how to check whether RBAC is enabled, using kubectl

You can check this by executing the command kubectl api-versions; if RBAC is enabled you should see the API version .rbac.authorization.k8s.io/v1.

In AKS, the best way is to check the cluster's resource details at resources.azure.com.If you can spot "enableRBAC": true, your cluster has RBAC enabled.Please note that existing non-RBAC enabled AKS clusters cannot currently be updated for RBAC use. (thanks @DennisAmeling for the clarification)

I wish there was a better way but what I use is:

$ kubectl cluster-info dump | grep authorization-mode

If you can execute it you should either see RBAC listed there or not, and if you don't have the permissions to do it, well, chances are that RBAC is enabled.

For Azure (AKS) this is a bit more tricky. While the kubectl api-versions command indeed returns rbac.authorization.k8s.io/v1, the kubectl get clusterroles command doesn't return the default system: prefixed roles.

The best way to check for AKS is to check the cluster's resource details, e.g. at resources.azure.com. If "enableRBAC": true, your cluster has RBAC enabled. Existing non-RBAC enabled AKS clusters cannot currently be updated for RBAC use. So if you want to enable RBAC on AKS, you'll have to create a new cluster.