managed identity role note

JnHs · JnHs · commit facf0b2f40d7 · 2023-03-15T10:37:48.000-07:00
diff --git a/articles/azure-arc/kubernetes/conceptual-gitops-flux2.md b/articles/azure-arc/kubernetes/conceptual-gitops-flux2.md
@@ -1,7 +1,7 @@
 ---
 title: "GitOps Flux v2 configurations with AKS and Azure Arc-enabled Kubernetes"
 description: "This article provides a conceptual overview of GitOps in Azure for use in Azure Arc-enabled Kubernetes and Azure Kubernetes Service (AKS) clusters."
-ms.date: 02/07/2023
+ms.date: 03/14/2023
 ms.topic: conceptual
 ms.custom: devx-track-azurecli
 ---
@@ -364,6 +364,9 @@ If you use a `azblob` source, here are the blob-specific command arguments.
 | `--sas_token` | String | The Azure Blob SAS Token for authentication |
 | `--mi_client_id` | String | The client ID of the managed identity for authentication with Azure Blob |
 
+> [!IMPORTANT]
+> When using managed identity authentication for AKS clusters, the `Storage Blob Contributor` role is assigned to the managed identity. Authentication using a managed identity is not yet available for Azure Arc0enabled Kubernetes clusters.
+
 ### Local secret for authentication with source
 
 You can use a local Kubernetes secret for authentication with a `git`, `bucket` or `azBlob` source.  The local secret must contain all of the authentication parameters needed for the source and must be created in the same namespace as the Flux configuration.
