[Feedback] Error handling could be better when adding flux to a Service Principle AKS

[vanhoutenbos]

Describe your scenario We have deployed a Service principle based AKS cluster, at design we didnt know that flux needed a SystemAssigned identity. When trying to add flux (using terraform) we got the following error;

Unable to create identity for extension on AKS cluster. Please delete the extension and try again in some time., For general troubleshooting visit: https://aka.ms/k8s-extensions-TSG

In the document there is nothing reflecting the fact that AKS + Flux needs to be SystemAssigned Identity.

Feedback Can you improve the error handling a bit? we only found out when we deleted the extension and noticed the AKS UI (azure) showing is the text that Service Principle is not supported.

[philwelz]

Hey, this is documented here

An MSI-based AKS cluster that's up and running.

BTW: All new clusters should be set-up with managed identity as Service principle based AKS cluster are kinda legacy.

I will close the issue. Feel free to re-open.

[vanhoutenbos]

Ah my apologies, i see it is documented! I followed the terraform flow but it seems like they still need an update for this part, thank you for the detailed answer!