Skip to content

Commit c7974a4

Browse files
alt-keyalt-key
authored
Update cluster-connect.md
1 parent 5614a8b commit c7974a4

File tree

1 file changed

+12
-12
lines changed

1 file changed

+12
-12
lines changed

articles/azure-arc/kubernetes/cluster-connect.md

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -91,34 +91,34 @@ On the existing Arc-enabled cluster, create the ClusterRoleBinding with either M
9191
- For a Microsoft Entra group account:
9292

9393
```azurecli
94-
AAD_ENTITY_OBJECT_ID=$(az ad signed-in-user show --query id -o tsv)
94+
AAD_ENTITY_ID=$(az ad signed-in-user show --query id -o tsv)
9595
```
9696

9797
- For a Microsoft Entra single user account:
9898

9999
```azurecli
100-
AAD_ENTITY_OBJECT_ID=$(az ad signed-in-user show --query userPrincipalName -o tsv)
100+
AAD_ENTITY_ID=$(az ad signed-in-user show --query userPrincipalName -o tsv)
101101
```
102102

103103
- For a Microsoft Entra application:
104104

105105
```azurecli
106-
AAD_ENTITY_OBJECT_ID=$(az ad sp show --id <id> --query id -o tsv)
106+
AAD_ENTITY_ID=$(az ad sp show --id <id> --query id -o tsv)
107107
```
108108

109109
1. Authorize the entity with appropriate permissions.
110110

111111
- If you're using Kubernetes native ClusterRoleBinding or RoleBinding for authorization checks on the cluster, with the `kubeconfig` file pointing to the `apiserver` of your cluster for direct access, you can create one mapped to the Microsoft Entra entity (service principal or user) that needs to access this cluster. For example:
112112

113113
```console
114-
kubectl create clusterrolebinding demo-user-binding --clusterrole cluster-admin --user=$AAD_ENTITY_OBJECT_ID
114+
kubectl create clusterrolebinding demo-user-binding --clusterrole cluster-admin --user=$AAD_ENTITY_ID
115115
```
116116

117117
- If you're using Azure RBAC for authorization checks on the cluster, you can create an applicable [Azure role assignment](azure-rbac.md#built-in-roles) mapped to the Microsoft Entra entity. For example:
118118

119119
```azurecli
120-
az role assignment create --role "Azure Arc Kubernetes Viewer" --assignee $AAD_ENTITY_OBJECT_ID --scope $ARM_ID_CLUSTER
121-
az role assignment create --role "Azure Arc Enabled Kubernetes Cluster User Role" --assignee $AAD_ENTITY_OBJECT_ID --scope $ARM_ID_CLUSTER
120+
az role assignment create --role "Azure Arc Kubernetes Viewer" --assignee $AAD_ENTITY_ID --scope $ARM_ID_CLUSTER
121+
az role assignment create --role "Azure Arc Enabled Kubernetes Cluster User Role" --assignee $AAD_ENTITY_ID --scope $ARM_ID_CLUSTER
122122
```
123123

124124
#### [Azure PowerShell](#tab/azure-powershell)
@@ -128,35 +128,35 @@ On the existing Arc-enabled cluster, create the ClusterRoleBinding with either M
128128
- For a Microsoft Entra group account:
129129

130130
```azurepowershell
131-
$AAD_ENTITY_OBJECT_ID = (az ad signed-in-user show --query id -o tsv)
131+
$AAD_ENTITY_ID = (az ad signed-in-user show --query id -o tsv)
132132
```
133133

134134
- For a Microsoft Entra single user account:
135135

136136
```azurepowershell
137-
$AAD_ENTITY_OBJECT_ID = (az ad signed-in-user show --query userPrincipalName -o tsv)
137+
$AAD_ENTITY_ID = (az ad signed-in-user show --query userPrincipalName -o tsv)
138138
```
139139

140140
- For a Microsoft Entra application:
141141

142142
```azurepowershell
143-
$AAD_ENTITY_OBJECT_ID = (az ad sp show --id <id> --query objectId -o tsv)
143+
$AAD_ENTITY_ID = (az ad sp show --id <id> --query objectId -o tsv)
144144
```
145145

146146
1. Authorize the entity with appropriate permissions.
147147

148148
- If you're using native Kubernetes ClusterRoleBinding or RoleBinding for authorization checks on the cluster, with the `kubeconfig` file pointing to the `apiserver` of your cluster for direct access, you can create one mapped to the Microsoft Entra entity (service principal or user) that needs to access this cluster. For example:
149149

150150
```console
151-
kubectl create clusterrolebinding demo-user-binding --clusterrole cluster-admin --user=$AAD_ENTITY_OBJECT_ID
151+
kubectl create clusterrolebinding demo-user-binding --clusterrole cluster-admin --user=$AAD_ENTITY_ID
152152
```
153153

154154
- If you're using [Azure RBAC for authorization checks](azure-rbac.md) on the cluster, you can create an applicable [Azure role assignment](azure-rbac.md#built-in-roles) mapped to the Microsoft Entra entity. For example:
155155

156156
```azurepowershell
157157
158-
az role assignment create --role "Azure Arc Kubernetes Viewer" --assignee $AAD_ENTITY_OBJECT_ID --scope $ARM_ID_CLUSTER
159-
az role assignment create --role "Azure Arc Enabled Kubernetes Cluster User Role" --assignee $AAD_ENTITY_OBJECT_ID --scope $ARM_ID_CLUSTER
158+
az role assignment create --role "Azure Arc Kubernetes Viewer" --assignee $AAD_ENTITY_ID --scope $ARM_ID_CLUSTER
159+
az role assignment create --role "Azure Arc Enabled Kubernetes Cluster User Role" --assignee $AAD_ENTITY_ID --scope $ARM_ID_CLUSTER
160160
```
161161

162162
---

0 commit comments

Comments
 (0)