update docs on azure

somtochiama · somtochiama · commit 78e214555930 · 2023-07-14T09:56:16.000+01:00
Signed-off-by: Somtochi Onyekwere &lt;somtochionyekwere@gmail.com&gt;
diff --git a/docs/spec/v1beta2/helmrepositories.md b/docs/spec/v1beta2/helmrepositories.md
@@ -224,15 +224,21 @@ to the IAM role when using IRSA.
 
 #### Azure
 
-The `azure` provider can be used to authenticate automatically using kubelet managed
-identity or Azure Active Directory pod-managed identity (aad-pod-identity), and 
+The `azure` provider can be used to authenticate automatically using Workload Identity, Kubelet Managed
+Identity or Azure Active Directory pod-managed identity (aad-pod-identity), andq
 by extension gain access to ACR.
 
 ##### Kubelet Managed Identity
 
 When the kubelet managed identity has access to ACR, source-controller running on 
 it will also have access to ACR.
 
+*Note*: If you have more than one identity configured on the cluster, you have to specify which one to use
+by setting the `AZURE_CLIENT_ID` variable in the source-controller pod.
+
+If you are running into further issues, please look at the
+[troubleshooting guide](https://github.com/Azure/azure-sdk-for-go/blob/main/sdk/azidentity/TROUBLESHOOTING.md#azure-virtual-machine-managed-identity)
+
 ##### Azure Workload Identity
 
 When using Workload Identity to enable access to ACR, add the following patch to
@@ -270,13 +276,15 @@ patches:
               azure.workload.identity/use: "true"
 ```
 
-To use Workload Identity, you have to install the Workload Identity
-mutating webhook and create an identity that has access to ACR. Next, establish
+To use Workload Identity, the Workload Identity mutating webhook has to be installed on your cluster and
+you have to create an identity that has access to ACR. Next, establish
 a federated identity between the source-controller ServiceAccount and the
 identity. Patch the source-controller Pod and ServiceAccount as shown in the patch
 above. Please take a look at this [guide](https://azure.github.io/azure-workload-identity/docs/quick-start.html#6-establish-federated-identity-credential-between-the-identity-and-the-service-account-issuer--subject).
 
-##### AAD Pod Identity
+##### Deprecated:  AAD Pod Identity
+
+**Note:** AAD Pod Identity will be archived in September 2023, and you are advised to use Workload Identity instead.
 
 When using aad-pod-identity to enable access to ACR, add the following patch to
 your bootstrap repository, in the `flux-system/kustomization.yaml` file:
