You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/aks/use-azure-ad-pod-identity.md
+5Lines changed: 5 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -181,8 +181,13 @@ The managed identity that will be assigned to the pod needs to be granted permis
181
181
To run the demo, the *IDENTITY_CLIENT_ID* managed identity must have Virtual Machine Contributor permissions in the resource group that contains the Virtual Machine Scale Set of your AKS cluster.
182
182
183
183
```azurecli-interactive
184
+
# Obtain the name of the resource group containing the Virtual Machine Scale set of your AKS cluster, commonly called the node resource group
184
185
NODE_GROUP=$(az aks show -g myResourceGroup -n myAKSCluster --query nodeResourceGroup -o tsv)
186
+
187
+
# Obtain the id of the node resource group
185
188
NODES_RESOURCE_ID=$(az group show -n $NODE_GROUP -o tsv --query "id")
189
+
190
+
# Create a role assignment granting your managed identity permissions on the node resource group
186
191
az role assignment create --role "Virtual Machine Contributor" --assignee "$IDENTITY_CLIENT_ID" --scope $NODES_RESOURCE_ID
0 commit comments