Hi there - I've been looking at Pulumi for a while and finally have an opportunity to use it for a meaningful project. However, I'm stuck and am chalking it up to being new and hoping someone help show me the light. I'm using 

Azure-Native

 and trying to create an AKS cluster. All is good, until I try to set up my 

PodIdentityProfile

. In the AZ CLI, PodIdentity is set up in a separate step, and the Pulumi Azure-Native resource seems to follow the same paradigm. However, I can't seem to figure out how to set up my 

UserAssignedIdentity

after my 

ManagedCluster

is created. I've tried 

GetManagedCluster

, but the profile is an 

ImmutableArray

. I've tried creating a new resource (using the same name and resource group) but get a conflict. Is there a recommended way to perform updates on existing resources? I'm looking through the Pulumi docs and don't really see this. I see how to create and destroy, but update isn't called out in many places. BTW, I'm using C# in my scripts. Thank you in advance for any guidance here!

PodIdentityProfile

seems to be a property of

ManagedCluster

. Why don’t you define it as part of the cluster definitions, similar to https://www.pulumi.com/docs/reference/pkg/azure-native/containerservice/managedcluster/#create-managed-cluster-with-podidentity-enabled ?

Hi @tall-librarian-49374. If I define my

PodIdentityProfile

as part of my

ManagedCluster

definition as such:

PodIdentityProfile = new ManagedClusterPodIdentityProfileArgs

{

  

Enabled = true,

  

UserAssignedIdentities = new ManagedClusterPodIdentityArgs

  

{

     

Identity = new UserAssignedIdentityArgs

     

{

       

ClientId = pod_identity.ClientId.Apply(id => id),

       

ObjectId = pod_identity.PrincipalId.Apply(id => id),

       

ResourceId = pod_identity.Id.Apply(id => id)

     

},

     

Name = "pod-id-tag",

     

Namespace = "pod-id"

}

},

I get the following error:

azure-native:containerservice:ManagedCluster (auto-aks):

error: Code="PodIdentityAddonUserAssignedIdentitiesNotAllowedInCreation" Message="PodIdentity addon does not support assigning pod identities on creation."

This lines up with the AZ CLI which first has me create the aks cluster with the

--enable-pod-identity

flag, and then use

az aks update

to actually set the pod identity info. I'm trying to figure out how to set my user identity for my pod identity, but can't seem to figure it out.

This doesn’t answer your question but I opened https://github.com/Azure/azure-rest-api-specs/issues/13417 to track a potential fix upstream

Thanks @tall-librarian-49374. I'll keep an eye on it. And just for my knowledge, since I'm new to Pulumi, what is the recommended approach if you need to update an existing resource in Pulumi? For example, if I decide to enable the cluster autoscaler after the cluster has been created? Thank you!

You change your program and run

pulumi up

again. Or did I misunderstand the question?

Thanks again @tall-librarian-49374 ... yes, that helps. Really appreciate the help here. Thank you!

did u solve the problem?

Yes, that did solve my problem. I ended up using some configuration to run my Stack, but only performing certain actions if it's a

create

versus an

update

.

aha ok! thnx!