incorporate review comments

Signed-off-by: Ashutosh Kumar <[email protected]>
kubernetes-sigs · Aug 7, 2023 · aaf8917 · aaf8917
1 parent 3fa301b
commit aaf8917
Showing 1 changed file with 7 additions and 10 deletions.
diff --git a/docs/book/src/topics/workload-identity.md b/docs/book/src/topics/workload-identity.md
@@ -24,7 +24,8 @@ $openssl genrsa -out sa.key 2048
 ```
 
 Set the environment variable `SERVICE_ACCOUNT_SIGNING_KEY_FILE` to the path of the
-generated `sa.key`. This ENV var will be used in the upcoming step.
+generated `sa.key`. This ENV var will be used in the upcoming step. 
+Note: You can use `readlink -f sa.key` to get the absolute path of the key file.
 
 Generate a public key using the private key.
 ```bash
@@ -46,12 +47,11 @@ generated `sa.pub`. This ENV var will be used in the upcoming step.
     - `SERVICE_ACCOUNT_NAME` : Name of the capz-manager k8s service account.
     - `SERVICE_ACCOUNT_ISSUER` : This is the path of the azure storage
       container which you created in the previous step which is:
-      `"https://${AZURE_STORAGE_ACCOUNT}.blob.core. windows.net/${AZURE_STORAGE_CONTAINER}/"`
+      `"https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_STORAGE_CONTAINER}/"`
 
   - Create a federated identity credential using the steps outlined [here](https://azure.github.io/azure-workload-identity/docs/topics/federated-identity-credential.html)
 
-- Create a Kind cluster with necessary flags. You can use the following kind 
-  command to do that.
+- Create a Kind cluster with necessary flags with the following command:
 
 ```bash
 cat <<EOF | kind create cluster --name azure-workload-identity --config=-
@@ -114,12 +114,11 @@ export AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE="default"
 - Generate a workload cluster template using the following command.
 
 ```bash
-$ clusterctl generate cluster azwi-quickstart --kubernetes-version v1.27.3 >
-azwi-quickstart.yaml
+$ clusterctl generate cluster azwi-quickstart --kubernetes-version v1.27.3 >azwi-quickstart.yaml
 ```
 
 - Edit the generated `azwi-quickstart.yaml` to make following changes for
-  workload identity.
+  workload identity in `AzureClusterIdentity` object.
   - Change the type to `WorkloadIdentity`.
   - Remove the `clientSecret` spec.
 
@@ -128,7 +127,7 @@ The AzureClusterIdentity specification should like the following.
 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
 kind: AzureClusterIdentity
 metadata:
-  name: awzi-quickstart
+  name: cluster-identity
 spec:
   type: WorkloadIdentity
   allowedNamespaces: {}
@@ -162,8 +161,6 @@ spec:
       - providerID: /subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${CI_RG:=capz-ci}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/${USER_IDENTITY:=cloud-provider-user-identity}
       vmSize: ${AZURE_NODE_MACHINE_TYPE}
 ```
-- Do not forget to change the AzureClusterIdentity reference name in 
-  `AzureCluster` object in `identityRef` section. 
 
 - At this stage, you can apply this yaml to create a workload cluster.