diff --git a/docs/features/azure-iam/index.mdx b/docs/features/azure-iam/index.mdx index 0f57c210f..1199d69e2 100644 --- a/docs/features/azure-iam/index.mdx +++ b/docs/features/azure-iam/index.mdx @@ -10,15 +10,15 @@ import DocsLinkCard from "@site/src/components/LinkCard"; export const tutorials = [ { title: 'Automate Azure IAM for AKS', - description: 'Create just-in-time Azure managed identities & role assignments that are kept in sync with your workloads', - url: '/features/azure-iam/tutorials/azure-iam-eks' // TODO + description: 'Create just-in-time Azure workload identities & role assignments that are kept in sync with your workloads', + url: '/features/azure-iam/tutorials/azure-iam-aks' }, ]; # Azure IAM -Otterize can create just-in-time Azure IAM workload identities & role assignments for your workloads running on AKS Kubernetes clusters, greatly simplifying the lifecycle of managing IAM identities and roles. +Otterize can create just-in-time Azure IAM workload identities & role assignments for your workloads running on AKS Kubernetes clusters, greatly simplifying the lifecycle of managing Azure IAM identities and roles. ### Tutorials @@ -28,9 +28,9 @@ To learn how to use the Intents Operator and Credentials Operator to manage just ### How does Otterize work with Azure IAM? -1. First, the EKS cluster must have [Otterize installed](/overview/installation), as well as the [Otterize Azure integration](TODO) configured -2. To have a managed identity created for a pod, label the pod with `credentials-operator.otterize.com/create-azure-workload-identity: "true"` -3. The credentials operator will create an Azure managed identity and federated identity credential bound to the pod's ServiceAccount. The ServiceAccount will be annotated automatically. +1. First, the AKS cluster must have [Otterize installed](/overview/installation), as well as the Otterize Azure integration configured. +2. To have a workload identity created for a pod, label the pod with `credentials-operator.otterize.com/create-azure-workload-identity: "true"` +3. The credentials operator will create an Azure workload identity and federated identity credential bound to the pod's ServiceAccount. The ServiceAccount will be annotated automatically. 4. At this point, the pod is able to assume the identity, but it does not have the permissions to perform any actions. We will need to create a ClientIntents YAML for the access the service requires and apply it to our cluster. Below is an example of a ClientIntents file for accessing an Azure Storage Blobs bucket. diff --git a/docs/features/azure-iam/tutorials/azure-iam-aks.mdx b/docs/features/azure-iam/tutorials/azure-iam-aks.mdx index f6070595d..6f8876d19 100644 --- a/docs/features/azure-iam/tutorials/azure-iam-aks.mdx +++ b/docs/features/azure-iam/tutorials/azure-iam-aks.mdx @@ -201,16 +201,7 @@ kubectl get serviceaccount -n otterize-tutorial-azure-iam client -o yaml [//]: # (TODO: update me) ```yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - # highlight-next-line - eks.amazonaws.com/role-arn: - # highlight-next-line - arn:aws:iam::353146681200:role/otr-otterize-tutorial-azure-iam.server@otterize-iam-eks-tutoria-ef91a7 - name: server - namespace: otterize-tutorial-azure-iam +TODO ``` @@ -238,13 +229,7 @@ kubectl logs -f -n otterize-tutorial-azure-iam deploy/client [//]: # (# TODO: output) ```json -{ - # highlight-next-line - "status":200, - "host":"server", - "method":"POST", - "uri":"/upload" -} +TODO ``` ### What's next?