iamvighnesh
commented
1 year ago I'd like to work on this one. @Gordonby we might need a discussion on the design part. I will reach out to you separately.
Open naioja opened 1 year ago
iamvighnesh
commented
1 year ago I'd like to work on this one. @Gordonby we might need a discussion on the design part. I will reach out to you separately.
github-actions[bot]
commented
1 year ago Issue smells stale, no activity for 30 days. Stale Label will be removed if the issue is updated, otherwise closed in a month.
github-actions[bot]
commented
1 year ago Issue smells stale, no activity for 30 days. Stale Label will be removed if the issue is updated, otherwise closed in a month.
JimPaine
commented
1 year ago I'll help pick this up.
Initial thoughts
@iamvighnesh would you still like to work on this as well?
deepdolphin
commented
8 months ago
**Problem description AKS supports multiple user managed identities, one of which is the kubelet identity.
A Kubelet identity enables access granted to the existing identity prior to cluster creation. This feature enables scenarios such as connection to ACR with a pre-created managed identity.
In this scenario AKS is going to use the User Managed Identity created prior to cluster setup in order to do ACR operations permitted with that specific identity.
**Solution description As a user I would like to either be able to provide a User Managed Identity to the cluster setup process with necessary rights on ACR or have one created and assigned for me with the ability to choose the ACR rights to be assigned to the identity.
**Alternatives As the documentation describes if the cluster is not created with a managed kubelet identity the user cannot assign one :