https://pulumi.com logo
Title
w

wooden-receptionist-75654

10/25/2021, 2:29 PM
Hi Guys, I’m using a
azure-native.containerservice
lib to create AKS cluster and I also would like deploy k8s RBAC objects with
kubernetes
lib. I have something like:
# Creating AKS
const cluster = new containerservice.ManagedCluster(...)

# Getting a kubectlconfig
const creds = pulumi.all([cluster.name, resourceGroup.name]).apply(([clusterName, rgName]) => {
  return containerservice.listManagedClusterUserCredentials({
      resourceGroupName: rgName,
      resourceName: clusterName,
  });
});
const encoded = creds.kubeconfigs[0].value;
const kubeconfig = encoded.apply(enc => Buffer.from(enc, "base64").toString());

# Creating provider
const aksProvider = new k8s.Provider("aks", {
  kubeconfig: kubeconfig
})
# And deploying a role
const devsGroupRole = new k8s.rbac.v1.Role("pulumi-devs",{...},  {provider: aksProvider})
And it appears that
kubeconfig
is required
browser-based authentication
for first time. I got
To sign in, use a web browser to open the page <https://microsoft.com/devicelogin>
I have tried it with user auth (az login) and got the same in CI with Service Principal. Is there any way to skip it?
g

great-breakfast-56601

10/26/2021, 12:54 PM
Use the admin user function, not
listManagedClusterUserCredentials
1
w

wooden-receptionist-75654

10/26/2021, 4:49 PM
Thanks!