Merge pull request #107913 from lanicolas/patch-7

Jak-MS · web-flow · commit efb879e9e526 · 2023-04-10T14:44:50.000-07:00
Aligning with Bash style guide
diff --git a/articles/aks/csi-secrets-store-identity-access.md b/articles/aks/csi-secrets-store-identity-access.md
@@ -38,16 +38,16 @@ Azure AD workload identity (preview) is supported on both Windows and Linux clus
 1. Use the Azure CLI `az account set` command to set a specific subscription to be the current active subscription. Then use the `az identity create` command to create a managed identity.
 
     ```azurecli
-    export subscriptionID=<subscription id>
-    export resourceGroupName=<resource group name>
+    export SUBSCRIPTION_ID=<subscription id>
+    export RESOURCE_GROUP=<resource group name>
     export UAMI=<name for user assigned identity>
     export KEYVAULT_NAME=<existing keyvault name>
-    export clusterName=<aks cluster name>
+    export CLUSTER_NAME=<aks cluster name>
     
-    az account set --subscription $subscriptionID
-    az identity create --name $UAMI --resource-group $resourceGroupName
-    export USER_ASSIGNED_CLIENT_ID="$(az identity show -g $resourceGroupName --name $UAMI --query 'clientId' -o tsv)"
-    export IDENTITY_TENANT=$(az aks show --name $clusterName --resource-group $resourceGroupName --query identity.tenantId -o tsv)
+    az account set --subscription $SUBSCRIPTION_ID
+    az identity create --name $UAMI --resource-group $RESOURCE_GROUP
+    export USER_ASSIGNED_CLIENT_ID="$(az identity show -g $RESOURCE_GROUP --name $UAMI --query 'clientId' -o tsv)"
+    export IDENTITY_TENANT=$(az aks show --name $CLUSTER_NAME --resource-group $RESOURCE_GROUP --query identity.tenantId -o tsv)
     ```
 
 2. You need to set an access policy that grants the workload identity permission to access the Key Vault secrets, access keys, and certificates. The rights are assigned using the `az keyvault set-policy` command shown below.
@@ -61,7 +61,7 @@ Azure AD workload identity (preview) is supported on both Windows and Linux clus
 3. Run the [az aks show][az-aks-show] command to get the AKS cluster OIDC issuer URL.
 
     ```bash
-    export AKS_OIDC_ISSUER="$(az aks show --resource-group $resourceGroupName --name $clusterName --query "oidcIssuerProfile.issuerUrl" -o tsv)"
+    export AKS_OIDC_ISSUER="$(az aks show --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME --query "oidcIssuerProfile.issuerUrl" -o tsv)"
     echo $AKS_OIDC_ISSUER
     ```
 
@@ -72,8 +72,8 @@ Azure AD workload identity (preview) is supported on both Windows and Linux clus
 4. Establish a federated identity credential between the Azure AD application and the service account issuer and subject. Get the object ID of the Azure AD application. Update the values for `serviceAccountName` and `serviceAccountNamespace` with the Kubernetes service account name and its namespace.
 
     ```bash
-    export serviceAccountName="workload-identity-sa"  # sample name; can be changed
-    export serviceAccountNamespace="default" # can be changed to namespace of your workload
+    export SERVICE_ACCOUNT_NAME="workload-identity-sa"  # sample name; can be changed
+    export SERVICE_ACCOUNT_NAMESPACE="default" # can be changed to namespace of your workload
     
     cat <<EOF | kubectl apply -f -
     apiVersion: v1
@@ -83,16 +83,16 @@ Azure AD workload identity (preview) is supported on both Windows and Linux clus
         azure.workload.identity/client-id: ${USER_ASSIGNED_CLIENT_ID}
       labels:
         azure.workload.identity/use: "true"
-      name: ${serviceAccountName}
-      namespace: ${serviceAccountNamespace}
+      name: ${SERVICE_ACCOUNT_NAME}
+      namespace: ${SERVICE_ACCOUNT_NAMESPACE}
     EOF
     ```
 
     Next, use the [az identity federated-credential create][az-identity-federated-credential-create] command to create the federated identity credential between the Managed Identity, the service account issuer, and the subject. 
 
     ```bash
-    export federatedIdentityName="aksfederatedidentity" # can be changed as needed
-    az identity federated-credential create --name $federatedIdentityName --identity-name $UAMI --resource-group $resourceGroupName --issuer ${AKS_OIDC_ISSUER} --subject system:serviceaccount:${serviceAccountNamespace}:${serviceAccountName}
+    export FEDERATED_IDENTITY_NAME="aksfederatedidentity" # can be changed as needed
+    az identity federated-credential create --name $FEDERATED_IDENTITY_NAME --identity-name $UAMI --resource-group $RESOURCE_GROUP --issuer ${AKS_OIDC_ISSUER} --subject system:serviceaccount:${SERVICE_ACCOUNT_NAMESPACE}:${SERVICE_ACCOUNT_NAME}
     ```
 5. Deploy a `SecretProviderClass` by using the following YAML script, noticing that the variables will be interpolated:
 
@@ -138,7 +138,7 @@ Azure AD workload identity (preview) is supported on both Windows and Linux clus
     metadata:
       name: busybox-secrets-store-inline-user-msi
     spec:
-      serviceAccountName: ${serviceAccountName}
+      serviceAccountName: ${SERVICE_ACCOUNT_NAME}
       containers:
         - name: busybox
           image: k8s.gcr.io/e2e-test-images/busybox:1.29-1
