Hello 🙂 I'm working on Pulumi automation that successfully deploys private AKS cluster, I'd like to do some post-installation setup of K8S (ingress, certmanager, argo, etc). As this is private cluster API is not available in the Internet (I also create VPN VM to have manual access to vnet ). With

az cli

I'd do all necessary kubectl/helm commands using

az aks command invoke

and it works nice manually. I could not find method to start

command invoke

in

azure-native.containerservice

method set (similar to azure-native.compute.VirtualMachineRunCommandByVirtualMachine) . Do U know any other way how to do setup on private cluster or can provide some pro-tips? thanks 🙂

what api does

az aks command invoke

call?

POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/runCommand?api-version=2022-04-01

hmm that seems unique to azure, I'm not sure how you'd build a kubernetes provider to support that I'm afraid

well this is the trick. Thanks to having Azure is Proxy I can run command even on private cluster

you can run Pulumi commands through a proxy no problem, you just need to build one

sure; I was wondering if there is more straighforward way that I missed; thanks!

Depending on your CI/CD system, can do a private runner. Azure DevOps supports private runners on a scale set. If you don't want that much overhead then just do a manual deploy of Argo. After that Argo will kick in and bootstrap everything else. Side note, we use Pulumi Kubernetes operator for our gitops and no complaints.