Open anurag4516 opened 3 years ago
Hi anurag4516, AKS bot here :wave: Thank you for posting on the AKS Repo, I'll do my best to get a kind human from the AKS team to assist you.
I might be just a bot, but I'm told my suggestions are normally quite good, as such: 1) If this case is urgent, please open a Support Request so that our 24/7 support team may help you faster. 2) Please abide by the AKS repo Guidelines and Code of Conduct. 3) If you're having an issue, could it be described on the AKS Troubleshooting guides or AKS Diagnostics? 4) Make sure your subscribed to the AKS Release Notes to keep up to date with all that's new on AKS. 5) Make sure there isn't a duplicate of this issue already reported. If there is, feel free to close this one and '+1' the existing issue. 6) If you have a question, do take a look at our AKS FAQ. We place the most common ones there!
Hey there, thanks for getting in touch. Can I delve a little bit more into what you would want to do with the VMSS ID/name after you have it? Direct work on the MC_ resource group isn't the best way to interact with the resources we spin up for AKS within your subscription
Hi @justindavies . We are creating AKS via terraform , and using VMSS as nodepool client . We are using Terraform as IAAC to codify Infra . After creation of AKS we want to monitor VMSS + attach user-assigned identities to it . As VMSS ID is not exposed , terraform is not able to fetch this ID and expose it so that we can retrieve it further for enhancements . Kindly refer following
/subscribe!
I was involved in the original discussion and curious if BYO kubelet identity solves already half of the requirements of @anurag4516
Hi @aristosvo I have 2 issues a) After creation of AKS we want to monitor VMSS b) attach user-assigned identities to it
Part A cannot be solved via BYO Identity
Though b part can be solved partially via BYO Identity , But we have different use-case , at beginning of cluster creation itself we are not aware of how many Identities we need to add to it . Depending on requirement we add identities to VMSS so we need to have id of VMSS ( Particularly we want specific managed Identity to have access to specific key-vaults for security purpose we cannot give access to single managed identity permission to all vaults ) and for this we need some Identification of VMSS from AKS side .
Action required from @Azure/aks-pm
Hi @anurag4516,
We are looking into this requirement, but using the VMSS API directly will always put the cluster in an unsupported state. To monitor AKS via the infra or the containers, you should use container native solutions such as Azure Monitor or any third party solution that monitors both the container metrics as well as the infrastructure.
You might want to take a look at our feature pod identity
Action required from @Azure/aks-pm
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
I have a use case for this to install extensions for the VMSS backing the node pool, is there an alternative for that without knowing the VMSS id?
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Please provide update.
We try to configure CSI from official Microsoft documentation: https://learn.microsoft.com/en-us/azure/aks/csi-secrets-store-identity-access#use-a-user-assigned-managed-identity
We are unable to do it without vmss id.
We have opened support ticket: TrackingID#2211140050001692
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
Issue needing attention of @Azure/aks-leads
What happened: I was trig to get name of VMSS created via AKS which was created via terraform
What you expected to happen: VMSS Name/ID is not exposed via AKS as per below link and comment https://github.com/terraform-providers/terraform-provider-azurerm/issues/6217#:~:text=At%20this%20time%20AKS%20doesn%27t%20expose%20the%20ID%20of%20the%20VM%20Scale%20Set%20being%20used%20-%20as%20such%20before%20we%27d%20be%20able%20to%20expose%20this%20information%20we%27d%20need%20the%20AKS%20Service%20to%20expose%20this%20information
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?:
Environment:
kubectl version
):