diff --git a/.github/workflows/markdown-link-check.yaml b/.github/workflows/markdown-link-check.yaml
deleted file mode 100644
index 97e86ef13..000000000
--- a/.github/workflows/markdown-link-check.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-name: Check Markdown links
-
-on:
- push:
- branches:
- - master
- pull_request:
- branches:
- - master
- schedule:
- - cron: '0 0 * * *'
-
-permissions:
- contents: read
-
-jobs:
- markdown-link-check:
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v2
- # pinning to the sha 9710f0fec812ce0a3b98bef4c9d842fc1f39d976 from https://github.com/gaurav-nelson/github-action-markdown-link-check/releases/tag/1.0.13
- - uses: gaurav-nelson/github-action-markdown-link-check@9710f0fec812ce0a3b98bef4c9d842fc1f39d976
- with:
- # this will only show errors in the output
- use-quiet-mode: 'yes'
- # this will show detailed HTTP status for checked links
- use-verbose-mode: 'yes'
- folder-path: 'website'
- file-path: './README.md'
diff --git a/docs/remote-devcontainer.md b/docs/remote-devcontainer.md
index b5f1311c2..b0f7a969a 100644
--- a/docs/remote-devcontainer.md
+++ b/docs/remote-devcontainer.md
@@ -32,17 +32,17 @@ The [VS Code Remote Container Extension](https://code.visualstudio.com/docs/remo
1. Open up the project in VS Code.
2. In the bottom-left corner of VS Code click on the remote window icon as shown below:
- 
+ 
3. Select `Remote-Containers: Reopen in Container` from the drop-down list
- 
+ 
4. The Azure Key Vault Provider should now be opened inside a Remote Container!
- In the bottom-left you should see the tag updated to show: `Dev Container: Secrets Store CSI Driver Provider Azure`
- Open the [integrated terminal](https://code.visualstudio.com/docs/editor/integrated-terminal) with `ctrl + `\`.
- You can open up a bash shell in the container such as shown below:
- 
+ 
Your Environment is now set up using the VS Code Remote Devcontainer Extension.
diff --git a/examples/kind/README.md b/examples/kind/README.md
index b56df8362..32a13146d 100644
--- a/examples/kind/README.md
+++ b/examples/kind/README.md
@@ -12,9 +12,9 @@
- Follow the [instructions](https://azure.github.io/secrets-store-csi-driver-provider-azure/configurations/identity-access-modes/service-principal-mode/) to set up Service Principal and give it access to Azure Key Vault. Keep `ClientID` and `ClientSecret` of the Service Principal handy.
-- Copy [v1_secretproviderclass.yaml](https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/examples/service-principal/v1alpha1_secretproviderclass_service_principal.yaml) and [pod-inline-volume-service-principal.yaml](https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/examples/service-principal/pod-inline-volume-service-principal.yaml) to this directory.
+- Copy [v1alpha1_secretproviderclass.yaml](https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/examples/service-principal/v1alpha1_secretproviderclass_service_principal.yaml) and [pod-secrets-store-inline-volume-secretproviderclass.yaml](https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/examples/service-principal/pod-secrets-store-inline-volume-secretproviderclass.yaml) to this directory.
-- Update `v1_secretproviderclass.yaml` to provide keyvault name and keyvault resources to fetch.
+- Update `v1alpha1_secretproviderclass.yaml` to provide keyvault name and keyvault resources to fetch.
```yaml
cloudName: 'AzurePublicCloud' # [OPTIONAL available for version > 0.0.4] if not provided, azure environment will default to AzurePublicCloud
diff --git a/website/README.md b/website/README.md
index 3eba1e463..016f62926 100644
--- a/website/README.md
+++ b/website/README.md
@@ -14,7 +14,7 @@ Before making your first contribution, make sure to review the [Contributing Gui
The Azure Key Vault Provider for Secrets Store CSI Driver docs are built using [Hugo](https://gohugo.io/) with the [Docsy](https://docsy.dev) theme, hosted using [GitHub Pages](https://pages.github.com/).
-The [website](./) directory contains the hugo project, markdown files, and theme configurations.
+The [website](./website) directory contains the hugo project, markdown files, and theme configurations.
## Pre-requisites
@@ -24,49 +24,36 @@ The [website](./) directory contains the hugo project, markdown files, and theme
## Environment setup
1. Ensure pre-requisites are installed
-1. Clone this repository
-
+2. Clone this repository
```sh
git clone https://github.com/Azure/secrets-store-csi-driver-provider-azure.git
```
-
-1. Change to website directory
-
+3. Change to website directory:
```sh
cd website
```
-
-1. Add Docsy submodule
-
+4. Add Docsy submodule:
```sh
git submodule add https://github.com/google/docsy.git themes/docsy
```
-
-1. Update submodules
-
+5. Update submodules:
```sh
git submodule update --init --recursive
```
-
-1. Install npm packages
-
+6. Install npm packages:
```sh
npm install
```
## Run local server
-
1. Make sure you're still in the `website` directory
-1. Start the local server
-
+2. Run
```sh
hugo server --disableFastRender
```
-
-1. Navigate to `http://localhost:1313/docs`
+3. Navigate to `http://localhost:1313/docs`
## Update docs
-
1. Create new branch
1. Commit and push changes to content
1. Submit pull request to `master`
diff --git a/website/content/en/configurations/identity-access-modes/_index.md b/website/content/en/configurations/identity-access-modes/_index.md
index a50aca36e..e7330f3ab 100644
--- a/website/content/en/configurations/identity-access-modes/_index.md
+++ b/website/content/en/configurations/identity-access-modes/_index.md
@@ -8,11 +8,10 @@ description: >
---
## Best Practices
-
Following order of access modes is recommended for Secret Store CSI driver AKV provider:
-| Access Option | Comment |
-| ------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Pod Identity | This is the most secure way to get access to Azure resources (AKV in this case) as it uses the managed identity bound to the Pod. |
-| Managed Identities (System-assigned and User-assigned) | Managed identities eliminate the need for developers to manage credentials. Managed identities provide an identity for applications to use when connecting to Azure Keyvault. |
-| Service Principal | This is the last option to consider while connecting to AKV as access credentials need to be created as Kubernetes Secret and stored in plain text in etcd.
Also, this is the only option to connect to Azure resources from non Azure environment/cluster. |
+| Access Option | Comment |
+|--- |--- |
+| Pod Identity | This is the most secure way to get access to Azure resources (AKV in this case) as it uses the managed identity bound to the Pod. |
+| Managed Identities (System-assigned and User-assigned) | Managed identities eliminate the need for developers to manage credentials. Managed identities provide an identity for applications to use when connecting to Azure Keyvault. |
+| Service Principal | This is the last option to consider while connecting to AKV as access credentials need to be created as Kubernetes Secret and stored in plain text in etcd.
Also, this is the only option to connect to Azure resources from non Azure environment/cluster. |
\ No newline at end of file
diff --git a/website/content/en/configurations/ingress-tls.md b/website/content/en/configurations/ingress-tls.md
index 8a38ee46b..6830f81b5 100644
--- a/website/content/en/configurations/ingress-tls.md
+++ b/website/content/en/configurations/ingress-tls.md
@@ -47,11 +47,11 @@ helm repo add csi-secrets-store-provider-azure https://raw.githubusercontent.com
helm install csi csi-secrets-store-provider-azure/csi-secrets-store-provider-azure --set secrets-store-csi-driver.syncSecret.enabled=true
```
-Refer to [installation](../getting-started/installation/_index.md) for more details and validation.
+Refer to [installation](../../getting-started/installation) for more details and validation.
### Optional: Deploy AAD Pod Identity
-If using AAD pod identity to access Azure Keyvault, make sure it is [configured properly](https://azure.github.io/aad-pod-identity/docs/demo/standard_walkthrough/) in the cluster. Refer to [doc](../configurations/identity-access-modes/pod-identity-mode.md) on how to use AAD Pod identity to access keyvault.
+If using AAD pod identity to access Azure Keyvault, make sure it is [configured properly](https://azure.github.io/aad-pod-identity/docs/demo/standard_walkthrough/) in the cluster. Refer to [doc](../identity-access-modes/pod-identity-mode) on how to use AAD Pod identity to access keyvault.
```bash
export AAD_POD_IDENTITY_NAME=azure-kv
@@ -68,10 +68,10 @@ kubectl create ns $NAMESPACE
### Create the SecretProviderClass
-* To provide identity to access key vault, refer to the following [section](../configurations/identity-access-modes/_index.md).
+* To provide identity to access key vault, refer to the following [section](../identity-access-modes).
* Set the `tenantId` and `keyvaultName`
* If using **AAD pod identity** to access Azure Key Vault - set `usePodIdentity: "true"`
-* Use `objectType: secret` for the certificate, as this is the only way to retrieve the certificate and private key from azure key vault as documented [here](../configurations/getting-certs-and-keys.md)
+* Use `objectType: secret` for the certificate, as this is the only way to retrieve the certificate and private key from azure key vault as documented [here](../getting-certs-and-keys)
* Set secret type to `kubernetes.io/tls`
```bash
@@ -162,7 +162,7 @@ controller:
EOF
```
-If not using [service principal mode](../configurations/identity-access-modes/service-principal-mode.md), remove the following snippet from the script:
+If not using [service principal mode](../identity-access-modes/service-principal-mode), remove the following snippet from the script:
```bash
nodePublishSecretRef:
@@ -200,7 +200,7 @@ Depending on the TLS certificate lifecycle, follow one of the following steps:
name: secrets-store-creds
```
-If not using [service principal mode](../configurations/identity-access-modes/service-principal-mode.md), remove the following snippet from [deployment-app-one.yaml](https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/docs/sample/ingress-controller-tls/deployment-app-one.yaml) and [deployment-app-two.yaml](https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/docs/sample/ingress-controller-tls/deployment-app-two.yaml)
+If not using [service principal mode](../identity-access-modes/service-principal-mode), remove the following snippet from [deployment-app-one.yaml](https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/docs/sample/ingress-controller-tls/deployment-app-one.yaml) and [deployment-app-two.yaml](https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/docs/sample/ingress-controller-tls/deployment-app-two.yaml)
```yaml
nodePublishSecretRef:
diff --git a/website/content/en/demos/standard-walkthrough/_index.md b/website/content/en/demos/standard-walkthrough/_index.md
index 04ed54d2d..39b6428dd 100644
--- a/website/content/en/demos/standard-walkthrough/_index.md
+++ b/website/content/en/demos/standard-walkthrough/_index.md
@@ -31,7 +31,7 @@ helm repo add csi-secrets-store-provider-azure https://raw.githubusercontent.com
helm install csi csi-secrets-store-provider-azure/csi-secrets-store-provider-azure
```
-Refer to [installation](../../getting-started/installation/_index.md) for more details and validation.
+Refer to [installation](../../getting-started/installation) for more details and validation.
### 2. Create Keyvault and set secrets
@@ -52,7 +52,7 @@ az keyvault secret set --vault-name ${KEYVAULT_NAME} --name secret1 --value "Hel
Refer to [Identity Access Modes](../../configurations/identity-access-modes) to see the list of supported modes for accessing the Key Vault instance.
-In this walkthrough, we will be using the [Service Principal](../../configurations/identity-access-modes/service-principal-mode.md) auth mode for accessing the Key Vault instance we just created.
+In this walkthrough, we will be using the [Service Principal](../../configurations/identity-access-modes/service-principal-mode) auth mode for accessing the Key Vault instance we just created.
```bash
# Create a service principal to access keyvault
diff --git a/website/content/en/getting-started/installation/_index.md b/website/content/en/getting-started/installation/_index.md
index fd141fe1d..b658897f0 100644
--- a/website/content/en/getting-started/installation/_index.md
+++ b/website/content/en/getting-started/installation/_index.md
@@ -45,7 +45,7 @@ helm install csi csi-secrets-store-provider-azure/csi-secrets-store-provider-azu
The helm charts hosted in [Azure/secrets-store-csi-driver-provider-azure](https://github.com/Azure/secrets-store-csi-driver-provider-azure/tree/master/charts/csi-secrets-store-provider-azure) repo include the Secrets Store CSI Driver helm charts as a dependency. Running the above `helm install` command will install both the Secrets Store CSI Driver and Azure Key Vault provider.
-> Refer to [doc](../../configurations/deploy-in-openshift.md) for installing the Azure Key Vault Provider for Secrets Store CSI Driver on Azure RedHat OpenShift (ARO)
+> Refer to [doc](../../configurations/deploy-in-openshift) for installing the Azure Key Vault Provider for Secrets Store CSI Driver on Azure RedHat OpenShift (ARO)
##### Values
@@ -134,7 +134,7 @@ If you deployed the Secrets Store CSI Driver and Azure Key Vault provider using
helm delete
```
-> Refer to [doc](../../configurations/deploy-in-openshift.md) to uninstall the Azure Key Vault Provider for Secrets Store CSI Driver on Azure RedHat OpenShift (ARO)
+> Refer to [doc](../../configurations/deploy-in-openshift) to uninstall the Azure Key Vault Provider for Secrets Store CSI Driver on Azure RedHat OpenShift (ARO)
##### Using deployment yamls
diff --git a/website/content/en/getting-started/usage/_index.md b/website/content/en/getting-started/usage/_index.md
index b290abf94..500d4cecd 100644
--- a/website/content/en/getting-started/usage/_index.md
+++ b/website/content/en/getting-started/usage/_index.md
@@ -60,32 +60,32 @@ To provide identity to access key vault, refer to the following [section](#provi
```
- | Name | Required | Description | Default Value |
- | ---------------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- |
- | provider | yes | specify name of the provider | "" |
- | usePodIdentity | no | set to true for using aad-pod-identity to access keyvault | "false" |
- | useVMManagedIdentity | no | [__*available for version > 0.0.4*__] specify access mode to enable use of User-assigned managed identity | "false" |
- | userAssignedIdentityID | no | [__*available for version > 0.0.4*__] the user assigned identity ID is required for User-assigned Managed Identity mode | "" |
- | keyvaultName | yes | name of a Key Vault instance | "" |
- | cloudName | no | [__*available for version > 0.0.4*__] name of the azure cloud based on azure go sdk (AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud, AzureStackCloud) | "" |
- | cloudEnvFileName | no | [__*available for version > 0.0.7*__] path to the file to be used while populating the Azure Environment (required if target cloud is AzureStackCloud). More details [here](../../configurations/custom-environments.md). | "" |
- | objects | yes | a string of arrays of strings | "" |
- | objectName | yes | name of a Key Vault object | "" |
- | objectAlias | no | [__*available for version > 0.0.4*__] specify the filename of the object when written to disk - defaults to objectName if not provided | "" |
- | objectType | yes | type of a Key Vault object: secret, key or cert.
For Key Vault certificates, refer to [doc](../../configurations/getting-certs-and-keys.md) for the object type to use. | "" |
- | objectVersion | no | version of a Key Vault object, if not provided, will use latest | "" |
- | objectFormat | no | [__*available for version > 0.0.7*__] the format of the Azure Key Vault object, supported types are pem and pfx. `objectFormat: pfx` is only supported with `objectType: secret` and PKCS12 or ECC certificates | "pem" |
- | objectEncoding | no | [__*available for version > 0.0.8*__] the encoding of the Azure Key Vault secret object, supported types are `utf-8`, `hex` and `base64`. This option is supported only with `objectType: secret` | "utf-8" |
- | tenantId | yes | tenant ID containing key vault instance | "" |
+ | Name | Required | Description | Default Value |
+ | ---------------------- | -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- |
+ | provider | yes | specify name of the provider | "" |
+ | usePodIdentity | no | set to true for using aad-pod-identity to access keyvault | "false" |
+ | useVMManagedIdentity | no | [__*available for version > 0.0.4*__] specify access mode to enable use of User-assigned managed identity | "false" |
+ | userAssignedIdentityID | no | [__*available for version > 0.0.4*__] the user assigned identity ID is required for User-assigned Managed Identity mode | "" |
+ | keyvaultName | yes | name of a Key Vault instance | "" |
+ | cloudName | no | [__*available for version > 0.0.4*__] name of the azure cloud based on azure go sdk (AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud, AzureStackCloud) | "" |
+ | cloudEnvFileName | no | [__*available for version > 0.0.7*__] path to the file to be used while populating the Azure Environment (required if target cloud is AzureStackCloud). More details [here](../../configurations/custom-environments). | "" |
+ | objects | yes | a string of arrays of strings | "" |
+ | objectName | yes | name of a Key Vault object | "" |
+ | objectAlias | no | [__*available for version > 0.0.4*__] specify the filename of the object when written to disk - defaults to objectName if not provided | "" |
+ | objectType | yes | type of a Key Vault object: secret, key or cert.
For Key Vault certificates, refer to [doc](../../configurations/getting-certs-and-keys) for the object type to use. | "" |
+ | objectVersion | no | version of a Key Vault object, if not provided, will use latest | "" |
+ | objectFormat | no | [__*available for version > 0.0.7*__] the format of the Azure Key Vault object, supported types are pem and pfx. `objectFormat: pfx` is only supported with `objectType: secret` and PKCS12 or ECC certificates | "pem" |
+ | objectEncoding | no | [__*available for version > 0.0.8*__] the encoding of the Azure Key Vault secret object, supported types are `utf-8`, `hex` and `base64`. This option is supported only with `objectType: secret` | "utf-8" |
+ | tenantId | yes | tenant ID containing key vault instance | "" |
#### Provide Identity to Access Key Vault
The Azure Key Vault Provider offers four modes for accessing a Key Vault instance:
-1. [Service Principal](../../configurations/identity-access-modes/service-principal-mode.md) ** This is currently the only way to connect to Azure Key Vault from a non Azure environment.
-2. [Pod Identity](../../configurations/identity-access-modes/pod-identity-mode.md)
-3. [User-assigned Managed Identity](../../configurations/identity-access-modes/user-assigned-msi-mode.md)
-4. [System-assigned Managed Identity](../../configurations/identity-access-modes/system-assigned-msi-mode.md)
+1. [Service Principal](../../configurations/identity-access-modes/service-principal-mode) ** This is currently the only way to connect to Azure Key Vault from a non Azure environment.
+2. [Pod Identity](../../configurations/identity-access-modes/pod-identity-mode)
+3. [User-assigned Managed Identity](../../configurations/identity-access-modes/user-assigned-msi-mode)
+4. [System-assigned Managed Identity](../../configurations/identity-access-modes/system-assigned-msi-mode)
#### Update your Deployment Yaml
diff --git a/website/content/en/upgrading/_index.md b/website/content/en/upgrading/_index.md
index 8028e909b..9ff3d1aef 100644
--- a/website/content/en/upgrading/_index.md
+++ b/website/content/en/upgrading/_index.md
@@ -19,7 +19,7 @@ The `v1.0.0` version of the Secrets Store CSI Driver and later uses the `v1` API
**tl;dr** - `syncSecret.enabled` is set to false by default for the CSI driver.
{{% /alert %}}
-- `syncSecret.enabled` has been set to false by default. This means the RBAC clusterrole and clusterrolebinding required for [sync mounted content as Kubernetes secret](../configurations/sync-with-k8s-secrets.md) will no longer be created by default as part of `helm install/upgrade`. If you're using the driver to sync mounted content as Kubernetes secret, you'll need to set `secrets-store-csi-driver.syncSecret.enabled=true` as part of `helm install/upgrade`.
+- `syncSecret.enabled` has been set to false by default. This means the RBAC clusterrole and clusterrolebinding required for [sync mounted content as Kubernetes secret](../configurations/sync-with-k8s-secrets) will no longer be created by default as part of `helm install/upgrade`. If you're using the driver to sync mounted content as Kubernetes secret, you'll need to set `secrets-store-csi-driver.syncSecret.enabled=true` as part of `helm install/upgrade`.
If the `secrets-store-csi-driver.syncSecret.enabled=true` isn't explicitly set in `helm install/upgrade` command, it'll result in failure to create Kubernetes secret and the error would be similar to: