[AKS] Support update kubelet identity

[norshtein]

---

This checklist is used to make sure that common guidelines for a pull request are followed.

General Guidelines

• Have you run azdev style <YOUR_EXT> locally? (pip install azdev required)
• Have you run python scripts/ci/test_index.py -q locally?

For new extensions:

• My extension description/summary conforms to the Extension Summary Guidelines.

About Extension Publish

There is a pipeline to automatically build, upload and publish extension wheels.
Once your PR is merged into master branch, a new PR will be created to update src/index.json automatically.
The precondition is to put your code inside this repo and upgrade the version in the PR but do not modify src/index.json.

[yonzhan]

AKS

[PixelRobots]

Are we sure this is the right command?

[FumingZhang]

LGTM

[zhoxing-ms]

May I ask what's the difference between kubelet identity and managed identity?

[norshtein]

kubelet identity is used by kubelet in agent node, its main purpose is authenticating to ACR to pull image from ACR;
--enable-managed-identity or --assign-identity refers to control plane identity, which is used by AKS managed master components such as kube-controller-manager, its main purpose is to authenticating to Azure to manage Azure resource, for example, when kube-controller-manager find it needs to update load balancer, it will authenticate using control plane identity to do the operation.

[FumingZhang]

As far as I know, there is a (managed or user assigned) identity used by the control plane (i.e., managed cluster) and another one (this kubelet identity) used by the nodes (mainly used for authentication when pulling image from acr).

[norshtein]

The live test failed because RP change is not rolled out to all regions

[norshtein]

Updated live test region to centraluseuap. Previous live test is done in westus2 staging env, prod env westus2 does not have this change yet.