No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hello <@U03MKGMRSSX>, I saw your support email coming in, but I'll answer here so more people can see the answer. When looking at the <https://learn.microsoft.com/en-in/azure/azure-arc/kubernetes/quickstart-connect-cluster?tabs=azure-cli#connect-an-existing-kubernetes-cluster|Azure documentation>, this command seems to perform all-in one installation:
```az connectedk8s connect --name AzureArcTest1 --resource-group AzureArcTest```
My assumption for now that it contains the following steps:
• Creates a keypair
• Installs Helm locally
• Deploys the Helm chart for Arc Agent, feeding it the private key from the keypair
• Creates the ConnectedCluster resource on Azure, feeding it the public key from the keypair
I have been searching the docs today for the Arch Agent helm chart, but couldn't find it. If you can find it, then here is in short the Pulumi resources you can use to mimic that `az` CLI command:
• <https://www.pulumi.com/registry/packages/tls/api-docs/locallysignedcert/|tls.LocallySignedCert> (or another certificate source)
• <https://www.pulumi.com/registry/packages/kubernetes/api-docs/helm/v3/release/|kubernetes.helm.v3.Release> with the private key from the certificate in the input values (which doesn't need the Helm CLI)
• <https://www.pulumi.com/registry/packages/azure-native/api-docs/kubernetes/connectedcluster/|azure-native.kubernetes.ConnectedCluster> with the certificate as the `agentPublicKeyCertificate`
With the private part of the certificate in your cluster, and the public key on the Azure side, the agent arc pod(s) should be able to set up the connection.

Thank you <@UK4HNFLCB>!

MS tries to hide the helm repo and charts inside their az cli extension. In the end, it maps to: "<http://mcr.microsoft.com/azurearck8s/batch1/stable/azure-arc-k8sagents:1.10.6|mcr.microsoft.com/azurearck8s/batch1/stable/azure-arc-k8sagents:1.10.6>"