Changing/set the location for aks_uai_name #378
Description
Is your feature request related to a problem? Please describe.
We are using the script with "BYO" options and private cluster. Network resources are provided by Azure admins in a separate Resource Group (<vnet_resource_group_name>) and the cluster is deployed into existing VNET with existing Subnets and Route Table. The issue is that the managed identity for aks needs contributor permissions on (some of) those objects.
When we use the <aks_uai_name>, the identity is supposed to be located in the VNET Resource Group. As this Resource Group should only contain networking resources we cannot create it there upfront.
Describe the solution you'd like
A possible solution could be to tell the script to look for the managed identity in the other Resource group, set by the <resource_group_name> variable.
Actually this is also where it is being created when <aks_uai_name> is not used.
Describe alternatives you've considered
Alternative is to create the identity in upfront in the <vnet_resource_group_name>
But it is against guidelines from the client.
Additional context
No response
Code of Conduct
- I agree to follow this project's Code of Conduct