Merge pull request #275306 from schaffererin/updateparams2

Updated command parameters with long-form formatting

Author: prmerger-automator[bot]

articles/aks/azure-disk-customer-managed-keys.md

@@ -46,10 +46,10 @@ az account list-locations
 
 ```azurecli-interactive
 # Create new resource group in a supported Azure region
-az group create -l myAzureRegionName -n myResourceGroup
+az group create --location myAzureRegionName --name myResourceGroup
 
 # Create an Azure Key Vault resource in a supported Azure region
-az keyvault create -n myKeyVaultName -g myResourceGroup -l myAzureRegionName  --enable-purge-protection true
+az keyvault create --name myKeyVaultName --resource-group myResourceGroup --location myAzureRegionName  --enable-purge-protection true
 ```
 
 ## Create an instance of a DiskEncryptionSet
@@ -64,7 +64,7 @@ keyVaultId=$(az keyvault show --name myKeyVaultName --query "[id]" -o tsv)
 keyVaultKeyUrl=$(az keyvault key show --vault-name myKeyVaultName --name myKeyName --query "[key.kid]" -o tsv)
 
 # Create a DiskEncryptionSet
-az disk-encryption-set create -n myDiskEncryptionSetName  -l myAzureRegionName  -g myResourceGroup --source-vault $keyVaultId --key-url $keyVaultKeyUrl
+az disk-encryption-set create --name myDiskEncryptionSetName -location myAzureRegionName -resource-group myResourceGroup --source-vault $keyVaultId --key-url $keyVaultKeyUrl
 ```
 
 > [!IMPORTANT]
@@ -76,10 +76,10 @@ Use the DiskEncryptionSet and resource groups you created on the prior steps, an
 
 ```azurecli-interactive
 # Retrieve the DiskEncryptionSet value and set a variable
-desIdentity=$(az disk-encryption-set show -n myDiskEncryptionSetName  -g myResourceGroup --query "[identity.principalId]" -o tsv)
+desIdentity=$(az disk-encryption-set show --name myDiskEncryptionSetName --resource-group myResourceGroup --query "[identity.principalId]" -o tsv)
 
 # Update security policy settings
-az keyvault set-policy -n myKeyVaultName -g myResourceGroup --object-id $desIdentity --key-permissions wrapkey unwrapkey get
+az keyvault set-policy --name myKeyVaultName --resource-group myResourceGroup --object-id $desIdentity --key-permissions wrapkey unwrapkey get
 ```
 
 ## Create a new AKS cluster and encrypt the OS disk
@@ -89,31 +89,31 @@ Either create a new resource group, or select an existing resource group hosting
 Run the following command to retrieve the DiskEncryptionSet value and set a variable:
 
 ```azurecli-interactive
-diskEncryptionSetId=$(az disk-encryption-set show -n mydiskEncryptionSetName -g myResourceGroup --query "[id]" -o tsv)
+diskEncryptionSetId=$(az disk-encryption-set show --name mydiskEncryptionSetName --resource-gorup myResourceGroup --query "[id]" -o tsv)
 ```
 
 If you want to create a new resource group for the cluster, run the following command:
 
 ```azurecli-interactive
-az group create -n myResourceGroup -l myAzureRegionName
+az group create --name myResourceGroup --location myAzureRegionName
 ```
 
 To create a regular cluster using network-attached OS disks encrypted with your key, you can do so by specifying the `--node-osdisk-type=Managed` argument.
 
 ```azurecli-interactive
-az aks create -n myAKSCluster -g myResourceGroup --node-osdisk-diskencryptionset-id $diskEncryptionSetId --generate-ssh-keys --node-osdisk-type Managed
+az aks create --name myAKSCluster --resource-group myResourceGroup --node-osdisk-diskencryptionset-id $diskEncryptionSetId --generate-ssh-keys --node-osdisk-type Managed
 ```
 
 To create a cluster with ephemeral OS disk encrypted with your key, you can do so by specifying the `--node-osdisk-type=Ephemeral` argument. You also need to specify the argument `--node-vm-size` because the default vm size is too small and doesn't support ephemeral OS disk.
 
 ```azurecli-interactive
-az aks create -n myAKSCluster -g myResourceGroup --node-osdisk-diskencryptionset-id $diskEncryptionSetId --generate-ssh-keys --node-osdisk-type Ephemeral --node-vm-size Standard_DS3_v2
+az aks create --name myAKSCluster --resource-group myResourceGroup --node-osdisk-diskencryptionset-id $diskEncryptionSetId --generate-ssh-keys --node-osdisk-type Ephemeral --node-vm-size Standard_DS3_v2
 ```
 
 When new node pools are added to the cluster, the customer-managed key provided during the create process is used to encrypt the OS disk. The following example shows how to deploy a new node pool with an ephemeral OS disk.
 
 ```azurecli-interactive
-az aks nodepool add --cluster-name $CLUSTER_NAME -g $RG_NAME --name $NODEPOOL_NAME --node-osdisk-type Ephemeral
+az aks nodepool add --cluster-name $CLUSTER_NAME --resource-group $RG_NAME --name $NODEPOOL_NAME --node-osdisk-type Ephemeral
 ```
 
 ## Encrypt your AKS cluster data disk
@@ -126,7 +126,7 @@ If you have already provided a disk encryption set during cluster creation, encr
 To assign the AKS cluster identity the Contributor role for the diskencryptionset, execute the following commands:
 
 ```azurecli-interactive
-aksIdentity=$(az aks show -g $RG_NAME -n $CLUSTER_NAME --query "identity.principalId")
+aksIdentity=$(az aks show --resource-group $RG_NAME --name $CLUSTER_NAME --query "identity.principalId")
 az role assignment create --role "Contributor" --assignee $aksIdentity --scope $diskEncryptionSetId
 ```
 

articles/aks/certificate-rotation.md

@@ -63,7 +63,7 @@ Microsoft maintains all certificates mentioned in this section, except for the c
 * Check the expiration date of the VMAS agent node certificate using the `az vm run-command invoke` command.
 
     ```azurecli-interactive
-    az vm run-command invoke -g MC_rg_myAKSCluster_region -n vm-name --command-id RunShellScript --query 'value[0].message' -otsv --scripts "openssl x509 -in /etc/kubernetes/certs/apiserver.crt -noout -enddate"
+    az vm run-command invoke --resource-group MC_rg_myAKSCluster_region --name vm-name --command-id RunShellScript --query 'value[0].message' -otsv --scripts "openssl x509 -in /etc/kubernetes/certs/apiserver.crt -noout -enddate"
     ```
 
 ### Check Virtual Machine Scale Set agent node certificate expiration date
@@ -108,13 +108,13 @@ For any AKS clusters created or upgraded after March 2022, Azure Kubernetes Serv
 1. Connect to your cluster using the [`az aks get-credentials`][az-aks-get-credentials] command.
 
     ```azurecli-interactive
-    az aks get-credentials -g $RESOURCE_GROUP_NAME -n $CLUSTER_NAME
+    az aks get-credentials --resource-group $RESOURCE_GROUP_NAME --name $CLUSTER_NAME
     ```
 
 2. Rotate all certificates, CAs, and SAs on your cluster using the [`az aks rotate-certs`][az-aks-rotate-certs] command.
 
     ```azurecli-interactive
-    az aks rotate-certs -g $RESOURCE_GROUP_NAME -n $CLUSTER_NAME
+    az aks rotate-certs --resource-group $RESOURCE_GROUP_NAME --name $CLUSTER_NAME
     ```
 
     > [!IMPORTANT]
@@ -135,7 +135,7 @@ For any AKS clusters created or upgraded after March 2022, Azure Kubernetes Serv
 4. Update the certificate used by `kubectl` using the [`az aks get-credentials`][az-aks-get-credentials] command with the `--overwrite-existing` flag.
 
     ```azurecli-interactive
-    az aks get-credentials -g $RESOURCE_GROUP_NAME -n $CLUSTER_NAME --overwrite-existing
+    az aks get-credentials --resource-group $RESOURCE_GROUP_NAME --name $CLUSTER_NAME --overwrite-existing
     ```
 
 5. Verify the certificates have been updated using the [`kubectl get`][kubectl-get] command.

articles/aks/image-cleaner.md

@@ -247,7 +247,7 @@ The `eraser-aks-xxxxx` pod deletes within 10 minutes after work completion. You
 2. Get the Log Analytics resource ID using the [`az aks show`][az-aks-show] command.
 
     ```azurecli-interactive
-      az aks show -g myResourceGroup -n myManagedCluster
+      az aks show --resource-group myResourceGroup --name myManagedCluster
     ```
 
      After a few minutes, the command returns JSON-formatted information about the solution, including the workspace resource ID:

articles/aks/image-integrity.md

@@ -87,7 +87,7 @@ Image Integrity uses Ratify, Azure Policy, and Gatekeeper to validate signed ima
 
     ```azurecli-interactive
     export SCOPE="/subscriptions/${SUBSCRIPTION}/resourceGroups/${RESOURCE_GROUP}"
-    export LOCATION=$(az group show -n ${RESOURCE_GROUP} --query location -o tsv)
+    export LOCATION=$(az group show --name ${RESOURCE_GROUP} --query location -o tsv)
 
     az policy assignment create --name 'deploy-trustedimages' --policy-set-definition 'af28bf8b-c669-4dd3-9137-1e68fdc61bd6' --display-name 'Audit deployment with unsigned container images' --scope ${SCOPE} --mi-system-assigned --role Contributor --identity-scope ${SCOPE} --location ${LOCATION}
     ```
@@ -98,8 +98,8 @@ Image Integrity uses Ratify, Azure Policy, and Gatekeeper to validate signed ima
 > The policy deploys the Image Integrity feature on your cluster when it detects any update operation on the cluster. If you want to enable the feature immediately, you need to create a policy remediation using the [`az policy remediation create`][az-policy-remediation-create] command.
 >
 > ```azurecli-interactive
-> assignment_id=$(az policy assignment show -n 'deploy-trustedimages' --scope ${SCOPE} --query id -o tsv)
-> az policy remediation create  -a "$assignment_id" --definition-reference-id deployAKSImageIntegrity -n remediation -g ${RESOURCE_GROUP}
+> assignment_id=$(az policy assignment show --name 'deploy-trustedimages' --scope ${SCOPE} --query id -o tsv)
+> az policy remediation create --policy-assignment "$assignment_id" --definition-reference-id deployAKSImageIntegrity --name remediation --resource-group ${RESOURCE_GROUP}
 > ```
 
 ### [Azure portal](#tab/azure-portal)
@@ -218,7 +218,7 @@ If you want to use your own images, see the [guidance for image signing](../cont
 * Disable Image Integrity on your cluster using the [`az aks update`][az-aks-update] command with the `--disable-image-integrity` flag.
 
     ```azurecli-interactive
-    az aks update -g myResourceGroup -n MyManagedCluster --disable-image-integrity
+    az aks update --resource-group myResourceGroup --name MyManagedCluster --disable-image-integrity
     ```
 
 ### Remove policy initiative

articles/aks/reduce-latency-ppg.md

@@ -55,7 +55,7 @@ Accelerated networking greatly improves networking performance of virtual machin
 2. Create a proximity placement group using the [`az ppg create`][az-ppg-create] command. Make sure to note the ID value in the output.
 
     ```azurecli-interactive
-    az ppg create -n myPPG -g myResourceGroup -l centralus -t standard
+    az ppg create --name myPPG --resource-group myResourceGroup --location centralus --type standard
     ```
 
     The command produces an output similar to the following example output, which includes the *ID* value you need for upcoming CLI commands.

articles/aks/use-kms-etcd-encryption.md

@@ -89,7 +89,7 @@ export KEYVAULT_RESOURCE_ID=$(az keyvault create --name MyKeyVault --resource-gr
 Assign yourself permissions to create a key:
 
 ```azurecli-interactive
-az role assignment create --role "Key Vault Crypto Officer" --assignee-object-id $(az ad signed-in-user show --query id --out tsv) --assignee-principal-type "User" --scope $KEYVAULT_RESOURCE_ID
+az role assignment create --role "Key Vault Crypto Officer" --assignee-object-id $(az ad signed-in-user show --query id -o tsv) --assignee-principal-type "User" --scope $KEYVAULT_RESOURCE_ID
 ```
 
 Use `az keyvault key create` to create a key:
@@ -142,7 +142,7 @@ The following sections describe how to assign decrypt and encrypt permissions fo
 If your key vault is not set with  `--enable-rbac-authorization`, you can use `az keyvault set-policy` to create an Azure key vault policy.
 
 ```azurecli-interactive
-az keyvault set-policy -n MyKeyVault --key-permissions decrypt encrypt --object-id $IDENTITY_OBJECT_ID
+az keyvault set-policy --name MyKeyVault --key-permissions decrypt encrypt --object-id $IDENTITY_OBJECT_ID
 ```
 
 #### Assign permissions for an RBAC public key vault
@@ -251,7 +251,7 @@ The following sections describe how to assign decrypt and encrypt permissions fo
 If your key vault is not set with  `--enable-rbac-authorization`, you can use `az keyvault set-policy` to create a key vault policy in Azure:
 
 ```azurecli-interactive
-az keyvault set-policy -n MyKeyVault --key-permissions decrypt encrypt --object-id $IDENTITY_OBJECT_ID
+az keyvault set-policy --name MyKeyVault --key-permissions decrypt encrypt --object-id $IDENTITY_OBJECT_ID
 ```
 
 #### Assign permissions for an RBAC private key vault

articles/aks/use-managed-identity.md

@@ -90,7 +90,7 @@ AKS uses several managed identities for built-in services and add-ons.
 2. Create an AKS cluster using the [`az aks create`][az-aks-create] command.
 
     ```azurecli-interactive
-    az aks create -g myResourceGroup -n myManagedCluster --enable-managed-identity
+    az aks create --resource-group myResourceGroup --name myManagedCluster --enable-managed-identity
     ```
 
 3. Get credentials to access the cluster using the [`az aks get-credentials`][az-aks-get-credentials] command.
@@ -104,7 +104,7 @@ AKS uses several managed identities for built-in services and add-ons.
 To update your existing AKS cluster that's using a service principal to use a system-assigned managed identity, run the [`az aks update`][az-aks-update] command.
 
 ```azurecli-interactive
-az aks update -g myResourceGroup -n myManagedCluster --enable-managed-identity
+az aks update --resource-group myResourceGroup --name myManagedCluster --enable-managed-identity
 ```
 
 After updating your cluster, the control plane and pods use the managed identity. Kubelet continues using a service principal until you upgrade your agentpool. You can use the `az aks nodepool upgrade --resource-group myResourceGroup --cluster-name myAKSCluster --name mynodepool --node-image-only` command on your nodes to update to a managed identity. A node pool upgrade causes downtime for your AKS cluster as the nodes in the node pools are cordoned/drained and reimaged.
@@ -396,7 +396,7 @@ Now you can create your AKS cluster with your existing identities. Make sure to
 1. Confirm your AKS cluster is using the user-assigned managed identity using the [`az aks show`][az-aks-show] command.
 
     ```azurecli-interactive
-    az aks show -g <RGName> -n <ClusterName> --query "servicePrincipalProfile"
+    az aks show --resource-group <RGName> --name <ClusterName> --query "servicePrincipalProfile"
     ```
 
     If your cluster is using a managed identity, the output shows `clientId` with a value of **msi**. A cluster using a service principal shows an object ID. For example:
@@ -410,7 +410,7 @@ Now you can create your AKS cluster with your existing identities. Make sure to
 2. After confirming your cluster is using a managed identity, find the managed identity's resource ID using the [`az aks show`][az-aks-show] command.
 
     ```azurecli-interactive
-    az aks show -g <RGName> -n <ClusterName> --query "identity"
+    az aks show --resource-group <RGName> --name <ClusterName> --query "identity"
     ```
 
     For a user-assigned managed identity, your output should look similar to the following example output:

articles/aks/use-oidc-issuer.md

@@ -34,23 +34,23 @@ In this article, you learn how to create, update, and manage the OIDC Issuer for
 You can create an AKS cluster using the [az aks create][az-aks-create] command with the `--enable-oidc-issuer` parameter to use the OIDC Issuer. The following example creates a cluster named *myAKSCluster* with one node in the *myResourceGroup*:
 
 ```azurecli-interactive
-az aks create -g myResourceGroup -n myAKSCluster --node-count 1 --enable-oidc-issuer
+az aks create --resource-group myResourceGroup --name myAKSCluster --node-count 1 --enable-oidc-issuer
 ```
 
 ## Update an AKS cluster with OIDC Issuer
 
 You can update an AKS cluster using the [az aks update][az-aks-update] command with the `--enable-oidc-issuer` parameter to use the OIDC Issuer. The following example updates a cluster named *myAKSCluster*:
 
 ```azurecli-interactive
-az aks update -g myResourceGroup -n myAKSCluster --enable-oidc-issuer 
+az aks update --resource-group myResourceGroup --name myAKSCluster --enable-oidc-issuer 
 ```
 
 ## Show the OIDC Issuer URL
 
 To get the OIDC Issuer URL, run the [az aks show][az-aks-show] command. Replace the default values for the cluster name and the resource group name.
 
 ```azurecli-interactive
-az aks show -n myAKScluster -g myResourceGroup --query "oidcIssuerProfile.issuerUrl" -otsv
+az aks show --name myAKScluster --resource-group myResourceGroup --query "oidcIssuerProfile.issuerUrl" -o tsv
 ```
 
 By default, the Issuer is set to use the base URL `https://{region}.oic.prod-aks.azure.com`, where the value for `{region}` matches the location the AKS cluster is deployed in.
@@ -60,7 +60,7 @@ By default, the Issuer is set to use the base URL `https://{region}.oic.prod-aks
 To rotate the OIDC key, run the [az aks oidc-issuer][az-aks-oidc-issuer] command. Replace the default values for the cluster name and the resource group name.
 
 ```azurecli-interactive
-az aks oidc-issuer rotate-signing-keys -n myAKSCluster -g myResourceGroup
+az aks oidc-issuer rotate-signing-keys --name myAKSCluster --resource-group myResourceGroup
 ```
 
 > [!IMPORTANT]
@@ -73,7 +73,7 @@ az aks oidc-issuer rotate-signing-keys -n myAKSCluster -g myResourceGroup
 To get the OIDC Issuer URL, run the [az aks show][az-aks-show] command. Replace the default values for the cluster name and the resource group name.
 
 ```azurecli-interactive
-az aks show -n myAKScluster -g myResourceGroup --query "oidcIssuerProfile.issuerUrl" -otsv
+az aks show --name myAKScluster --resource-group myResourceGroup --query "oidcIssuerProfile.issuerUrl" -o tsv
 ```
 
 The output should resemble the following:

articles/aks/use-tags.md

@@ -76,7 +76,7 @@ When you create or update an AKS cluster with the `--tags` parameter, the follow
 2. Verify the tags have been applied to the cluster and its related resources using the [`az aks show`][az-aks-show] command.
 
     ```azurecli-interactive
-    az aks show -g myResourceGroup -n myAKSCluster --query '[tags]'
+    az aks show --resource-group myResourceGroup --name myAKSCluster --query '[tags]'
     ```
 
     The following example output shows the tags applied to the cluster:
@@ -107,7 +107,7 @@ When you create or update an AKS cluster with the `--tags` parameter, the follow
 2. Verify the tags have been applied to the cluster and its related resources using the [`az aks show`][az-aks-show] command.
 
     ```azurecli-interactive
-    az aks show -g myResourceGroup -n myAKSCluster --query '[tags]'
+    az aks show --resource-group myResourceGroup --name myAKSCluster --query '[tags]'
     ```
 
     The following example output shows the tags applied to the cluster:
@@ -147,7 +147,7 @@ When you create or update a node pool with the `--tags` parameter, the tags you
 2. Verify that the tags have been applied to the node pool using the [`az aks show`][az-aks-show] command.
 
     ```azurecli-interactive
-    az aks show -g myResourceGroup -n myAKSCluster --query 'agentPoolProfiles[].{nodepoolName:name,tags:tags}'
+    az aks show --resource-group myResourceGroup --name myAKSCluster --query 'agentPoolProfiles[].{nodepoolName:name,tags:tags}'
     ```
 
     The following example output shows the tags applied to the node pool:
@@ -187,7 +187,7 @@ When you create or update a node pool with the `--tags` parameter, the tags you
 2. Verify the tags have been applied to the node pool using the [`az aks show`][az-aks-show] command.
 
     ```azurecli-interactive
-    az aks show -g myResourceGroup -n myAKSCluster --query 'agentPoolProfiles[].{nodepoolName:name,tags:tags}'
+    az aks show --resource-group myResourceGroup --name myAKSCluster --query 'agentPoolProfiles[].{nodepoolName:name,tags:tags}'
     ```
 
     The following example output shows the tags applied to the node pool: