Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
package-authoring
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
d
damp-honey-93158
03/20/2023, 8:16 PMHi, I’m trying to specify a specific user-assigned managed identity (that has KV rights) when creating an AKS cluster. I know to use the azureKeyvaultSecretsProvider settings (via ManagedClusterAddonProfileArgs), but that only lets me set the Enabled and Config values - which results in the cluster creating its own managed identity for the secrets provider. I want to provide my own where the RBAC in Azure is already set up. Is it possible in to specify my own user assigned managed identity client id / object id during cluster creation time for the secrets store provider?
solved: I had assumed I needed to set KV rights on the user assigned identity that azure creates, not true - I simply created a SecretProviderClass in my cluster that made use of the existing identity that DID have rights to read from the key vault - worked first time. Tadaaaaa