mirror of https://github.com/dapr/docs.git
Update azure-keyvault-managed-identity.md (#952)
* Fix some typos * Improve text style
This commit is contained in:
parent
904c3d31c8
commit
a3ebcc715d
|
@ -30,7 +30,7 @@ description: How to configure Azure Key Vault and Kubernetes to use Azure Manage
|
|||
|
||||
3. Create the managed identity(Optional)
|
||||
|
||||
This step is required only if the AKS Cluster is provisoned without the flag "--enable-managed-identity". If the cluster is provisioned with manahed identity, than is suggested to use the autogenerated managed identity that is associated to the Resource Group MC_*.
|
||||
This step is required only if the AKS Cluster is provisoned without the flag "--enable-managed-identity". If the cluster is provisioned with a managed identity, then it is suggested to use the autogenerated managed identity that is associated to the Resource Group MC_*.
|
||||
|
||||
```bash
|
||||
$identity = az identity create -g [your resource group] -n [you managed identity name] -o json | ConvertFrom-Json
|
||||
|
@ -45,7 +45,7 @@ description: How to configure Azure Key Vault and Kubernetes to use Azure Manage
|
|||
|
||||
4. Retrieve Managed Identity ID
|
||||
|
||||
The two main scenario are:
|
||||
The two main scenarios are:
|
||||
- Service Principal, in this case the Resource Group is the one in which is deployed the AKS Service Cluster
|
||||
|
||||
```bash
|
||||
|
@ -67,7 +67,9 @@ description: How to configure Azure Key Vault and Kubernetes to use Azure Manage
|
|||
```
|
||||
|
||||
6. Assign the Managed Identity Operator role to the AKS Service Principal
|
||||
Refer to previous step about the Resource Group to use and which identity to assign
|
||||
|
||||
Refer to the previous step about the Resource Group to use and which identity to assign.
|
||||
|
||||
```bash
|
||||
az role assignment create --role "Managed Identity Operator" --assignee $clientId --scope /subscriptions/[your subscription id]/resourcegroups/[your resource group]
|
||||
|
||||
|
@ -124,7 +126,7 @@ In Kubernetes mode, you store the certificate for the service principal into the
|
|||
|
||||
1. Create azurekeyvault.yaml component file
|
||||
|
||||
The component yaml uses the name of your key vault and the Cliend ID of the managed identity to setup the secret store.
|
||||
The component yaml uses the name of your key vault and the Client ID of the managed identity to setup the secret store.
|
||||
|
||||
```yaml
|
||||
apiVersion: dapr.io/v1alpha1
|
||||
|
@ -148,10 +150,10 @@ In Kubernetes mode, you store the certificate for the service principal into the
|
|||
```
|
||||
|
||||
## References
|
||||
- [Azure CLI Keyvault CLI](https://docs.microsoft.com/en-us/cli/azure/keyvault?view=azure-cli-latest#az-keyvault-create)
|
||||
- [Azure CLI Key Vault CLI](https://docs.microsoft.com/en-us/cli/azure/keyvault?view=azure-cli-latest#az-keyvault-create)
|
||||
- [Create an Azure service principal with Azure CLI](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest)
|
||||
- [AAD Pod Identity](https://github.com/Azure/aad-pod-identity)
|
||||
- [Secrets building block]({{< ref secrets >}})
|
||||
- [How-To: Retreive a secret]({{< ref "howto-secrets.md" >}})
|
||||
- [How-To: Reference secrets in Dapr components]({{< ref component-secrets.md >}})
|
||||
- [Secrets API reference]({{< ref secrets_api.md >}})
|
||||
- [Secrets API reference]({{< ref secrets_api.md >}})
|
||||
|
|
Loading…
Reference in New Issue