Hi, I’m trying to specify a specific user-assigned managed identity (that has KV rights) when creating an AKS cluster. I know to use the azureKeyvaultSecretsProvider settings (via ManagedClusterAddonProfileArgs), but that only lets me set the Enabled and Config values - which results in the cluster creating its own managed identity for the secrets provider. I want to provide my own where the RBAC in Azure is already set up. Is it possible in to specify my own user assigned managed identity client id / object id during cluster creation time for the secrets store provider?
solved: I had assumed I needed to set KV rights on the user assigned identity that azure creates, not true - I simply created a SecretProviderClass in my cluster that made use of the existing identity that DID have rights to read from the key vault - worked first time. Tadaaaaa