Open MitchellGerdisch opened 2 years ago
At the moment the self-hosted installers for AKS use Azure AD service principal as identity. Service principals have several known limitations:
@MitchellGerdisch this seems like a good idea, however, is it clear how the Pulumi Service would assume/obtain the managed credentials needed to interact w/ Azure services? Currently, those values are being passed to the API deployment.
My concern is the managed credentials need to be refreshed periodically and the API would need to be aware of that.
Hello!
Issue details
Some users do not have permission to create AD service principals and instead the organization uses Azure managed identity. The AKS installation should support Azure managed identity as an option.
Affected area/feature
AKS Self-Hosted Installer