[Bug]: Expose VMSS and NSG IDs from AKS node resource group

[nikbanerjee-unity]

Is there an existing issue for this?

• I have searched the existing issues

Affected Resource(s)

containerservice.azure.upbound.io/v1beta1 - KubernetesCluster
network.azure.upbound.io/v1beta1 - SecurityRule

Resource MRs required to reproduce the bug

No response

Steps to Reproduce

1. Create an AKS cluster using the KubernetesCluster resource
2. Attempt to add a SecurityRule to the NSG for that cluster

I at least found that this was not possible because we have no reference to the NSG

What happened?

When an AKS cluster is created, it automatically creates a node resource group and several resources within that resource group (e.g. network security group, VM scale set, etc.). These are created by Azure, so not linked to Managed Resources, and dynamic, in that they are created after the cluster is and importantly, their name also contains random characters.

I can see that other resources, such as the managed identity and the public IP address in the node resource group are exposed in the status, but the VMSS and the NSG are not. Could we please add these to the status.atProvider for the KubernetesCluster, so that we can reference it when creating a new SecurityRule. Thanks.

Relevant Error Output Snippet

No response

Crossplane Version

1.16.0

Provider Version

1.6.1

Kubernetes Version

1.30

Kubernetes Distribution

AKS

Additional Info

No response