Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused.
Your application is using the DefaultAzureCredentials class that is getting token for authentication for CosmosDB. According to the article you linked in the question, this has nothing to do with with AKS Provisioning or management.
AKS Cluster will be provisioned separately and is recommended to use a separate Managed Identity/Service Principle to isolate access permissions to your CosmosDB and AKS.
Please check this document for best practices around this.
Also, from your original post here, for your ask:
- Now if I want my kubernetes replica set webapp to have access to this cosmos DB do I have to create the Kubernetes cluster with this service principal internal to this newly created managed identity?
NO, you don't need to.
Some SME's from Cosmos or Identity area should be able to clarify this further.
Hope this helps.
Please 'Accept as answer' if the provided information is helpful, so that it can help others in the community looking for help on similar topics.