AKS Secure Baseline RA - Using native CSI secrets store driver for ke…

…y vault (#202) * AKS Secure Baseline RA - Using native csi secrets store driver for keyvault * using prereqs linking pattern correctly * Removed language reference in link
mspnp · Jun 8, 2021 · 34ff19b · 34ff19b
1 parent 11f0720
commit 34ff19b
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 513 deletions.
diff --git a/01-prerequisites.md b/01-prerequisites.md
@@ -24,6 +24,9 @@ This is the starting point for the instructions on deploying the [AKS Secure Bas
 
    [![Launch Azure Cloud Shell](https://docs.microsoft.com/azure/includes/media/cloud-shell-try-it/launchcloudshell.png)](https://shell.azure.com)
 
+1. While the following feature(s) are still in _preview_, please enable them in your subscription.
+   1. [Register the Azure Key Vault Secrets Provider for AKS preview feature - `AKS-AzureKeyVaultSecretsProvider`](https://docs.microsoft.com/azure/aks/csi-secrets-store-driver#register-the-aks-azurekeyvaultsecretsprovider-preview-feature).
+
 1. Clone/download this repo locally, or even better fork this repository.
 
    > :twisted_rightwards_arrows: If you have forked this reference implementation repo, you'll be able to customize some of the files and commands for a more personalized and production-like experience; ensure references to this git repository mentioned throughout the walkthrough are updated to use your own fork.

diff --git a/README.md b/README.md
@@ -39,8 +39,8 @@ Finally, this implementation uses the [ASP.NET Core Docker sample web app](https
 
 - [Flux GitOps Operator](https://fluxcd.io)
 - [Traefik Ingress Controller](https://doc.traefik.io/traefik/v2.4/routing/providers/kubernetes-ingress/)
-- [Azure AD Pod Identity](https://github.com/Azure/aad-pod-identity)
-- [Azure KeyVault Secret Store CSI Provider](https://github.com/Azure/secrets-store-csi-driver-provider-azure)
+- [Azure AD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity)
+- [Secrets Store CSI Driver for Kubernetes](https://docs.microsoft.com/azure/aks/csi-secrets-store-driver)
 - [Kured](https://docs.microsoft.com/azure/aks/node-updates-kured)
 
 ![Network diagram depicting a hub-spoke network with two peered VNets, each with three subnets and main Azure resources.](https://docs.microsoft.com/azure/architecture/reference-architectures/containers/aks/images/secure-baseline-architecture.svg)

diff --git a/cluster-manifests/README.md b/cluster-manifests/README.md
@@ -12,7 +12,6 @@ This is the root of the GitOps configuration directory. These Kubernetes object
 * Ingress Network Policy
 * Flux (self-managing)
 * Azure Monitor Prometheus Scraping
-* Azure KeyVault Secret Store CSI Provider
 * Azure AD Pod Identity
 
 ### Kured