From 774f8140fda3141bae023dc8ca3f1358dcd5c58e Mon Sep 17 00:00:00 2001 From: Anish Ramasekar Date: Fri, 5 Nov 2021 10:32:34 -0700 Subject: [PATCH] docs: update features (#710) Signed-off-by: Anish Ramasekar --- README.md | 12 +++---- website/content/en/_index.md | 20 +++++------ .../en/demos/standard-walkthrough/_index.md | 2 +- .../en/getting-started/usage/_index.md | 34 +++++++++---------- 4 files changed, 34 insertions(+), 34 deletions(-) diff --git a/README.md b/README.md index b66b87f0e..30157cbed 100644 --- a/README.md +++ b/README.md @@ -6,17 +6,17 @@ [![Go Report Card](https://goreportcard.com/badge/Azure/secrets-store-csi-driver-provider-azure)](https://goreportcard.com/report/Azure/secrets-store-csi-driver-provider-azure) ![GitHub go.mod Go version](https://img.shields.io/github/go-mod/go-version/Azure/secrets-store-csi-driver-provider-azure) -Azure Key Vault provider for [Secrets Store CSI driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver) allows you to get secret contents stored in an [Azure Key Vault](https://docs.microsoft.com/en-us/azure/key-vault/general/overview) instance and use the Secrets Store CSI driver interface to mount them into Kubernetes pods. +Azure Key Vault provider for [Secrets Store CSI Driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver) allows you to get secret contents stored in an [Azure Key Vault](https://docs.microsoft.com/en-us/azure/key-vault/general/overview) instance and use the Secrets Store CSI driver interface to mount them into Kubernetes pods. ## Features -- Mounts secrets/keys/certs on pod start using a CSI volume +- Mounts secrets/keys/certs to pod using a CSI Inline volume - Supports mounting multiple secrets store objects as a single volume -- Supports pod identity to restrict access with specific identities +- Supports multiple secrets stores as providers. Multiple providers can run in the same cluster simultaneously. - Supports pod portability with the SecretProviderClass CRD -- Supports windows containers (Kubernetes version v1.18+) -- Supports sync with Kubernetes Secrets (Secrets Store CSI Driver v0.0.10+) -- Supports multiple secrets stores providers in the same cluster. +- Supports Linux and Windows containers +- Supports sync with Kubernetes Secrets +- Supports auto rotation of secrets ## Demo diff --git a/website/content/en/_index.md b/website/content/en/_index.md index 2b70be0a3..3c43fd255 100644 --- a/website/content/en/_index.md +++ b/website/content/en/_index.md @@ -9,23 +9,23 @@ menu: weight: 20 --- -Azure Key Vault provider for [Secrets Store CSI driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver) allows you to get secret contents stored in an [Azure Key Vault](https://docs.microsoft.com/en-us/azure/key-vault/general/overview) instance and use the Secrets Store CSI driver interface to mount them into Kubernetes pods. +Azure Key Vault provider for [Secrets Store CSI Driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver) allows you to get secret contents stored in an [Azure Key Vault](https://docs.microsoft.com/en-us/azure/key-vault/general/overview) instance and use the Secrets Store CSI driver interface to mount them into Kubernetes pods. ## Project Status -| Azure Key Vault Provider | Compatible Kubernetes | `secrets-store.csi.x-k8s.io` Versions | -| ----------------------------------------------------------------------------------------- | --------------------- | ------------------------------------- | -| [v1.0.0](https://github.com/kubernetes-sigs/secrets-store-csi-driver/releases/tag/v1.0.0) | 1.19+ | `v1`, `v1alpha1` | -| [v0.2.0](https://github.com/kubernetes-sigs/secrets-store-csi-driver/releases/tag/v0.2.0) | 1.19+ | `v1alpha1` | +| Azure Key Vault Provider | Compatible Kubernetes | `secrets-store.csi.x-k8s.io` Versions | +| ---------------------------------------------------------------------------------------------- | --------------------- | ------------------------------------- | +| [v1.0.0](https://github.com/Azure/secrets-store-csi-driver-provider-azure/releases/tag/v1.0.0) | 1.19+ | `v1`, `v1alpha1` | +| [v0.2.0](https://github.com/Azure/secrets-store-csi-driver-provider-azure/releases/tag/v0.2.0) | 1.19+ | `v1alpha1` | For Secrets Store CSI Driver project status and supported versions, check the doc [here](https://secrets-store-csi-driver.sigs.k8s.io/#project-status) ## Features -- Mounts secrets/keys/certs on pod start using a CSI volume +- Mounts secrets/keys/certs to pod using a CSI Inline volume - Supports mounting multiple secrets store objects as a single volume -- Supports pod identity to restrict access with specific identities +- Supports multiple secrets stores as providers. Multiple providers can run in the same cluster simultaneously. - Supports pod portability with the SecretProviderClass CRD -- Supports windows containers (Kubernetes version v1.18+) -- Supports sync with Kubernetes Secrets (Secrets Store CSI Driver v0.0.10+) -- Supports auto rotation of secrets (Secrets Store CSI Driver v0.0.16+) +- Supports Linux and Windows containers +- Supports sync with Kubernetes Secrets +- Supports auto rotation of secrets diff --git a/website/content/en/demos/standard-walkthrough/_index.md b/website/content/en/demos/standard-walkthrough/_index.md index 7d3d564c9..39b6428dd 100644 --- a/website/content/en/demos/standard-walkthrough/_index.md +++ b/website/content/en/demos/standard-walkthrough/_index.md @@ -45,7 +45,7 @@ Create an Azure Keyvault instance: Add a secret to your Keyvault: ```bash -az keyvault secret set --vault-name ${KEYVAULT_NAME} --name secret1 --value "Hello!" +az keyvault secret set --vault-name ${KEYVAULT_NAME} --name secret1 --value "Hello\!" ``` ### 3. Create an identity on Azure and set access policies diff --git a/website/content/en/getting-started/usage/_index.md b/website/content/en/getting-started/usage/_index.md index 50cf87923..500d4cecd 100644 --- a/website/content/en/getting-started/usage/_index.md +++ b/website/content/en/getting-started/usage/_index.md @@ -60,23 +60,23 @@ To provide identity to access key vault, refer to the following [section](#provi ``` - | Name | Required | Description | Default Value | - | ---------------------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | - | provider | yes | specify name of the provider | "" | - | usePodIdentity | no | set to true for using aad-pod-identity to access keyvault | "false" | - | useVMManagedIdentity | no | [__*available for version > 0.0.4*__] specify access mode to enable use of User-assigned managed identity | "false" | - | userAssignedIdentityID | no | [__*available for version > 0.0.4*__] the user assigned identity ID is required for User-assigned Managed Identity mode | "" | - | keyvaultName | yes | name of a Key Vault instance | "" | - | cloudName | no | [__*available for version > 0.0.4*__] name of the azure cloud based on azure go sdk (AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud, AzureStackCloud) | "" | - | cloudEnvFileName | no | [__*available for version > 0.0.7*__] path to the file to be used while populating the Azure Environment (required if target cloud is AzureStackCloud). More details [here](#other-azure-clouds). | "" | - | objects | yes | a string of arrays of strings | "" | - | objectName | yes | name of a Key Vault object | "" | - | objectAlias | no | [__*available for version > 0.0.4*__] specify the filename of the object when written to disk - defaults to objectName if not provided | "" | - | objectType | yes | type of a Key Vault object: secret, key or cert.
For Key Vault certificates, refer to [doc](../../configurations/getting-certs-and-keys) for the object type to use.
| "" | - | objectVersion | no | version of a Key Vault object, if not provided, will use latest | "" | - | objectFormat | no | [__*available for version > 0.0.7*__] the format of the Azure Key Vault object, supported types are pem and pfx. `objectFormat: pfx` is only supported with `objectType: secret` and PKCS12 or ECC certificates | "pem" | - | objectEncoding | no | [__*available for version > 0.0.8*__] the encoding of the Azure Key Vault secret object, supported types are `utf-8`, `hex` and `base64`. This option is supported only with `objectType: secret` | "utf-8" | - | tenantId | yes | tenant ID containing key vault instance | "" | + | Name | Required | Description | Default Value | + | ---------------------- | -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | + | provider | yes | specify name of the provider | "" | + | usePodIdentity | no | set to true for using aad-pod-identity to access keyvault | "false" | + | useVMManagedIdentity | no | [__*available for version > 0.0.4*__] specify access mode to enable use of User-assigned managed identity | "false" | + | userAssignedIdentityID | no | [__*available for version > 0.0.4*__] the user assigned identity ID is required for User-assigned Managed Identity mode | "" | + | keyvaultName | yes | name of a Key Vault instance | "" | + | cloudName | no | [__*available for version > 0.0.4*__] name of the azure cloud based on azure go sdk (AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud, AzureStackCloud) | "" | + | cloudEnvFileName | no | [__*available for version > 0.0.7*__] path to the file to be used while populating the Azure Environment (required if target cloud is AzureStackCloud). More details [here](../../configurations/custom-environments). | "" | + | objects | yes | a string of arrays of strings | "" | + | objectName | yes | name of a Key Vault object | "" | + | objectAlias | no | [__*available for version > 0.0.4*__] specify the filename of the object when written to disk - defaults to objectName if not provided | "" | + | objectType | yes | type of a Key Vault object: secret, key or cert.
For Key Vault certificates, refer to [doc](../../configurations/getting-certs-and-keys) for the object type to use.
| "" | + | objectVersion | no | version of a Key Vault object, if not provided, will use latest | "" | + | objectFormat | no | [__*available for version > 0.0.7*__] the format of the Azure Key Vault object, supported types are pem and pfx. `objectFormat: pfx` is only supported with `objectType: secret` and PKCS12 or ECC certificates | "pem" | + | objectEncoding | no | [__*available for version > 0.0.8*__] the encoding of the Azure Key Vault secret object, supported types are `utf-8`, `hex` and `base64`. This option is supported only with `objectType: secret` | "utf-8" | + | tenantId | yes | tenant ID containing key vault instance | "" | #### Provide Identity to Access Key Vault