This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 39%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECS%3C/text%3E%3C/svg%3E)
We are currently enabling Managed Identity on the AKS clusters which are SPN based for configuring Prometheus monitoring rules.
Regarding the MI enablement activity we have the below query, please help us with the solution:
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 86%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
Hi Chakraborty, Shubham,
Welcome to the Microsoft Q&A Platform. Thank you for posting your query here.
Based on your query, what I understand is that you are currently transitioning from SPN to MI. During this process, you want to know if there will be any downtime impact on CI/CD. Additionally, you would like to know where to check the related to specific changes logs if that is the case.
In the official documentation doesn’t specifically mention downtime during the transition, but it’s important to ensure that everything is properly configured before making the switch. This includes setting up the necessary permissions and roles for the Managed Identity. As long as the CI/CD pipeline is updated to authenticate using Managed Identity, and all required roles are in place, the transition should cause minimal disruption. To minimize risks, it's a good idea to test the Managed Identity authentication in a staging environment before applying the change in production. This will help ensure the pipeline can authenticate and interact with Azure resources without issues.
Regarding the log while the documentation doesn’t explicitly mention logs for this specific changeover related to SPN to MI, you can use Azure Activity Logs and Azure Monitor to track identity related activities and any access issues during the process. Azure Activity Logs will provide insights into role assignments and other identity-related actions, while Azure Monitor can help track metrics and logs related to the usage of Managed Identity within the AKS cluster.
Please refer below document for more information. If you are already familiar with it, that's great.
Use a managed identity in Azure Kubernetes Service (AKS)
If you need any additional information, please let us know by tagging me in a comment, and we will be happy to help as needed
If you found this information helpful, please click an accepting the answer and "Upvote" on my post for other community members reference
Hi Chakraborty, Shubham,
Any update on my previous answer, please let us know. feel free to ask any other information do you need we are happy to help you.!
If this answer was useful to you, kindly accept it and give it an upvote so others can benefit from it as well.