Merge pull request #203291 from shashankbarsin/main

Create service account token

Author: PRMerger6

articles/azure-arc/kubernetes/cluster-connect.md

@@ -117,7 +117,7 @@ az connectedk8s enable-features --features cluster-connect -n $CLUSTER_NAME -g $
    - If you are using Kubernetes native ClusterRoleBinding or RoleBinding for authorization checks on the cluster, with the `kubeconfig` file pointing to the `apiserver` of your cluster for direct access, you can create one mapped to the Azure AD entity (service principal or user) that needs to access this cluster. Example:
 
       ```console
-      kubectl create clusterrolebinding admin-user-binding --clusterrole cluster-admin --user=$AAD_ENTITY_OBJECT_ID
+      kubectl create clusterrolebinding demo-user-binding --clusterrole cluster-admin --user=$AAD_ENTITY_OBJECT_ID
       ```
 
    - If you are using Azure RBAC for authorization checks on the cluster, you can create an Azure role assignment mapped to the Azure AD entity. Example:
@@ -147,7 +147,7 @@ az connectedk8s enable-features --features cluster-connect -n $CLUSTER_NAME -g $
    - If you are using Kubernetes native ClusterRoleBinding or RoleBinding for authorization checks on the cluster, with the `kubeconfig` file pointing to the `apiserver` of your cluster for direct access, you can create one mapped to the Azure AD entity (service principal or user) that needs to access this cluster. Example:
 
       ```console
-      kubectl create clusterrolebinding admin-user-binding --clusterrole cluster-admin --user=$AAD_ENTITY_OBJECT_ID
+      kubectl create clusterrolebinding demo-user-binding --clusterrole cluster-admin --user=$AAD_ENTITY_OBJECT_ID
       ```
 
    - If you are using Azure RBAC for authorization checks on the cluster, you can create an Azure role assignment mapped to the Azure AD entity. Example:
@@ -165,47 +165,67 @@ az connectedk8s enable-features --features cluster-connect -n $CLUSTER_NAME -g $
 1. With the `kubeconfig` file pointing to the `apiserver` of your Kubernetes cluster, create a service account in any namespace (the following command creates it in the default namespace):
 
    ```console
-   kubectl create serviceaccount admin-user
+   kubectl create serviceaccount demo-user
    ```
 
 1. Create ClusterRoleBinding or RoleBinding to grant this [service account the appropriate permissions on the cluster](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#kubectl-create-rolebinding). Example:
 
     ```console
-    kubectl create clusterrolebinding admin-user-binding --clusterrole cluster-admin --serviceaccount default:admin-user
+    kubectl create clusterrolebinding demo-user-binding --clusterrole cluster-admin --serviceaccount default:demo-user
     ```
 
-1. Get the service account's token using the following commands:
+1. Create a service account token:
 
     ```console
-    $SECRET_NAME=(kubectl get serviceaccount admin-user -o jsonpath='{$.secrets[0].name}')
+    kubectl apply -f - <<EOF
+    apiVersion: v1
+    kind: Secret
+    metadata:
+      name: demo-user-secret
+      annotations:
+        kubernetes.io/service-account.name: demo-user
+    type: kubernetes.io/service-account-token
+    EOF
     ```
 
     ```console
-    $TOKEN=(kubectl get secret ${SECRET_NAME} -o jsonpath='{$.data.token}' | base64 -d | sed $'s/$/\\\n/g')
+    $TOKEN=(kubectl get secret demo-user-secret -o jsonpath='{$.data.token}' | base64 -d | sed $'s/$/\\\n/g')
     ```
 
 ### [Azure PowerShell](#tab/azure-powershell)
 
 1. With the `kubeconfig` file pointing to the `apiserver` of your Kubernetes cluster, create a service account in any namespace (the following command creates it in the default namespace):
 
    ```console
-   kubectl create serviceaccount admin-user
+   kubectl create serviceaccount demo-user
    ```
 
 1. Create ClusterRoleBinding or RoleBinding to grant this [service account the appropriate permissions on the cluster](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#kubectl-create-rolebinding). Example:
 
     ```console
-    kubectl create clusterrolebinding admin-user-binding --clusterrole cluster-admin --serviceaccount default:admin-user
+    kubectl create clusterrolebinding demo-user-binding --clusterrole cluster-admin --serviceaccount default:demo-user
     ```
 
-1. Get the service account's token using the following commands:
+1. Create a service account token by :
 
     ```console
-    $SECRET_NAME = (kubectl get serviceaccount admin-user -o jsonpath='{$.secrets[0].name}')
+    kubectl apply -f demo-user-secret.yaml
+    ```
+    
+    Contents of `demo-user-secret.yaml`:
+
+    ```yaml
+    apiVersion: v1
+    kind: Secret
+    metadata:
+      name: demo-user-secret
+      annotations:
+        kubernetes.io/service-account.name: demo-user
+    type: kubernetes.io/service-account-token
     ```
 
     ```console
-    $TOKEN = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String((kubectl get secret $SECRET_NAME -o jsonpath='{$.data.token}'))))
+    $TOKEN = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String((kubectl get secret demo-user-secret -o jsonpath='{$.data.token}'))))
     ```
 
 ---