Skip to content

Commit 619e7d2

Browse files
authored
Update use-managed-identity.md
1 parent 946e59b commit 619e7d2

File tree

1 file changed

+6
-3
lines changed

1 file changed

+6
-3
lines changed

articles/aks/use-managed-identity.md

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -141,6 +141,7 @@ az aks show -g <RGName> -n <ClusterName> --query "identity"
141141
## Bring your own control plane MI
142142
A custom control plane identity enables access to be granted to the existing identity prior to cluster creation. This feature enables scenarios such as using a custom VNET or outboundType of UDR with a pre-created managed identity.
143143

144+
144145
You must have the Azure CLI, version 2.15.1 or later installed.
145146

146147
### Limitations
@@ -152,6 +153,11 @@ If you don't have a managed identity yet, you should go ahead and create one for
152153
az identity create --name myIdentity --resource-group myResourceGroup
153154
```
154155

156+
Azure CLI will automatically add required role assignment for control plane MI. If you are using ARM template or other clients, you need to create the role assignment manually.
157+
```azurecli-interactive
158+
az role assignment create --assignee <control-plane-identity-object-id> --role "Managed Identity Operator" --scope <kubelet-identity-resource-id>
159+
```
160+
155161
If your managed identity is part of your subscription, you can use [az identity CLI command][az-identity-list] to query it.
156162

157163
```azurecli-interactive
@@ -197,9 +203,6 @@ A Kubelet identity enables access to be granted to the existing identity prior t
197203
> Updating kubelet MI will upgrade Nodepool, which causes downtime for your AKS cluster as the nodes in the nodepools will be cordoned/drained and then reimaged.
198204
199205

200-
> [!NOTE]
201-
> For bring-your-own kubelet MI, Azure CLI will automatically add required role assignment for control plane MI. If you are using ARM template or other clients, you need to create the role assignment manually. It can be done using CLI command 'az role assignment create --assignee <control plane identity object id> --role "Managed Identity Operator" --scope <kubelet identity resource id>'
202-
203206
### Prerequisites
204207

205208
- You must have the Azure CLI, version 2.26.0 or later installed.

0 commit comments

Comments
 (0)