has anyone successfully added their own user assigned manage Pulumi Community #azure

has anyone successfully added their own user assig...

damp-honey-93158

07/01/2022, 3:02 PM

has anyone successfully added their own user assigned managed identity to an AKS cluster, if so - how'd you go about it? I figured it might be the "IdentityProfile" property of the ManagedCluster object - but I'm not sure what to populate that with. I've got the object and client ID of the UserAssignedManagedIdentity - just don't know where to inject/throw it 🙂

tall-librarian-49374

07/01/2022, 3:04 PM

It’s tricky right now but here is an example: https://github.com/pulumi/pulumi-azure-native/issues/812#issuecomment-842456058

👍 1

boundless-oxygen-92214

07/01/2022, 3:39 PM

Is there a reason why the ARM templates are so wonky for these user assigned managed identities? I checked out the ARM template and yes the API matches the ARM template but why does the template have this wonky K/V entry for this config?

tall-librarian-49374

07/01/2022, 6:33 PM

🤷 that I don’t know. I think they tried to mimic the output data structure that does return some data per each item in the map. But no data was needed in the input side, so they just kept a map of keys with no values.

boundless-oxygen-92214

07/01/2022, 6:35 PM

well that's just rude

damp-honey-93158

07/01/2022, 6:55 PM

Trying it now - thanks so much for the hint - I'd never have come up with that... magic... on my own 🙂

damp-honey-93158

07/01/2022, 6:56 PM

Would I have to give the user assigned identity Network Contributor access myself to the underlying VM network that gets created? That was mentioned somewhere in the docs...

damp-honey-93158

07/04/2022, 7:25 PM

I've been at this for a day or so now - and I'm not progressing so well. I've applied my user assigned managed identity into the dictionary, the pulumi up runs - but the scale set doesn't associate with the identity. No error being thrown either. My approach has been to pass in the full ID of the managed identity (/subscriptions/xxxx/.../providers/Microsoft.ManagedIdentity/userAssignedIdentities/<name>).

Copy code

var identityArgsValue = new ManagedClusterIdentityArgs()
{
    Type = ResourceIdentityType.SystemAssigned
};

if (userAssignedManagedIdent != null)
{
    identityArgsValue = new ManagedClusterIdentityArgs()
    {
        Type = ResourceIdentityType.UserAssigned,
        UserAssignedIdentities = userAssignedManagedIdent.Apply(id =>
        {
            var im = new Dictionary<string, object>()
            {
                {
                    id, new Dictionary<string, object>()
                } 
            };

            return im;
        })
    };
}

Any ideas why this wouldn't take?

damp-honey-93158

08/19/2022, 6:58 AM

For anyone interested in the future - I succeeded with this

mammoth-agency-10350

10/15/2022, 12:10 AM

TY. I was on the struggle bus on this and found your example here.

7 Views

Open in Slack

Previous Next