Skip to content

Commit 0d6352e

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #276494 from JnHs/jh-arck8-rbc3
update command
2 parents b91363d + 8e5fad5 commit 0d6352e

File tree

1 file changed

+5
-6
lines changed

1 file changed

+5
-6
lines changed

articles/azure-arc/kubernetes/azure-rbac.md

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
---
22
title: "Azure RBAC on Azure Arc-enabled Kubernetes clusters"
3-
ms.date: 05/22/2024
3+
ms.date: 05/28/2024
44
ms.topic: how-to
55
ms.custom: devx-track-azurecli
66
description: "Use Azure RBAC for authorization checks on Azure Arc-enabled Kubernetes clusters."
@@ -43,17 +43,16 @@ For a conceptual overview of this feature, see [Azure RBAC on Azure Arc-enabled
4343
az connectedk8s show -g <resource-group> -n <connected-cluster-name>
4444
```
4545

46-
1. Get the ED (`identity.principalId`) from the output and run the following command to assign the **Connected Cluster Managed Identity CheckAccess Reader** role to the cluster MSI:
46+
1. Get the ID (`identity.principalId`) from the output and run the following command to assign the **Connected Cluster Managed Identity CheckAccess Reader** role to the cluster MSI:
4747

4848
```azurecli
4949
az role assignment create --role "Connected Cluster Managed Identity CheckAccess Reader" --assignee "<Cluster MSI ID>" --scope <cluster ARM ID>
5050
```
5151

52-
5352
1. Enable Azure role-based access control (RBAC) on your Azure Arc-enabled Kubernetes cluster by running the following command:
5453

5554
```azurecli
56-
az connectedk8s enable-features -n <clusterName> -g <resourceGroupName> --features azure-rbac --app-id "${SERVER_APP_ID}" --app-secret "${SERVER_APP_SECRET}"
55+
az connectedk8s enable-features -n <clusterName> -g <resourceGroupName> --features azure-rbac
5756
```
5857

5958
> [!NOTE]
@@ -344,12 +343,12 @@ Using a shared kubeconfig requires slightly different steps depending on your Ku
344343
sudo chmod +x /usr/local/bin/kubelogin
345344
```
346345

347-
1. [Convert](https://azure.github.io/kubelogin/cli/convert-kubeconfig.html) the kubelogin to use the appropriate [login mode](https://azure.github.io/kubelogin/concepts/login-modes.html). For example, for [device code login](https://azure.github.io/kubelogin/concepts/login-modes/devicecode.html) with a Microsoft Entra user, the commands would be as follows:
346+
1. [Convert](https://azure.github.io/kubelogin/concepts/azure-arc.html) the kubelogin to use the appropriate [login mode](https://azure.github.io/kubelogin/concepts/login-modes.html). For example, for [device code login](https://azure.github.io/kubelogin/concepts/login-modes/devicecode.html) with a Microsoft Entra user, the commands would be as follows:
348347

349348
```bash
350349
export KUBECONFIG=/path/to/kubeconfig
351350
352-
kubelogin convert-kubeconfig
351+
kubelogin convert-kubeconfig --pop-enabled --pop-claims 'u=<ARM ID of cluster>"
353352
```
354353

355354
### [Kubernetes < v1.26](#tab/Kubernetes-earlier)

0 commit comments

Comments
 (0)