You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/aks/learn/tutorial-kubernetes-workload-identity.md
+12-12Lines changed: 12 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -67,13 +67,13 @@ The following output example resembles successful creation of the resource group
67
67
68
68
To install the aks-preview extension, run the following command:
69
69
70
-
```azurecli
70
+
```azurecli-interactive
71
71
az extension add --name aks-preview
72
72
```
73
73
74
74
Run the following command to update to the latest version of the extension released:
75
75
76
-
```azurecli
76
+
```azurecli-interactive
77
77
az extension update --name aks-preview
78
78
```
79
79
@@ -112,7 +112,7 @@ After a few minutes, the command completes and returns JSON-formatted informatio
112
112
113
113
To get the OIDC Issuer URL and save it to an environmental variable, run the following command. Replace the default value for the arguments `-n`, which is the name of the cluster and `-g`, the resource group name:
114
114
115
-
```bash
115
+
```azurecli-interactive
116
116
export AKS_OIDC_ISSUER="$(az aks show -n myAKSCluster -g myResourceGroup --query "oidcIssuerProfile.issuerUrl" -otsv)"
Use the Azure CLI [az keyvault create][az-keyvault-create] command to create a Key Vault in the resource group created earlier.
148
148
149
-
```azurecli
149
+
```azurecli-interactive
150
150
az keyvault create --resource-group "${RESOURCE_GROUP}" --location "${LOCATION}" --name "${KEYVAULT_NAME}"
151
151
```
152
152
@@ -159,7 +159,7 @@ At this point, your Azure account is the only one authorized to perform any oper
159
159
160
160
To add a secret to the vault, you need to run the Azure CLI [az keyvault secret set][az-keyvault-secret-set] command to create it. The password is the value you specified for the environment variable `KEYVAULT_SECRET_NAME` and stores the value of **Hello!** in it.
161
161
162
-
```azurecli
162
+
```azurecli-interactive
163
163
az keyvault secret set --vault-name "${KEYVAULT_NAME}" --name "${KEYVAULT_SECRET_NAME}" --value 'Hello!'
Use the Azure CLI [az account set][az-account-set] command to set a specific subscription to be the current active subscription. Then use the [az identity create][az-identity-create] command to create a managed identity.
az keyvault set-policy --name "${KEYVAULT_NAME}" --secret-permissions get --spn "${USER_ASSIGNED_CLIENT_ID}"
192
192
```
193
193
194
194
### Create Kubernetes service account
195
195
196
196
Create a Kubernetes service account and annotate it with the client ID of the Managed Identity created in the previous step. Use the [az aks get-credentials][az-aks-get-credentials] command and replace the default value for the cluster name and the resource group name.
197
197
198
-
```azurecli
198
+
```azurecli-interactive
199
199
az aks get-credentials -n myAKSCluster -g "${RESOURCE_GROUP}"
200
200
```
201
201
@@ -225,7 +225,7 @@ Serviceaccount/workload-identity-sa created
225
225
226
226
Use the [az identity federated-credential create][az-identity-federated-credential-create] command to create the federated identity credential between the managed identity, the service account issuer, and the subject.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments