Update bucket and oci docs too

somtochiama · somtochiama · commit 9709e52c8570 · 2023-07-17T23:16:07.000+01:00
Signed-off-by: Somtochi Onyekwere &lt;somtochionyekwere@gmail.com&gt;
diff --git a/docs/spec/v1beta2/buckets.md b/docs/spec/v1beta2/buckets.md
@@ -439,8 +439,8 @@ data:
 
 ##### Workload Identity
 
-If you have [Workload Identity mutating webhook](https://azure.github.io/azure-workload-identity/docs/installation/managed-clusters.html)
-installed on your cluster. You need to create an Azure Identity and give it
+If you have [Workload Identity](https://azure.github.io/azure-workload-identity/docs/installation/managed-clusters.html)
+set up on your cluster. You need to create an Azure Identity and give it
 access to Azure Blob Storage.
 
 ```shell
@@ -465,7 +465,7 @@ az identity federated-credential create \
   --subject "system:serviceaccount:flux-system:source-controller"
 ```
 
-Add a patch to label and annotate the source-controller Pods and ServiceAccount
+Add a patch to label and annotate the source-controller Deployment and ServiceAccount
 correctly so that it can match an identity binding:
 
 ```yaml
@@ -517,7 +517,7 @@ spec:
   endpoint: https://testfluxsas.blob.core.windows.net
 ```
 
-##### Managed Identity with AAD Pod Identity
+##### Deprecated: Managed Identity with AAD Pod Identity
 
 If you are using [aad pod identity](https://azure.github.io/aad-pod-identity/docs),
 You need to create an Azure Identity and give it access to Azure Blob Storage.
diff --git a/docs/spec/v1beta2/helmrepositories.md b/docs/spec/v1beta2/helmrepositories.md
@@ -233,11 +233,11 @@ by extension gain access to ACR.
 When the kubelet managed identity has access to ACR, source-controller running on 
 it will also have access to ACR.
 
-*Note*: If you have more than one identity configured on the cluster, you have to specify which one to use
-by setting the `AZURE_CLIENT_ID` variable in the source-controller pod.
+**Note:** If you have more than one identity configured on the cluster, you have to specify which one to use
+by setting the `AZURE_CLIENT_ID` environment variable in the source-controller deployment.
 
 If you are running into further issues, please look at the
-[troubleshooting guide](https://github.com/Azure/azure-sdk-for-go/blob/main/sdk/azidentity/TROUBLESHOOTING.md#azure-virtual-machine-managed-identity)
+[troubleshooting guide](https://github.com/Azure/azure-sdk-for-go/blob/main/sdk/azidentity/TROUBLESHOOTING.md#azure-virtual-machine-managed-identity).
 
 ##### Azure Workload Identity
 
@@ -276,15 +276,16 @@ patches:
               azure.workload.identity/use: "true"
 ```
 
-To use Workload Identity, the Workload Identity mutating webhook has to be installed on your cluster and
-you have to create an identity that has access to ACR. Next, establish
+Ensure Workload Identity is properly setup on your cluster and the mutating webhook is installed.
+Create an identity that has access to ACR. Next, establish
 a federated identity between the source-controller ServiceAccount and the
-identity. Patch the source-controller Pod and ServiceAccount as shown in the patch
+identity. Patch the source-controller Deployment and ServiceAccount as shown in the patch
 above. Please take a look at this [guide](https://azure.github.io/azure-workload-identity/docs/quick-start.html#6-establish-federated-identity-credential-between-the-identity-and-the-service-account-issuer--subject).
 
-##### Deprecated:  AAD Pod Identity
+##### Deprecated: AAD Pod Identity
 
-**Note:** AAD Pod Identity will be archived in September 2023, and you are advised to use Workload Identity instead.
+**Note:** The AAD Pod Identity project will be archived in [September 2023](https://github.com/Azure/aad-pod-identity#-announcement),
+and you are advised to use Workload Identity instead.
 
 When using aad-pod-identity to enable access to ACR, add the following patch to
 your bootstrap repository, in the `flux-system/kustomization.yaml` file:
@@ -310,7 +311,7 @@ to give the `source-controller` pod access to the ACR. To do this, you have to i
 `aad-pod-identity` on your cluster, create a managed identity that has access to the
 container registry (this can also be the Kubelet identity if it has `AcrPull` role
 assignment on the ACR), create an `AzureIdentity` and `AzureIdentityBinding` that describe
-the managed identity and then label the `source-controller` pods with the name of the
+the managed identity and then label the `source-controller` deployment with the name of the
 AzureIdentity as shown in the patch above. Please take a look at [this guide](https://azure.github.io/aad-pod-identity/docs/)
 or [this one](https://docs.microsoft.com/en-us/azure/aks/use-azure-ad-pod-identity)
 if you want to use AKS pod-managed identities add-on that is in preview.
diff --git a/docs/spec/v1beta2/ocirepositories.md b/docs/spec/v1beta2/ocirepositories.md
@@ -157,15 +157,22 @@ to the IAM role when using IRSA.
 
 #### Azure
 
-The `azure` provider can be used to authenticate automatically using kubelet
-managed identity or Azure Active Directory pod-managed identity (aad-pod-identity),
+The `azure` provider can be used to authenticate automatically using Workload Identity, Kubelet Managed
+Identity or Azure Active Directory pod-managed identity (aad-pod-identity),
 and by extension gain access to ACR.
 
 ##### Kubelet Managed Identity
 
 When the kubelet managed identity has access to ACR, source-controller running
 on it will also have access to ACR.
 
+**Note:** If you have more than one identity configured on the cluster, you have to specify which one to use
+by setting the `AZURE_CLIENT_ID` environment variable in the source-controller deployment.
+
+If you are running into further issues, please look at the
+[troubleshooting guide](https://github.com/Azure/azure-sdk-for-go/blob/main/sdk/azidentity/TROUBLESHOOTING.md#azure-virtual-machine-managed-identity).
+
+
 ##### Workload Identity
 
 When using Workload Identity to enable access to ACR, add the following patch to
@@ -203,13 +210,18 @@ patches:
               azure.workload.identity/use: "true"
 ```
 
-To use Workload Identity, you have to install the Workload Identity
-mutating webhook and create an identity that has access to ACR. Next, establish 
-a federated identity between the source-controller ServiceAccount and the 
-identity. Patch the source-controller Pod and ServiceAccount as shown in the patch
+Ensure Workload Identity is properly setup on your cluster and the mutating webhook is installed.
+Create an identity that has access to ACR. Next, establish
+a federated identity between the source-controller ServiceAccount and the
+identity. Patch the source-controller Deployment and ServiceAccount as shown in the patch
 above. Please take a look at this [guide](https://azure.github.io/azure-workload-identity/docs/quick-start.html#6-establish-federated-identity-credential-between-the-identity-and-the-service-account-issuer--subject).
 
-##### AAD Pod Identity
+##### Deprecated: AAD Pod Identity
+
+**Note:** The AAD Pod Identity project will be archived in [September 2023](https://github.com/Azure/aad-pod-identity#-announcement),
+and you are advised to use Workload Identity instead.
+
+
 When using aad-pod-identity to enable access to ACR, add the following patch to
 your bootstrap repository, in the `flux-system/kustomization.yaml` file:
 
