, it is still possible that we can first fetch the credentials of AKS via RBAC and terraform kubernetes provider will automatically use them. But same is not possible with CI/CD because fetching credentials of AKS forces us to do interactive login into portal.azure.com which is a common behavior of RBAC enabled AKS.