Support for AAD integration for RBAC Enabled K8s Clusters

[WonderPanda]

I've been attempting to see if it's possible to provision an AKS cluster using Pulumi that would be able to integrate properly with AAD as outlined in the Microsoft Docs.

Using the Pulumi Typescript SDK it doesn't appear that the necessary configuration for the aadProfile is currently exposed. After creating the cluster with RBAC enabled and inspecting the generated resource on Azure there is no configuration setting for aadProfile and attempting to add it manually after the fact with something like this:

"aadProfile": {
 "clientAppID": "7ee598bb-0000-0000-0000-83692e2d717e",
 "serverAppID": "7ee598bb-0000-0000-0000-83692e2d717e",
 "tenantID": "72f988bf-0000-0000-0000-2d7cd011db47"
}

returns an error message that the propery cannot be changed:

{
  "code": "PropertyChangeNotAllowed",
  "message": "Changing property 'aadProfile' is not allowed.",
  "target": "aadProfile"
}

Are there plans to be able to support this scenario in the near future?

[lukehoban]

I believe this is ultimately hashicorp/terraform-provider-azurerm#1429 in the upstream Azure Terraform provider.

[WonderPanda]

@lukehoban Thanks for looking it, definitely looks like the issue you linked is the underlying blocker although it appears to be close to getting merged so fingers crossed that we can see this in Pulumi soon.

Is there any support currently to be able to "bind" a Pulumi stack to existing cloud infrastructure? I know from the Kubernetes examples that I could create the cluster manually and then use Pulumi to connect to it and deploy K8S resources but it would be cool to still be able to use Pulumi for things like scaling the node count in the cluster after the fact as a workaround to this issue being resolved

[lukehoban]

This is supported now in latest releases.