[Feature] Provide existing Managed Identity to the Application Gateway AKS AddOn

Question

[Feature] Provide existing Managed Identity to the Application Gateway AKS AddOn

Gordonby opened this issue a year ago · 1 comments

Is your feature request related to a problem? Please describe.
AKS creates an identity when leveraging the Application Gateway AddOn.
aks.properties.addonProfiles.ingressApplicationGateway.identity.objectId

It doesn't seem possible to supply the details on an existing identity to the AddOn as part of creation.

Describe the solution you'd like
I want to avoid a new identity being created, I want to leverage an existing identity.

Therefore a mechanism to provide an identity in addition to the usual AddOn properties during AKS cluster creation would be my preferred solution;

ingressApplicationGateway: {
    enabled: true
    config: {
      applicationGatewayName: appgwName
      subnetCIDR: '10.225.0.0/16'
      //identity: existingManagedIdentity.principalId //SOMETHING LIKE THIS
    }
  }

Answer 1 · 2023-11-01T10:11:52.000Z

Hi,

I have a question related to this feature request.
There is an example in the ARM templates for the Application Gateway AKS, that shows that it is possible to set a user-managed identity. In all fairness, I was trying to set it but was not successful, there was always an extra identity created for it.

So does that mean that example doesn't work or that I don't understand it?

Example ingressApplicationGateway.identity.