Skip to content

Commit 594b616

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #16842 from leslielin-5/patch-25
Update workload-identity.md
2 parents c04b13e + b7d26d4 commit 594b616

File tree

1 file changed

+21
-4
lines changed

1 file changed

+21
-4
lines changed

AKS-Arc/workload-identity.md

Lines changed: 21 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,8 @@ description: Learn how to deploy and configure an AKS Arc cluster with workload
44
author: sethmanheim
55
ms.author: sethm
66
ms.topic: how-to
7-
ms.date: 11/08/2024
7+
ms.date: 01/23/2025
8+
ms.reviewer: leslielin
89

910
---
1011

@@ -167,16 +168,32 @@ $MSIPrincipalId=$(az identity show --resource-group $resource_group_name --name
167168

168169
### Create a Kubernetes service account
169170

170-
Create a Kubernetes service account and annotate it with the client ID of the managed identity created in the previous step:
171+
In this step, you create a Kubernetes service account and annotate it with the client ID of the managed identity you created in the previous step.
172+
173+
Use cluster connect to access your cluster from a client device. For more information, see [Access your cluster from a client device](/azure/azure-arc/kubernetes/cluster-connect?tabs=azure-cli%2Cagent-version#access-your-cluster-from-a-client-device):
171174

172175
```azurecli
173176
az connectedk8s proxy -n $aks_cluster_name -g $resource_group_name
174177
```
175178

176-
Open a new window. Copy and paste the following CLI commands:
179+
Open a new CLI command window. Copy and paste the following commands:
177180

178181
```azurecli
179-
$yaml = @" apiVersion: v1 kind: ServiceAccount metadata: annotations: azure.workload.identity/client-id: $MSIId name: $SERVICE_ACCOUNT_NAME namespace: $SERVICE_ACCOUNT_NAMESPACE "@ $yaml = $yaml -replace '\$MSIId', $MSIId ` -replace '\$SERVICE_ACCOUNT_NAME', $SERVICE_ACCOUNT_NAME ` -replace '\$SERVICE_ACCOUNT_NAMESPACE', $SERVICE_ACCOUNT_NAMESPACE $yaml | kubectl apply -f -
182+
$yaml = @"
183+
apiVersion: v1
184+
kind: ServiceAccount
185+
metadata:
186+
annotations:
187+
azure.workload.identity/client-id: $MSIId
188+
name: $SERVICE_ACCOUNT_NAME
189+
namespace: $SERVICE_ACCOUNT_NAMESPACE
190+
"@
191+
192+
$yaml = $yaml -replace '\$MSIId', $MSIId `
193+
-replace '\$SERVICE_ACCOUNT_NAME', $SERVICE_ACCOUNT_NAME `
194+
-replace '\$SERVICE_ACCOUNT_NAMESPACE', $SERVICE_ACCOUNT_NAMESPACE
195+
196+
$yaml | kubectl apply -f -
180197
```
181198

182199
The following output shows successful creation of the service account:

0 commit comments

Comments
 (0)