Hi Guys, I’m using a

azure-native.containerservice

lib to create AKS cluster and I also would like deploy k8s RBAC objects with

kubernetes

lib. I have something like:

# Creating AKS
const cluster = new containerservice.ManagedCluster(...)

# Getting a kubectlconfig
const creds = pulumi.all([cluster.name, resourceGroup.name]).apply(([clusterName, rgName]) => {
  return containerservice.listManagedClusterUserCredentials({
      resourceGroupName: rgName,
      resourceName: clusterName,
  });
});
const encoded = creds.kubeconfigs[0].value;
const kubeconfig = encoded.apply(enc => Buffer.from(enc, "base64").toString());

# Creating provider
const aksProvider = new k8s.Provider("aks", {
  kubeconfig: kubeconfig
})
# And deploying a role
const devsGroupRole = new k8s.rbac.v1.Role("pulumi-devs",{...},  {provider: aksProvider})

And it appears that

kubeconfig

is required

browser-based authentication

for first time. I got

To sign in, use a web browser to open the page <https://microsoft.com/devicelogin>

I have tried it with user auth (az login) and got the same in CI with Service Principal. Is there any way to skip it?

Use the admin user function, not

listManagedClusterUserCredentials

Thanks!