https://pulumi.com logo
Powered by
Title
w

wooden-receptionist-75654

09/14/2021, 8:16 AM
Hi Guys, I’ve provisioned AKS cluster with 
containerservice.ManagedCluster
with SystemAssigned MI. Something like: 
const cluster = new containerservice.ManagedCluster(managedClusterName, {
  ...
  identity: {
    type: "SystemAssigned",
  }
  ...
});
How can I get it 
principalId
for creating 
authorization.RoleAssignment
?
g

gentle-restaurant-16139

09/14/2021, 8:20 AM
Hi, you can create or get one from with 
azuread.ServicePrincipal
I think it also anwser the previous question from @wet-noon-14291 once you have your service principal you can assign the role ACRpull or the contributor role to the acr resource
👍 1
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
It work for me. But it is the bit weird when you create an aks from the portal it assign the contributor role and not the acrpull as it is written in the doc (🤷‍♂️ Microsoft mystery... )
t

tall-librarian-49374

09/14/2021, 8:33 AM
I remember doing this: https://github.com/mikhailshilkov/temporal-samples/blob/main/azure-aks/cluster.ts#L97
👍 1
w

wooden-receptionist-75654

09/14/2021, 5:51 PM
Thank guys, will try
3 Views
#azureJoin Slack
Powered by