https://pulumi.com
Join Slack
Hi, I'm struggling with programmatically getting the identity of an aks cluster identity - I need to...
# azure
l
Hi, I'm struggling with programmatically getting the identity of an aks cluster identity - I need to add some more permissions to it. It does not match the aks cluster name, and I can't seem to find any "link" between them. Anyone found a way?
This was much harder than I thought It would be. Trying with :
Copy code
var lookupManagedCluster = GetManagedCluster.Invoke(new GetManagedClusterInvokeArgs
        {
            ResourceGroupName = rgName,
            ResourceName = cluster.Name
        });

        
        var kubernetesIdentityNetworkRoleAssignment = new RoleAssignment("kubernetesIdentityNetworkRoleAssignment", new RoleAssignmentArgs
        {
            PrincipalId = lookupManagedCluster.Apply(c => c.Identity.PrincipalId),
            PrincipalType = PrincipalType.ServicePrincipal,
            // "network contributor"
            RoleDefinitionId = C.AzureNetworkContributorRoleId,
            // Cluster needs access to network in order to provision extra load balancers
            Scope = $"/subscriptions/{currentSubscription}/resourceGroups/{networkResourceGroup}",
        });
but the PrincipalId is always null - that could be a bug in the containerservice thing I guess. Hm. Tricky this.
f
I dont use AKS, but the normal Azure rules might apply. Did you assign a System Assigned identity to the cluster when you created it? If you didn’t say it should have an identity, it won’t get one.
l
I did. I realized I can pull the ID from that obj xt, not the cluster. Still feeling like there's a bug here - what I'm trying to do should be possible
f
Part of the structure in Azure is because it has to be there for historical reasons and part of it depends on how they decided to implement it. It’s a mess
l
So it could be an Azure bug? Thanks!
2 Views
Open in Slack
PreviousNext
Powered by

Pulumi Community

No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Powered by