Added UI & BiCep update for issue 551.

[deepdolphin]

PR Summary

Added UI & Bicep updates to address issue #551. Currently no UI web tests.

PR Checklist

• [ ] PR has a meaningful title
• [ ] Summarized changes
• [ ] This PR is ready to merge and is not Work in Progress
• [ ] Link to a filed issue
• [ ] Screenshot of UI changes (if PR includes UI changes)

[deepdolphin]

TODO: Discuss how/when we run/fix this.

You will probably receive an error when you try to deploy using this new option because the User Identity that gets created during the running of the main Bicep needs access over the pre-existing User Identity that you want to run the Kublet under. As you don't know the GUID of the new identity, you can't assign it rights over your existing User Identity.

1. You will need to deploy the template as normal then wait for an error which states that the "Managed Identity Operator" role is missing
2. Grant the newly created managed identity used by AKS for control plane access (to change the MC_* resource group) the role of "Managed Identity Operator" over the Kublet managed identity.

   az role assignment create --assignee '<controlplaneGUID>' --role "Managed Identity Operator" --scope '/subscriptions/<someguid>/resourcegroups/<rgname>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<kubeletidentityname>'

3. Rerun the deployment template again.

Reference: https://learn.microsoft.com/en-us/azure/aks/use-managed-identity#add-role-assignment

[github-actions[bot]]

PR smells stale, no activity for 30 days. Stale Label will be removed if the PR is updated, otherwise closed in a month.