Enable Pod Identities on AKS

This section will guide you though enabling the Pod identities feature on your AKS cluster which is necessary for running Arrikto Enterprise Kubeflow.

What You'll Need


  1. Register the EnablePodIdentityPreview feature:

    root@rok-tools:~# az feature register --name EnablePodIdentityPreview --namespace Microsoft.ContainerService
      "id": "/subscriptions/a8eb0222-2657-4a68-ae60-f06536139029/providers/Microsoft.Features/providers/Microsoft.ContainerService/features/EnablePodIdentityPreview",
      "name": "Microsoft.ContainerService/EnablePodIdentityPreview",
      "properties": {
        "state": "Registered"
      "type": "Microsoft.Features/providers/features"
  2. Wait for it to become Registered:

    root@rok-tools:~# az feature list -o table \
    >    --query "[?contains(name, 'Microsoft.ContainerService/EnablePodIdentityPreview')].{Name:name,State:properties.state}"
    Name                                                 State
    ---------------------------------------------------  ----------
    Microsoft.ContainerService/EnablePodIdentityPreview  Registered
  3. Refresh the registration of the corresponding resource provider:

    root@rok-tools:~# az provider register -n Microsoft.ContainerService
  4. Update your AKS cluster to enable Pod identities:

    root@rok-tools:~# az aks update \
    >    --resource-group ${AZ_RESOURCE_GROUP?} \
    >    --name ${AKS_CLUSTER?} \
    >    --enable-pod-identity


    The command failed with a 'Bad Request' error.

    If the command failed with the following message:

    Operation failed with status: 'Bad Request'. Details: PodIdentity addon requires managed identity.

    it means that you have not enabled managed identities on your AKS cluster. Make sure you have followed the Create AKS Cluster section.


You have successfully updated your AKS cluster to enable Pod Identities.

What's Next

The next step is to deploy Rok.