docs: update manual installation

docs/manual-install.md

@@ -27,11 +27,11 @@ This guide demonstrates steps required to enable the KMS Plugin for Key Vault in
 
   [`/etc/kubernetes/azure.json`](https://kubernetes-sigs.github.io/cloud-provider-azure/install/configs/) is a well-known JSON file in each node that provides the details about which method KMS Plugin uses for access to Keyvault:
 
-  | Authentication method            | `/etc/kubernetes/azure.json` fields used                                                    |
-  | -------------------------------- | ------------------------------------------------------------------------------------------- |
-  | System-assigned managed identity | `useManagedIdentityExtension: true` and `userAssignedIdentityID:""`                         |
-  | User-assigned managed identity   | `useManagedIdentityExtension: true` and `userAssignedIdentityID:"<UserAssignedIdentityID>"` |
-  | Service principal (default)      | `aadClientID: "<AADClientID>"` and `aadClientSecret: "<AADClientSecret>"`                   |
+  | Authentication method            | `/etc/kubernetes/azure.json` fields used                                                               |
+  | -------------------------------- | ------------------------------------------------------------------------------------------------------ |
+  | System-assigned managed identity | `useManagedIdentityExtension: true` and `userAssignedIdentityID:""`                                    |
+  | User-assigned managed identity   | `useManagedIdentityExtension: true` and `userAssignedIdentityID:"<UserAssignedIdentityID>"`            |
+  | Service principal (default)      | `tenantId: "<AADTenantID>"`, `aadClientId: "<AADClientID>"` and `aadClientSecret: "<AADClientSecret>"` |
 
   #### Obtaining the ID of the cluster managed identity/service principal
 
@@ -137,7 +137,7 @@ This guide demonstrates steps required to enable the KMS Plugin for Key Vault in
 
 ### 4. Create encryption configuration
 
-  Create a new encryption configuration file `/etc/kubernetes/manifests/encryptionconfig.yaml` using the appropriate properties for the `kms` provider:
+  Create a new encryption configuration file `/etc/kubernetes/enc/encryptionconfig.yaml` using the appropriate properties for the `kms` provider:
 
   ```yaml
   kind: EncryptionConfiguration
@@ -147,6 +147,8 @@ This guide demonstrates steps required to enable the KMS Plugin for Key Vault in
         - secrets
       providers:
         - kms:
+            # if you are using KMSv2, please specify the api version
+            # apiVersion: v2
             name: azurekmsprovider
             endpoint: unix:///opt/azurekms.socket       # This endpoint must match the value defined in --listen-addr for the KMS plugin
             cachesize: 1000
@@ -155,23 +157,30 @@ This guide demonstrates steps required to enable the KMS Plugin for Key Vault in
 
   The encryption configuration file needs to be accessible by all the api servers.
 
-### 5. Modify `/etc/kubernetes/kube-apiserver.yaml`
+### 5. Modify `/etc/kubernetes/manifests/kube-apiserver.yaml`
 
   Add the following flag:
 
   ```yaml
-  --encryption-provider-config=/etc/kubernetes/encryptionconfig.yaml
+  --encryption-provider-config=/etc/kubernetes/enc/encryptionconfig.yaml
   ```
 
   Mount `/opt` to access the socket:
 
   ```yaml
   ...
   volumeMounts:
+  - name: enc
+    mountPath: /etc/kubernetes/enc
+    readOnly: true
   - name: "sock"
     mountPath: "/opt"
   ...
   volumes:
+    - name: enc
+      hostPath:
+        path: /etc/kubernetes/enc
+        type: DirectoryOrCreate
     - name: "sock"
       hostPath:
         path: "/opt"