No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hi, I’m trying to specify a specific user-assigned managed identity (that has KV rights) when creating an AKS cluster.  I know to use the azureKeyvaultSecretsProvider settings (via ManagedClusterAddonProfileArgs), but that only lets me set the Enabled and Config values - which results in the cluster creating its own managed identity for the secrets provider.  I want to provide my own where the RBAC in Azure is already set up.   Is it possible in to specify my own user assigned managed identity client id / object id during cluster creation time for the secrets store provider?

solved: I had assumed I needed to set KV rights on the user assigned identity that azure creates, not true - I simply created a SecretProviderClass in my cluster that made use of the existing identity that DID have rights to read from the key vault - worked first time.  Tadaaaaa