Merge pull request #253016 from MGoedtel/bug164077

prmerger-automator[bot] · web-flow · commit ccb730d9a5a3 · 2023-09-27T16:34:02.000Z
Update AKS workload identity articles
diff --git a/articles/aks/workload-identity-deploy-cluster.md b/articles/aks/workload-identity-deploy-cluster.md
@@ -3,7 +3,7 @@ title: Deploy and configure an Azure Kubernetes Service (AKS) cluster with workl
 description: In this Azure Kubernetes Service (AKS) article, you deploy an Azure Kubernetes Service cluster and configure it with an Azure AD workload identity.
 ms.topic: article
 ms.custom: devx-track-azurecli, devx-track-linux
-ms.date: 07/26/2023
+ms.date: 09/27/2023
 ---
 
 # Deploy and configure workload identity on an Azure Kubernetes Service (AKS) cluster
@@ -149,7 +149,7 @@ EOF
 ```
 
 > [!IMPORTANT]
-> Ensure your application pods using workload identity have added the following label [azure.workload.identity/use: "true"] to your running pods/deployments, otherwise the pods will fail once restarted.
+> Ensure your application pods using workload identity have added the following label `azure.workload.identity/use: "true"` to your pod spec, otherwise the pods fail after their restarted.
 
 ```bash
 kubectl apply -f <your application>
diff --git a/articles/aks/workload-identity-overview.md b/articles/aks/workload-identity-overview.md
@@ -25,7 +25,7 @@ This article helps you understand this new authentication feature, and reviews t
 
 In the Azure Identity client libraries, choose one of the following approaches:
 
-- Use `DefaultAzureCredential`, which will attempt to use the `WorkloadIdentityCredential`.
+- Use `DefaultAzureCredential`, which attempts to use the `WorkloadIdentityCredential`.
 - Create a `ChainedTokenCredential` instance that includes `WorkloadIdentityCredential`.
 - Use `WorkloadIdentityCredential` directly.
 
@@ -40,7 +40,7 @@ The following table provides the **minimum** package version required for each l
 | Node.js   | [@azure/identity](/javascript/api/overview/azure/identity-readme)                                                | 3.2.0           |
 | Python    | [azure-identity](/python/api/overview/azure/identity-readme)                                                     | 1.13.0          |
 
-In the following code samples, `DefaultAzureCredential` is used. This credential type will use the environment variables injected by the Azure Workload Identity mutating webhook to authenticate with Azure Key Vault.
+In the following code samples, `DefaultAzureCredential` is used. This credential type uses the environment variables injected by the Azure Workload Identity mutating webhook to authenticate with Azure Key Vault.
 
 ## [.NET](#tab/dotnet)
 
@@ -224,7 +224,7 @@ The following diagram summarizes the authentication sequence using OpenID Connec
 
 ### Webhook Certificate Auto Rotation
 
-Similar to other webhook addons, the certificate will be rotated by cluster certificate [auto rotation][auto-rotation] operation.
+Similar to other webhook addons, the certificate is rotated by cluster certificate [auto rotation][auto-rotation] operation.
 
 ## Service account labels and annotations
 
@@ -252,11 +252,11 @@ All annotations are optional. If the annotation isn't specified, the default val
 ### Pod labels
 
 > [!NOTE]
-> For applications using Workload Identity it is now required to add the label 'azure.workload.identity/use: "true"' pod label in order for AKS to move Workload Identity to a "Fail Close" scenario before GA to provide a consistent and reliable behavior for pods that need to use workload identity. 
+> For applications using workload identity, it's required to add the label `azure.workload.identity/use: "true"` to the pod spec for AKS to move workload identity to a *Fail Close* scenario to provide a consistent and reliable behavior for pods that need to use workload identity. Otherwise the pods fail after their restarted.
 
 |Label |Description |Recommended value |Required |
 |------|------------|------------------|---------|
-|`azure.workload.identity/use` | This label is required in the pod template spec. Only pods with this label will be mutated by the azure-workload-identity mutating admission webhook to inject the Azure specific environment variables and the projected service account token volume. |true |Yes |
+|`azure.workload.identity/use` | This label is required in the pod template spec. Only pods with this label are mutated by the azure-workload-identity mutating admission webhook to inject the Azure specific environment variables and the projected service account token volume. |true |Yes |
 
 ### Pod annotations
 
