Allow the usage/creation of a User Managed Identity for AKS kubelet identity

[naioja]

**Problem description AKS supports multiple user managed identities, one of which is the kubelet identity.

• https://learn.microsoft.com/en-us/azure/aks/use-managed-identity#summary-of-managed-identities

A Kubelet identity enables access granted to the existing identity prior to cluster creation. This feature enables scenarios such as connection to ACR with a pre-created managed identity.

In this scenario AKS is going to use the User Managed Identity created prior to cluster setup in order to do ACR operations permitted with that specific identity.

**Solution description As a user I would like to either be able to provide a User Managed Identity to the cluster setup process with necessary rights on ACR or have one created and assigned for me with the ability to choose the ACR rights to be assigned to the identity.

**Alternatives As the documentation describes if the cluster is not created with a managed kubelet identity the user cannot assign one :

• https://learn.microsoft.com/en-us/azure/aks/use-managed-identity#limitations-1