Allow the usage/creation of a User Managed Identity for AKS kubelet identity #551
Assignees
Labels
enhancement
New feature or request
good first issue
Good for newcomers
Keep Open
needs-discussion
An issue that needs a discussion with core maintainers to agree how to move forward
Comments
Gordonby
added
enhancement
|
I'd like to work on this one. @Gordonby we might need a discussion on the design part. I will reach out to you separately. |
|
Issue smells stale, no activity for 30 days. Stale Label will be removed if the issue is updated, otherwise closed in a month. |
github-actions
bot
added
the
stale
|
Issue smells stale, no activity for 30 days. Stale Label will be removed if the issue is updated, otherwise closed in a month. |
github-actions
bot
added
the
stale
|
I'll help pick this up. Initial thoughts
@iamvighnesh would you still like to work on this as well? |
github-actions
bot
added
Keep Open
and removed
stale
5 tasks
deepdolphin
added
the
needs-discussion
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
**Problem description
AKS supports multiple user managed identities, one of which is the kubelet identity.
A Kubelet identity enables access granted to the existing identity prior to cluster creation. This feature enables scenarios such as connection to ACR with a pre-created managed identity.
In this scenario AKS is going to use the User Managed Identity created prior to cluster setup in order to do ACR operations permitted with that specific identity.
**Solution description
As a user I would like to either be able to provide a User Managed Identity to the cluster setup process with necessary rights on ACR or have one created and assigned for me with the ability to choose the ACR rights to be assigned to the identity.
**Alternatives
As the documentation describes if the cluster is not created with a managed kubelet identity the user cannot assign one :
The text was updated successfully, but these errors were encountered: