I have an existing AKS cluster configured using TF. It creates a SPN, AKS CLuster and at last assigns AcrPull RBAC on the SPN.
But now, I am refactoring it to use userassigned MI. TF Azure provider docs state that switching from SPN to MI is supported. But, when I tried that, I am unable to assign RBAC on kubelet_identity as the collection is empty. I need to be able to assign AcrPull on kubelet_identity on ACR.
Is this supported?
I am assuming kubelet_identity does not get created when switching to use MI until the nodepool is upgraded and therefore not possible to continue RBAC assignments until nodepool is upgraded?