You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/aks/workload-identity-deploy-cluster.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -44,7 +44,7 @@ az account set --subscription <subscription-id>
44
44
45
45
To help simplify steps to configure the identities required, the steps below define environment variables that are referenced in the examples in this article. Remember to replace the values shown with your own values:
46
46
47
-
```bash
47
+
```azurecli-interactive
48
48
export RESOURCE_GROUP="myResourceGroup"
49
49
export LOCATION="eastus"
50
50
export CLUSTER_NAME="myAKSCluster"
@@ -117,7 +117,7 @@ az aks update \
117
117
118
118
To get the OIDC issuer URL and save it to an environmental variable, run the following command:
119
119
120
-
```bash
120
+
```azurecli-interactive
121
121
export AKS_OIDC_ISSUER="$(az aks show --name "${CLUSTER_NAME}" \
122
122
--resource-group "${RESOURCE_GROUP}" \
123
123
--query "oidcIssuerProfile.issuerUrl" \
@@ -146,7 +146,7 @@ az identity create \
146
146
147
147
Next, create a variable for the managed identity's client ID.
148
148
149
-
```bash
149
+
```azurecli-interactive
150
150
export USER_ASSIGNED_CLIENT_ID="$(az identity show \
151
151
--resource-group "${RESOURCE_GROUP}" \
152
152
--name "${USER_ASSIGNED_IDENTITY_NAME}" \
@@ -164,7 +164,7 @@ az aks get-credentials --name "${CLUSTER_NAME}" --resource-group "${RESOURCE_GRO
164
164
165
165
Copy and paste the following multi-line input in the Azure CLI.
166
166
167
-
```bash
167
+
```azurecli-interactive
168
168
cat <<EOF | kubectl apply -f -
169
169
apiVersion: v1
170
170
kind: ServiceAccount
@@ -321,8 +321,8 @@ The following example shows how to use the Azure role-based access control (Azur
321
321
322
322
To check whether all properties are injected properly by the webhook, use the [kubectl describe][kubectl-describe] command:
323
323
324
-
```bash
325
-
kubectl describe pod quick-start | grep "SECRET_NAME:"
324
+
```azurecli-interactive
325
+
kubectl describe pod sample-workload-identity-key-vault | grep "SECRET_NAME:"
326
326
```
327
327
328
328
If successful, the output should be similar to the following:
@@ -333,8 +333,8 @@ If successful, the output should be similar to the following:
333
333
334
334
To verify that pod is able to get a token and access the resource, use the kubectl logs command:
335
335
336
-
```bash
337
-
kubectl logs quick-start
336
+
```azurecli-interactive
337
+
kubectl logs sample-workload-identity-key-vault
338
338
```
339
339
340
340
If successful, the output should be similar to the following:
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments