Invoke-AzAksRunCommand Run as Admin [Feature]:

[calumreesmmt]

Description of the new feature

Be able to force the Invoke-AzAksRunCommand to run as an admin instead of a user.

I recently had an issue where I was using this command in an automation account PS script. The System assigned managed identity had the correct RBAC roles, but when trying to run the command I would get the following error:

Error from server (Forbidden): deployments.apps is forbidden: User <System assigned managed Identity> cannot list resource "deployments" in API group "apps" in the namespace "linkerd-viz"

To get around this, I had to add the System assigned managed Identity to an Admin Azure AD Group on the cluster. But I'm wondering if there is a way to run the command as admin instead.

Proposed implementation details (optional)

Simular to the Import-AzAksCredential -ResourceGroupName $ResourceGroupName -Name $AKSName -Admin command. Have a flag for the Invoke-AzAksRunCommand to run as an admin i.e -Admin

If the "Azure Kubernetes Service Cluster Admin Role" or similar is assigned then Invoke-AzAksRunCommand should be able to run as an admin.

Example command:
Invoke-AzAksRunCommand -ResourceGroupName $ResourceGroupName -Name $AKSName -Command "kubectl rollout restart -n $namespace deployment " -DefaultProfile $AzureContext -Force -Admin

[dingmeng-xue]

@wyunchi-ms , please help to look into this requirement.

[wyunchi-ms]

Sorry, AKS doesn't support run a command as admin now.