Skip to content

Commit e32153a

Browse files
committed
Added link to set custom expiry duration
1 parent 227e2fe commit e32153a

File tree

2 files changed

+3
-3
lines changed

2 files changed

+3
-3
lines changed

articles/azure-arc/kubernetes/azure-rbac.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,7 @@ A conceptual overview of this feature is available in the [Azure RBAC on Azure A
5757
az ad app update --id "${SERVER_APP_ID}" --set groupMembershipClaims=All
5858
```
5959
60-
1. Create a service principal and get its `password` field value. This value is required later as `serverApplicationSecret` when you're enabling this feature on the cluster. Please note that this secret is valid for 1 year and will need to be [rotated after that](./azure-rbac.md#refresh-the-secret-of-the-server-application).
60+
1. Create a service principal and get its `password` field value. This value is required later as `serverApplicationSecret` when you're enabling this feature on the cluster. Please note that this secret is valid for 1 year by default and will need to be [rotated after that](./azure-rbac.md#refresh-the-secret-of-the-server-application). Please refer to [this](/cli/azure/ad/sp/credential?view=azure-cli-latest&preserve-view=true#az-ad-sp-credential-reset) to set a custom expiry duration.
6161
6262
```azurecli
6363
az ad sp create --id "${SERVER_APP_ID}"
@@ -539,7 +539,7 @@ If the secret for the server application's service principal has expired, you wi
539539
SERVER_APP_SECRET=$(az ad sp credential reset --name "${SERVER_APP_ID}" --credential-description "ArcSecret" --query password -o tsv)
540540
```
541541

542-
Update the secret on the cluster.
542+
Update the secret on the cluster. Please add any optional parameters you configured when this command was originally run.
543543
```azurecli
544544
az connectedk8s enable-features -n <clusterName> -g <resourceGroupName> --features azure-rbac --app-id "${SERVER_APP_ID}" --app-secret "${SERVER_APP_SECRET}"
545545
```

articles/azure-arc/kubernetes/troubleshooting.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -168,7 +168,7 @@ To resolve this issue, try the following steps.
168168
name: azure-identity-certificate
169169
```
170170

171-
To resolve this issue, try deleting the Arc deployment by running the `az connectedk8s delete` command and reinstalling it. If the issue continues to happen, it could be an issue with your proxy settings. In that case, [try connecting your cluster to Azure Arc via a proxy](./quickstart-connect-cluster.md#connect-using-an-outbound-proxy-server) to connect your cluster to Arc via a proxy.
171+
To resolve this issue, try deleting the Arc deployment by running the `az connectedk8s delete` command and reinstalling it. If the issue continues to happen, it could be an issue with your proxy settings. In that case, [try connecting your cluster to Azure Arc via a proxy](./quickstart-connect-cluster.md#connect-using-an-outbound-proxy-server) to connect your cluster to Arc via a proxy. Please also verify if all the [network prerequisites](quickstart-connect-cluster.md#meet-network-requirements) have been met.
172172

173173
4. If the `clusterconnect-agent` and the `config-agent` pods are running, but the `kube-aad-proxy` pod is missing, check your pod security policies. This pod uses the `azure-arc-kube-aad-proxy-sa` service account, which doesn't have admin permissions but requires the permission to mount host path.
174174

0 commit comments

Comments
 (0)