01 Run aks update command (OSX/Linux/UNIX) using the name of the AKS cluster that you want to update as the identifier parameter to update the selected cluster to use a user-assigned managed identity in control plane. Specify the ID of your user-assigned identity as value for the --assign-identity command parameter:
az aks update
--name cc-project5-aks-cluster
--resource-group cloud-shell-storage-westeurope
--enable-managed-identity
--assign-identity /subscriptions/abcd1234-abcd-1234-abcd-1234abcd1234/resourcegroups/MC_cloud-shell-storage-westeurope_cc-project5-aks-cluster_westeurope/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cc-project5-aks-cluster-manager
02 The aks update command request should ask for your confirmation. Press y to confirm:
Your cluster is already using systemassigned managed identity, and you are going to update the cluster to use userassigned managed identity.
Are you sure you want to perform this operation? (y/N): y
03 Once the update process is completed, the command output should return the information available for the modified AKS cluster:
{
"aadProfile": null,
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"config": null,
"enabled": false,
"identity": null
},
"azurepolicy": {
"config": null,
"enabled": false,
"identity": null
}
},
"apiServerAccessProfile": null,
"autoUpgradeProfile": {
"upgradeChannel": "none"
},
"identity": {
"principalId": null,
"tenantId": null,
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/abcd1234-abcd-1234-abcd-1234abcd1234/resourcegroups/MC_cloud-shell-storage-westeurope_cc-project5-aks-cluster_westeurope/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cc-project5-aks-cluster-manager": {
"clientId": "1234abcd-abcd-1234-abcd-abcd1234abcd",
"principalId": "abcd1234-abcd-1234-abcd-1234abcd1234"
}
}
},
"azureMonitorProfile": null,
"currentKubernetesVersion": "1.26.3",
"disableLocalAccounts": false,
"diskEncryptionSetId": null,
"dnsPrefix": "cc-project5-aks-cluster-dns",
"enablePodSecurityPolicy": null,
"enableRbac": true,
"extendedLocation": null,
"fqdn": "cc-project5-aks-cluster-dns-abcd1234.hcp.westeurope.azmk8s.io",
"fqdnSubdomain": null,
"httpProxyConfig": null,
"kubernetesVersion": "1.26.3",
"linuxProfile": null,
"location": "westeurope",
"maxAgentPools": 100,
"name": "cc-project5-aks-cluster",
"nodeResourceGroup": "MC_cloud-shell-storage-westeurope_cc-project5-aks-cluster_westeurope",
"oidcIssuerProfile": {
"enabled": false,
"issuerUrl": null
},
"podIdentityProfile": null,
"powerState": {
"code": "Running"
},
"privateFqdn": null,
"privateLinkResources": null,
"provisioningState": "Succeeded",
"publicNetworkAccess": null,
"resourceGroup": "cloud-shell-storage-westeurope",
"securityProfile": {
"azureKeyVaultKms": null,
"defender": null,
"imageCleaner": null,
"workloadIdentity": null
},
"servicePrincipalProfile": {
"clientId": "msi",
"secret": null
},
"sku": {
"name": "Base",
"tier": "Free"
},
"storageProfile": {
"blobCsiDriver": null,
"diskCsiDriver": {
"enabled": true
},
"fileCsiDriver": {
"enabled": true
},
"snapshotController": {
"enabled": true
}
},
"supportPlan": "KubernetesOfficial",
"systemData": null,
"tags": null,
"type": "Microsoft.ContainerService/ManagedClusters",
"windowsProfile": null,
"workloadAutoScalerProfile": {
"keda": null
}
}
04 Repeat steps no. 1 – 3 for each Azure Kubernetes Service cluster that you want to update, available within the current subscription.
05 Repeat steps no. 1 – 4 for each subscription created in your Microsoft Azure cloud account.