Added the following changes:

naioja · naioja · commit 9a2c9167c87e · 2022-11-21T23:00:46.000+01:00
1. combined bash and azcli commands for the KeyVault operations
2. used easy to read variable assignements
3. fix spelling for resource group name
4. added variables for the service account and sa namespace
5. removed the need to replace the above mentioned variables in
several places by setting them once and exporting
diff --git a/articles/aks/workload-identity-deploy-cluster.md b/articles/aks/workload-identity-deploy-cluster.md
@@ -96,35 +96,25 @@ You can retrieve this information using the Azure CLI command: [az keyvault list
 
 1. Use the Azure CLI [az account set][az-account-set] command to set a specific subscription to be the current active subscription. Then use the [az identity create][az-identity-create] command to create a managed identity.
 
-    ```bash
+    ```azurecli
     export SUBSCRIPTION_ID="$(az account show --query id --output tsv)"
-    ```
+    export USER_ASSIGNED_IDENTITY_NAME="myIdentity"
+    export RG_NAME="myResourceGroup"
+    export LOCATION="eastus"
 
-    ```azurecli
     az account set --subscription "${SUBSCRIPTION_ID}"
-    ```
-
-    ```bash
-    export USER_ASSIGNED_IDENTITY_NAME="${IDENTITY:-myIdentity}"
-    export RG_NAME="${RESOURCE_GROUP:-myResourceGroup}"
-    export LOCATION="${LOC:-eastus}"
-    export SUBSCRIPTION_ID="$(az account show --query id --output tsv)"
-    ```
 
-    ```azurecli
     az identity create --name "${USER_ASSIGNED_IDENTITY_NAME}" --resource-group "${RG_NAME}" --location "${LOCATION}" --subscription "${SUBSCRIPTION_ID}"
     ```
 
 2. Set an access policy for the managed identity to access secrets in your Key Vault by running the following commands:
 
-    ```bash
-    export RG_NAME="${RESOURCE_GROUP:-myResourceGroup}"
-    export USER_ASSIGNED_IDENTITY_NAME="${IDENTITY:-myIdentity}"
-    export KEYVAULT_NAME="${KEYVAULT:-myKeyVault}"
+    ```azurecli
+    export RG_NAME="myResourceGroup"
+    export USER_ASSIGNED_IDENTITY_NAME="myIdentity"
+    export KEYVAULT_NAME="myKeyVault"
     export USER_ASSIGNED_CLIENT_ID="$(az identity show --resource-group "${RG_NAME}" --name "${USER_ASSIGNED_IDENTITY_NAME}" --query 'clientId' -otsv)"
-    ```
 
-    ```azurecli
     az keyvault set-policy --name "${KEYVAULT_NAME}" --secret-permissions get --spn "${USER_ASSIGNED_CLIENT_ID}"
     ```
 
@@ -133,22 +123,25 @@ You can retrieve this information using the Azure CLI command: [az keyvault list
 Create a Kubernetes service account and annotate it with the client ID of the managed identity created in the previous step. Use the [az aks get-credentials][az-aks-get-credentials] command and replace the values for the cluster name and the resource group name.
 
 ```azurecli
-az aks get-credentials -n myAKSCluster -g MyResourceGroup
+az aks get-credentials -n myAKSCluster -g myResourceGroup
 ```
 
-Copy and paste the following multi-line input in the Azure CLI, and update the values for `serviceAccountName` and `serviceAccountNamespace` with the Kubernetes service account name and its namespace.
+Copy and paste the following multi-line input in the Azure CLI, and update the values for `SERVICE_ACCOUNT_NAME` and `SERVICE_ACCOUNT_NAMESPACE` with the Kubernetes service account name and its namespace.
 
 ```bash
+export SERVICE_ACCOUNT_NAME="workload-identity-sa"
+export SERVICE_ACCOUNT_NAMESPACE="my-namespace"
+
 cat <<EOF | kubectl apply -f -
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   annotations:
-    azure.workload.identity/client-id: ${USER_ASSIGNED_CLIENT_ID}
+    azure.workload.identity/client-id: "${USER_ASSIGNED_CLIENT_ID}"
   labels:
     azure.workload.identity/use: "true"
-  name: serviceAccountName
-  namespace: serviceAccountNamspace
+  name: "${SERVICE_ACCOUNT_NAME}"
+  namespace: "${SERVICE_ACCOUNT_NAMESPACE}"
 EOF
 ```
 
@@ -160,10 +153,10 @@ Serviceaccount/workload-identity-sa created
 
 ## Establish federated identity credential
 
-Use the [az identity federated-credential create][az-identity-federated-credential-create] command to create the federated identity credential between the managed identity, the service account issuer, and the subject. Replace the values `resourceGroupName`, `userAssignedIdentityName`, `federatedIdentityName`, `serviceAccountNamespace`, and `serviceAccountName`.
+Use the [az identity federated-credential create][az-identity-federated-credential-create] command to create the federated identity credential between the managed identity, the service account issuer, and the subject.
 
 ```azurecli
-az identity federated-credential create --name federatedIdentityName --identity-name userAssignedIdentityName --resource-group resourceGroupName --issuer ${AKS_OIDC_ISSUER} --subject system:serviceaccount:serviceAccountNamespace:serviceAccountName
+az identity federated-credential create --name myfederatedIdentity --identity-name "${USER_ASSIGNED_IDENTITY_NAME}" --resource-group "${RG_NAME}" --issuer "${AKS_OIDC_ISSUER}" --subject system:serviceaccount:"${SERVICE_ACCOUNT_NAMESPACE}":"${SERVICE_ACCOUNT_NAME}"
 ```
 
 > [!NOTE]
