wooden-receptionist-75654
11/08/2021, 10:43 AMerror: Code="CustomKubeletIdentityMissingPermissionError" Message="The cluster user assigned identity must be given permission to assign kubelet identity...
even so I have dependency on it.
I have something like this in my code:
const cpIdentity = new managedidentity.UserAssignedIdentity("controlPlaneIdentity", {
location: `${location}`,
resourceGroupName: resourceGroup.name,
resourceName: `${controlPlaneIdentity}`,
});
const kubeletIdentity = new managedidentity.UserAssignedIdentity("kubeletIdentity", {
location: config.location,
resourceGroupName: resourceGroup.name,
resourceName: `${kubeletIdentity}`,
});
const identityRoleAssignment = new authorization.RoleAssignment("controlPlane-ManagedIdentityOperator", {
principalId: cpIdentity.principalId,
principalType: "ServicePrincipal",
roleDefinitionId: `/subscriptions/${config.subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/${config.managedIdentityOperatorId}`,
scope: resourceGroup.id,
});
const cluster = new containerservice.ManagedCluster(
"aks-cluster",
{
...
identity: {
type: "UserAssigned",
userAssignedIdentities: cpIdentity.id.apply((id) => {
const dict: { [key: string]: any } = {};
dict[id] = {};
return dict;
}),
},
identityProfile: {
kubeletidentity: {
clientId: kubeletIdentity.clientId,
resourceId: kubeletIdentity.id,
objectId: kubeletIdentity.principalId,
},
},
....
},
{ dependsOn: [cpIdentity] }
);
Second re-run successfully deploy cluster.
Is there any wait to build a proper dependency on it?great-breakfast-56601
11/08/2021, 11:25 AMwooden-receptionist-75654
11/08/2021, 12:12 PM