AKS Service should expose VMSS ID /Name Created . So that we can codify

[anurag4516]

What happened: I was trig to get name of VMSS created via AKS which was created via terraform

What you expected to happen: VMSS Name/ID is not exposed via AKS as per below link and comment https://github.com/terraform-providers/terraform-provider-azurerm/issues/6217#:~:text=At%20this%20time%20AKS%20doesn%27t%20expose%20the%20ID%20of%20the%20VM%20Scale%20Set%20being%20used%20-%20as%20such%20before%20we%27d%20be%20able%20to%20expose%20this%20information%20we%27d%20need%20the%20AKS%20Service%20to%20expose%20this%20information

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know?:

Environment:

• Kubernetes version (use kubectl version):
• Size of cluster (how many worker nodes are in the cluster?)
• General description of workloads in the cluster (e.g. HTTP microservices, Java app, Ruby on Rails, machine learning, etc.)
• Others:

[ghost]

Hi anurag4516, AKS bot here :wave: Thank you for posting on the AKS Repo, I'll do my best to get a kind human from the AKS team to assist you.

I might be just a bot, but I'm told my suggestions are normally quite good, as such: 1) If this case is urgent, please open a Support Request so that our 24/7 support team may help you faster. 2) Please abide by the AKS repo Guidelines and Code of Conduct. 3) If you're having an issue, could it be described on the AKS Troubleshooting guides or AKS Diagnostics? 4) Make sure your subscribed to the AKS Release Notes to keep up to date with all that's new on AKS. 5) Make sure there isn't a duplicate of this issue already reported. If there is, feel free to close this one and '+1' the existing issue. 6) If you have a question, do take a look at our AKS FAQ. We place the most common ones there!

[justindavies]

Hey there, thanks for getting in touch. Can I delve a little bit more into what you would want to do with the VMSS ID/name after you have it? Direct work on the MC_ resource group isn't the best way to interact with the resources we spin up for AKS within your subscription

[anurag4516]

Hi @justindavies . We are creating AKS via terraform , and using VMSS as nodepool client . We are using Terraform as IAAC to codify Infra . After creation of AKS we want to monitor VMSS + attach user-assigned identities to it . As VMSS ID is not exposed , terraform is not able to fetch this ID and expose it so that we can retrieve it further for enhancements . Kindly refer following

https://github.com/terraform-providers/terraform-provider-azurerm/issues/6217#:~:text=At%20this%20time%20AKS%20doesn%27t%20expose%20the%20ID%20of%20the%20VM%20Scale%20Set%20being%20used%20-%20as%20such%20before%20we%27d%20be%20able%20to%20expose%20this%20information%20we%27d%20need%20the%20AKS%20Service%20to%20expose%20this%20information

[aristosvo]

/subscribe!

I was involved in the original discussion and curious if BYO kubelet identity solves already half of the requirements of @anurag4516

[anurag4516]

Hi @aristosvo I have 2 issues a) After creation of AKS we want to monitor VMSS b) attach user-assigned identities to it

Part A cannot be solved via BYO Identity

Though b part can be solved partially via BYO Identity , But we have different use-case , at beginning of cluster creation itself we are not aware of how many Identities we need to add to it . Depending on requirement we add identities to VMSS so we need to have id of VMSS ( Particularly we want specific managed Identity to have access to specific key-vaults for security purpose we cannot give access to single managed identity permission to all vaults ) and for this we need some Identification of VMSS from AKS side .

[ghost]

Action required from @Azure/aks-pm

[qpetraroia]

Hi @anurag4516,

We are looking into this requirement, but using the VMSS API directly will always put the cluster in an unsupported state. To monitor AKS via the infra or the containers, you should use container native solutions such as Azure Monitor or any third party solution that monitors both the container metrics as well as the infrastructure.

You might want to take a look at our feature pod identity

[ghost]

Action required from @Azure/aks-pm

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[brianwentz]

I have a use case for this to install extensions for the VMSS backing the node pool, is there an alternative for that without knowing the VMSS id?

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[pszypowicz]

Please provide update.

We try to configure CSI from official Microsoft documentation: https://learn.microsoft.com/en-us/azure/aks/csi-secrets-store-identity-access#use-a-user-assigned-managed-identity

We are unable to do it without vmss id.

We have opened support ticket: TrackingID#2211140050001692

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[microsoft-github-policy-service[bot]]

Issue needing attention of @Azure/aks-leads

[microsoft-github-policy-service[bot]]

Issue needing attention of @Azure/aks-leads

[microsoft-github-policy-service[bot]]

Issue needing attention of @Azure/aks-leads

[microsoft-github-policy-service[bot]]

Issue needing attention of @Azure/aks-leads

[microsoft-github-policy-service[bot]]

Issue needing attention of @Azure/aks-leads