Hi, I'm trying to emulate

az aks create [...] --attach-acr $MYACR

where the cluster uses a managed identity instead of an explicit service principal. As far as I understand it, I need to add a

RoleAssignment

with

scope

=containerRegistryId and

roleDefinitionId

="AcrPull". RoleAssignment contains `principalId`(required) and

delegatedManagedIdentityResourceId

(optional). How do I fill these two fields? I'm guessing

delegatedManagedIdentityResourceId

should be the id of the AKS cluster, but what's the

principalId

if there is no principal?

Did you managed to solve it? Having the same issue.