AKS with managed identity. Need Service Principal to automate deployment using bitbucket pipeline

0
votes

I have an AKS (Kubernetes cluster) created with a managed identity in Azure portal.

I want to automate deployment in the cluster using bitbucket pipelines. For this, it seems I need a service principal.

script:
  - pipe: microsoft/azure-aks-deploy:1.0.2
    variables:
      AZURE_APP_ID: $AZURE_APP_ID
      AZURE_PASSWORD: $AZURE_PASSWORD
      AZURE_TENANT_ID: $AZURE_TENANT_ID

Is there a way to get this from the managed identity? Do I need to delete the cluster and re-create it with service principal? Are there any other alternatives? Thanks!

1
azure-aks
Any updates on this question? Does it solve your problem?Charles Xu

1 Answers

0
votes

Unfortunately, the managed identity can only be used inside the Azure Resources. And it seems the bitbucket pipeline should have the service principal with enough permissions first to access the Azure, then it can manage the Azure resources. And for AKS, you can't change the managed identity that you enable it at the creation into service principal.

So finally, you need to delete the existing AKS cluster and recreate a new cluster with a service principal. Then you can use the same service principal to access Azure and manage the AKS cluster.