Update azure-keyvault-managed-identity.md (#952)

* Fix some typos
* Improve text style
This commit is contained in:
Michaël Hompus 2020-11-28 16:35:46 +01:00 committed by GitHub
parent 904c3d31c8
commit a3ebcc715d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 6 deletions

View File

@ -30,7 +30,7 @@ description: How to configure Azure Key Vault and Kubernetes to use Azure Manage
3. Create the managed identity(Optional)
This step is required only if the AKS Cluster is provisoned without the flag "--enable-managed-identity". If the cluster is provisioned with manahed identity, than is suggested to use the autogenerated managed identity that is associated to the Resource Group MC_*.
This step is required only if the AKS Cluster is provisoned without the flag "--enable-managed-identity". If the cluster is provisioned with a managed identity, then it is suggested to use the autogenerated managed identity that is associated to the Resource Group MC_*.
```bash
$identity = az identity create -g [your resource group] -n [you managed identity name] -o json | ConvertFrom-Json
@ -45,7 +45,7 @@ description: How to configure Azure Key Vault and Kubernetes to use Azure Manage
4. Retrieve Managed Identity ID
The two main scenario are:
The two main scenarios are:
- Service Principal, in this case the Resource Group is the one in which is deployed the AKS Service Cluster
```bash
@ -67,7 +67,9 @@ description: How to configure Azure Key Vault and Kubernetes to use Azure Manage
```
6. Assign the Managed Identity Operator role to the AKS Service Principal
Refer to previous step about the Resource Group to use and which identity to assign
Refer to the previous step about the Resource Group to use and which identity to assign.
```bash
az role assignment create --role "Managed Identity Operator" --assignee $clientId --scope /subscriptions/[your subscription id]/resourcegroups/[your resource group]
@ -124,7 +126,7 @@ In Kubernetes mode, you store the certificate for the service principal into the
1. Create azurekeyvault.yaml component file
The component yaml uses the name of your key vault and the Cliend ID of the managed identity to setup the secret store.
The component yaml uses the name of your key vault and the Client ID of the managed identity to setup the secret store.
```yaml
apiVersion: dapr.io/v1alpha1
@ -148,10 +150,10 @@ In Kubernetes mode, you store the certificate for the service principal into the
```
## References
- [Azure CLI Keyvault CLI](https://docs.microsoft.com/en-us/cli/azure/keyvault?view=azure-cli-latest#az-keyvault-create)
- [Azure CLI Key Vault CLI](https://docs.microsoft.com/en-us/cli/azure/keyvault?view=azure-cli-latest#az-keyvault-create)
- [Create an Azure service principal with Azure CLI](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest)
- [AAD Pod Identity](https://github.com/Azure/aad-pod-identity)
- [Secrets building block]({{< ref secrets >}})
- [How-To: Retreive a secret]({{< ref "howto-secrets.md" >}})
- [How-To: Reference secrets in Dapr components]({{< ref component-secrets.md >}})
- [Secrets API reference]({{< ref secrets_api.md >}})
- [Secrets API reference]({{< ref secrets_api.md >}})