Hi,

When onboarding the Apigee Hybrid 1.4.x to Azure clustered AKS.

Listing the RBAC, let me know, if any additional RBAC need to be considered ? or any of listed RBAC may not be applicable or duplicates ?

A. RBAC for Apigee Hybrid (Runtime) should cover

1. Northbound RBAC and authentication with Runtime Ingress ( 'Default Istio Ingress ' in Apigee Runtime Plane).
2. RBAC of Apigee Hybrid setting up in Apigee UI (User onboarding to Apigee Hybrid like Developer, Tester, Operation Lead etc.)
3. Do we require any RBAC configuration required for Apigee Connect Agent or MART & UCDA and Syncronizer (in Apigee Runtime) ? or not applicable ?
4. Message Processor to Backend application RBAC will be taken care by OAUTH /Authorization Server.

Updating the Apigee UI RBAC to onboard different users listed is same as 'Default Istio Ingress' RBAC (Meaning point 1 and 2 is same? or Apigee Hybrid 1.4.x ('Default Istio Ingress' will require additional RBAC . If addiitonal RBAC required for 'Default Istio Ingress, then what are those if doccumented ?).

B. RBAC for Kubernetes will cover

1. RBAC for AKS (If Azure cluster requires us to do the RBAC for AKS)
2. RBAC for installation the Apigee Runtime (Required for Apigee Hybrid installation of both Stateless and Stateful.

Let me know, if any additional RBAC need to be considered ? or any of listed RBAC above, may not be applicable or duplicates ?