Merge pull request #229133 from MGoedtel/task28822

Revised steps for update SPN credentials

Author: v-shils

articles/aks/update-credentials.md

@@ -2,7 +2,7 @@
 title: Update or rotate the credentials for an Azure Kubernetes Service (AKS) cluster
 description: Learn how update or rotate the service principal or Azure AD Application credentials for an Azure Kubernetes Service (AKS) cluster.
 ms.topic: article
-ms.date: 02/28/2023
+ms.date: 03/01/2023
 ---
 
 # Update or rotate the credentials for an Azure Kubernetes Service (AKS) cluster
@@ -14,7 +14,7 @@ AKS clusters created with a service principal have a one-year expiration time. A
 
 ## Before you begin
 
-You need the Azure CLI version 2.0.65 or later installed and configured. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI][install-azure-cli].
+You need the Azure CLI version 2.0.65 or later installed and configured. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI][install-azure-cli].
 
 ## Update or create a new service principal for your AKS cluster
 
@@ -38,7 +38,7 @@ az ad app credential list --id "$SP_ID" --query "[].endDateTime" -o tsv
 
 ### Reset the existing service principal credentials
 
-To update the credentials for the existing service principal, get the service principal ID of your cluster using the [`az aks show`][az-aks-show] command. The following example gets the ID for the cluster named *myAKSCluster* in the *myResourceGroup* resource group. The service principal ID is set as a variable named *SP_ID* to use in additional command. These commands use Bash syntax.
+To update the credentials for an existing service principal, get the service principal ID of your cluster using the [`az aks show`][az-aks-show] command. The following example gets the ID for the cluster named *myAKSCluster* in the *myResourceGroup* resource group. The variable named *SP_ID* stores the service principal ID used in the next step. These commands use the Bash command language.
 
 > [!WARNING]
 > When you reset your cluster credentials on an AKS cluster that uses Azure Virtual Machine Scale Sets, a [node image upgrade][node-image-upgrade] is performed to update your nodes with the new credential information.
@@ -48,20 +48,20 @@ SP_ID=$(az aks show --resource-group myResourceGroup --name myAKSCluster \
     --query servicePrincipalProfile.clientId -o tsv)
 ```
 
-Use the variable containing the service principal ID to reset the credentials using the [`az ad app credential reset`][az-ad-app-credential-reset] command. The following example enables the Azure platform to generate a new secure secret for the service principal and stores it as a variable named *SP_SECRET*.
+Use the variable *SP_ID* containing the service principal ID to reset the credentials using the [`az ad app credential reset`][az-ad-app-credential-reset] command. The following example enables the Azure platform to generate a new secure secret for the service principal and store it as a variable named *SP_SECRET*.
 
 ```azurecli-interactive
 SP_SECRET=$(az ad app credential reset --id "$SP_ID" --query password -o tsv)
 ```
 
-Next, you can [update AKS cluster with new service principal credentials](#update-aks-cluster-with-new-service-principal-credentials). This step is necessary for the Service Principal changes to reflect on the AKS cluster.
+Next, you [update AKS cluster with service principal credentials][update-cluster-service-principal-credentials]. This step is necessary to update the service principal on your AKS cluster.
 
 ### Create a new service principal
 
 > [!NOTE]
-> If you updated the existing service principal credentials in the previous section, skip this section and instead [update the AKS cluster with new service principal credentials](#update-aks-cluster-with-new-service-principal-credentials).
+> If you updated the existing service principal credentials in the previous section, skip this section and instead [update the AKS cluster with service principal credentials][update-cluster-service-principal-credentials].
 
-To create a service principal and update the AKS cluster to use the new credentials, use the [`az ad sp create-for-rbac`][az-ad-sp-create] command.
+To create a service principal and update the AKS cluster to use the new credential, use the [`az ad sp create-for-rbac`][az-ad-sp-create] command.
 
 ```azurecli-interactive
 az ad sp create-for-rbac --role Contributor --scopes /subscriptions/mySubscriptionID
@@ -78,21 +78,21 @@ The output is similar to the following example output. Make a note of your own `
 }
 ```
 
-Define variables for the service principal ID and client secret using your output from running the [`az ad sp create-for-rbac`][az-ad-sp-create] command. The *SP_ID* is your *appId*, and the *SP_SECRET* is your *password*.
+Define variables for the service principal ID and client secret using your output from running the [`az ad sp create-for-rbac`][az-ad-sp-create] command. The *SP_ID* is the *appId*, and the *SP_SECRET* is your *password*.
 
 ```console
 SP_ID=7d837646-b1f3-443d-874c-fd83c7c739c5
 SP_SECRET=a5ce83c9-9186-426d-9183-614597c7f2f7
 ```
 
-Next, you can [update AKS cluster with new service principal credentials](#update-aks-cluster-with-new-service-principal-credentials). This step is necessary for the Service Principal changes to reflect on the AKS cluster.
+Next, you [update AKS cluster with the new service principal credential][update-cluster-service-principal-credentials]. This step is necessary to update the AKS cluster with the new service principal credential.
 
-## Update AKS cluster with new service principal credentials
+## Update AKS cluster with service principal credentials
 
-> [!IMPORTANT]
-> For large clusters, updating the AKS cluster with a new service principal may take a long time to complete. Consider reviewing and customizing the [node surge upgrade settings][node-surge-upgrade] to minimize disruption during cluster updates and upgrades. For small and midsize clusters, it takes a few moments for the new credentials to update in the cluster.
+>[!IMPORTANT]
+>For large clusters, updating your AKS cluster with a new service principal may take a long time to complete. Consider reviewing and customizing the [node surge upgrade settings][node-surge-upgrade] to minimize disruption during the update. For small and midsize clusters, it takes a several minutes for the new credentials to update in the cluster.
 
-Update the AKS cluster with your new credentials using the [`az aks update-credentials`][az-aks-update-credentials] command.
+Update the AKS cluster with your new or existing credentials by running the [`az aks update-credentials`][az-aks-update-credentials] command.
 
 ```azurecli-interactive
 az aks update-credentials \
@@ -105,7 +105,7 @@ az aks update-credentials \
 
 ## Update AKS cluster with new Azure AD application credentials
 
-You can create new Azure AD server and client applications by following the [Azure AD integration steps][create-aad-app], or reset your existing Azure AD applications following the [same method as for service principal reset](#reset-the-existing-service-principal-credentials). After that, you need to update your cluster Azure AD application credentials using the [`az aks update-credentials`][az-aks-update-credentials] command with the *--reset-aad* variables.
+You can create new Azure AD server and client applications by following the [Azure AD integration steps][create-aad-app], or reset your existing Azure AD applications following the [same method as for service principal reset][reset-existing-service-principal-credentials]. After that, you need to update your cluster Azure AD application credentials using the [`az aks update-credentials`][az-aks-update-credentials] command with the *--reset-aad* variables.
 
 ```azurecli-interactive
 az aks update-credentials \
@@ -119,7 +119,7 @@ az aks update-credentials \
 
 ## Next steps
 
-In this article, you learned how to update or rotate service principal and Azure AD application credentials. For more information on how to manage identity for workloads within an AKS cluster, see [Best practices for authentication and authorization in AKS][best-practices-identity].
+In this article, you learned how to update or rotate service principal and Azure AD application credentials. For more information on how to use a manage identity for workloads within an AKS cluster, see [Best practices for authentication and authorization in AKS][best-practices-identity].
 
 <!-- LINKS - internal -->
 [install-azure-cli]: /cli/azure/install-azure-cli
@@ -133,3 +133,5 @@ In this article, you learned how to update or rotate service principal and Azure
 [az-ad-app-credential-reset]: /cli/azure/ad/app/credential#az_ad_app_credential_reset
 [node-image-upgrade]: ./node-image-upgrade.md
 [node-surge-upgrade]: upgrade-cluster.md#customize-node-surge-upgrade
+[update-cluster-service-principal-credentials]: #update-aks-cluster-with-service-principal-credentials
+[reset-existing-service-principal-credentials]: #reset-the-existing-service-principal-credentials

articles/container-registry/authenticate-aks-cross-tenant.md

@@ -68,7 +68,7 @@ In **Tenant B**, assign the AcrPull role to the service principal, scoped to the
 
 ### Step 4: Update AKS with the Azure AD application secret
 
-Use the multitenant application (client) ID and client secret collected in Step 1 to [update the AKS service principal credential](../aks/update-credentials.md#update-aks-cluster-with-new-service-principal-credentials).
+Use the multitenant application (client) ID and client secret collected in Step 1 to [update the AKS service principal credential](../aks/update-credentials.md#update-aks-cluster-with-service-principal-credentials).
 
 Updating the service principal can take several minutes.