Merge pull request #216682 from CocoWang-wql/patch-19

prmerger-automator[bot] · web-flow · commit 7e23c21c2953 · 2022-11-02T02:06:21.000Z
Update use-azure-ad-pod-identity.md
diff --git a/articles/aks/use-azure-ad-pod-identity.md b/articles/aks/use-azure-ad-pod-identity.md
@@ -3,7 +3,7 @@ title: Use Azure Active Directory pod-managed identities in Azure Kubernetes Ser
 description: Learn how to use Azure AD pod-managed identities in Azure Kubernetes Service (AKS)
 services: container-service
 ms.topic: article
-ms.date: 8/27/2022
+ms.date: 11/01/2022
 
 ---
 
@@ -288,7 +288,7 @@ metadata:
 
 ## Clean up
 
-To remove an Azure AD pod-managed identity from your cluster, remove the sample application and the pod-managed identity from the cluster. Then remove the identity.
+To remove an Azure AD pod-managed identity from your cluster, remove the sample application and the pod-managed identity from the cluster. Then remove the identity and the role assignment of cluster identity.
 
 ```bash
 kubectl delete pod demo --namespace $POD_IDENTITY_NAMESPACE
@@ -302,6 +302,10 @@ az aks pod-identity delete --name ${POD_IDENTITY_NAME} --namespace ${POD_IDENTIT
 az identity delete -g ${IDENTITY_RESOURCE_GROUP} -n ${IDENTITY_NAME}
 ```
 
+```azurecli
+az role assignment delete --role "Managed Identity Operator" --assignee "$IDENTITY_CLIENT_ID" --scope "$IDENTITY_RESOURCE_ID"
+```
+
 ## Next steps
 
 For more information on managed identities, see [Managed identities for Azure resources][az-managed-identities].
