system-assigned managed identity on an existing Azure VM - Where to find VM name?

Michael Schmidt Nissen 20 Reputation points
2023-01-20T10:26:23.0366667+00:00

Hi,
I have set up a kubernetes cluster in aks and now I want to connect it with an existing azure key vault using system-assigned managed identity. I am following the official guide, and I am stuck in the part where it says:

Important

Before you begin this step, enable system-assigned managed identity on your AKS cluster's VMs or scale sets.

When following the link, in the "Enable system-assigned managed identity on an existing Azure VM" section, I am asked to run the following command:

az vm identity assign -g myResourceGroup -n myVm

How do I find the myVm name? I have tried a number of possibilities to no avail and searched through aks for it without luck.

Cheers, Mike

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,355 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,231 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andrei Barbu 2,591 Reputation points Microsoft Employee
    2023-01-20T11:01:37.66+00:00

    Hello Mike!

    By default, AKS will create VMSS, not VMs. So unless you explicitly created the AKS cluster with Availability Set (--vm-set-type AvailabilitySet), you should look for VMSS.

    The VMSS of an AKS cluster is into its node / infrastructure resource group. To find that resource group you can run:
    az aks show -g <rg-name> -n <aks-name> --query "nodeResourceGroup" -o tsv

    Then to list the VMSS:

    az vmss list --resource-group <infra-rg-name>

    Or from Azure Portal, you can go to the AKS cluster -> Properties -> Infrastructure resource group -> here you will find the VMSS. Then here you can find the az vmss commands: [https://learn.microsoft.com/en-us/cli/azure/vmss?view=azure-cli-latest

    However, generally speaking, please note that AKS VMSS is managed by AKS so please read [https://learn.microsoft.com/en-us/azure/aks/support-policies#user-customization-of-agent-nodes before performing any customization at VMSS level.

    I hope this is helpful.

    Please "Accept as Answer" and Upvote if it helped, so that it can help others in the community looking for help on similar topics.

    Thank you!

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Adrian Dobrescu 266 Reputation points Microsoft Employee
    2023-01-20T10:58:50.9+00:00

    Hello Mike,

    When you create an AKS cluster, default identity is set to system-assigned managed identity.

    Regarding your query, where to find your VMSS/VMs name, from Azure portal - AKS overview level, navigate to Properties, click on Infrastructure resource group (MC one) and there you will find the VMSS instances within your cluster that you can use to query for identity name in order to set the Azure Key Vault as per in the official documentation: [https://learn.microsoft.com/en-us/azure/aks/csi-secrets-store-identity-access#use-a-system-assigned-managed-identity

    Please let me know if my understanding is correct, otherwise we can redefine it.

    Please "Accept as Answer" and Upvote if it helped, so that it can help others in the community looking for help on similar topics.

    Thank you!

    1 person found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.