deploy: 3707fd3

en/auth-workflow/index.html

@@ -387,11 +387,11 @@ <h2 id="integration-with-azure-active-directory">Integration with Azure Active D
 <li>Using the App Registration's details (client ID, client secret, tenantID) in
   Vouch-Proxy's configuration :</li>
 </ul>
-<div class="highlight"><pre><span></span><code><span class="w">  </span><span class="nt">client_id</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">&lt;id&gt;</span>
-<span class="w">  </span><span class="nt">client_secret</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">&lt;secret&gt;</span>
-<span class="w">  </span><span class="nt">auth_url</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://login.microsoftonline.com/&lt;tenantID&gt;/oauth2/v2.0/authorize</span>
-<span class="w">  </span><span class="nt">token_url</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://login.microsoftonline.com/&lt;tenantID&gt;/oauth2/v2.0/token</span>
-</code></pre></div>
+<p><code>yaml
+    client_id: &lt;id&gt;
+    client_secret: &lt;secret&gt;
+    auth_url: https://login.microsoftonline.com/&lt;tenantID&gt;/oauth2/v2.0/authorize
+    token_url: https://login.microsoftonline.com/&lt;tenantID&gt;/oauth2/v2.0/token</code></p>
 <p>When a user attempts to access a protected resource, they are redirected to
 Azure AD to log in. Once authenticated, Azure AD redirects back to Vouch-Proxy,
 which then validates the user's session and forwards the authentication details
@@ -402,15 +402,15 @@ <h2 id="nginx-ingress-annotations-for-authentication">Nginx Ingress Annotations
 controller to consult Vouch-Proxy for authentication before granting access to
 the application. Here’s how to configure these annotations for an app with the
 ingress hostname <code>vouch.inspection.alpha.canada.ca</code>:</p>
-<div class="highlight"><pre><span></span><code><span class="nt">annotations</span><span class="p">:</span>
-<span class="w">  </span><span class="nt">nginx.ingress.kubernetes.io/auth-signin</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;https://vouch.inspection.alpha.canada.ca/login?url=$scheme://$http_host$request_uri&amp;vouch-failcount=$auth_resp_failcount&amp;X-Vouch-Token=$auth_resp_jwt&amp;error=$auth_resp_err&quot;</span>
-<span class="w">  </span><span class="nt">nginx.ingress.kubernetes.io/auth-url</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://vouch.inspection.alpha.canada.ca/validate</span>
-<span class="w">  </span><span class="nt">nginx.ingress.kubernetes.io/auth-snippet</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">|</span>
-<span class="w">    </span><span class="no"># these return values are used by the @error401 call</span>
-<span class="w">    </span><span class="no">auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt;</span>
-<span class="w">    </span><span class="no">auth_request_set $auth_resp_err $upstream_http_x_vouch_err;</span>
-<span class="w">    </span><span class="no">auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount;</span>
-</code></pre></div>
+<pre><code class="language-yaml">annotations:
+  nginx.ingress.kubernetes.io/auth-signin: &quot;https://vouch.inspection.alpha.canada.ca/login?url=$scheme://$http_host$request_uri&amp;vouch-failcount=$auth_resp_failcount&amp;X-Vouch-Token=$auth_resp_jwt&amp;error=$auth_resp_err&quot;
+  nginx.ingress.kubernetes.io/auth-url: https://vouch.inspection.alpha.canada.ca/validate
+  nginx.ingress.kubernetes.io/auth-snippet: |
+    # these return values are used by the @error401 call
+    auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt;
+    auth_request_set $auth_resp_err $upstream_http_x_vouch_err;
+    auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount;
+</code></pre>
 <h2 id="authentication-flow">Authentication Flow</h2>
 <p><img alt="Vouch-Proxy Authentication Flow" src="../img/auth-vouch-proxy.svg" /></p>
 <ol>

en/generic-architecture/index.html

@@ -433,81 +433,83 @@ <h2 id="glossary">Glossary</h2>
 <h2 id="diagrams">Diagrams</h2>
 <p>Describe the operation of our implementation for high availability (HA)
 as well as the redundancy of services within Azure using Kubernetes</p>
-<pre class="mermaid"><code>flowchart
-    subgraph Azure["Azure"]
+<pre><code class="language-mermaid">flowchart
+    subgraph Azure[&quot;Azure&quot;]
         direction TB
-        subgraph CC["Canada central (CA)"]
-            subgraph VNet1["VNet-CC"]
-                subgraph Kubernetes1["Kubernetes-CC"]
+        subgraph CC[&quot;Canada central (CA)&quot;]
+            subgraph VNet1[&quot;VNet-CC&quot;]
+                subgraph Kubernetes1[&quot;Kubernetes-CC&quot;]
                     direction TB
-                    Ingress1["Ingress"]
-                    Pod1["Pod"]
-                    Pod2["Pod"]
-                    Pod3["Pod"]
-                    Pod4["Pod"]
-                    Pod5["Pod"]
-                    Pod6["Pod"]
+                    Ingress1[&quot;Ingress&quot;]
+                    Pod1[&quot;Pod&quot;]
+                    Pod2[&quot;Pod&quot;]
+                    Pod3[&quot;Pod&quot;]
+                    Pod4[&quot;Pod&quot;]
+                    Pod5[&quot;Pod&quot;]
+                    Pod6[&quot;Pod&quot;]
                 end
             end
         end
 
-        subgraph CE["Canada east (CE)"]
-            subgraph VNet2["VNet-CE"]
-                subgraph Kubernetes2["Kubernetes-CE"]
+        subgraph CE[&quot;Canada east (CE)&quot;]
+            subgraph VNet2[&quot;VNet-CE&quot;]
+                subgraph Kubernetes2[&quot;Kubernetes-CE&quot;]
                     direction TB
-                    Ingress2["Ingress"]
-                    Pod7["Pod"]
-                    Pod8["Pod"]
-                    Pod9["Pod"]
-                    Pod10["Pod"]
-                    Pod11["Pod"]
-                    Pod12["Pod"]
+                    Ingress2[&quot;Ingress&quot;]
+                    Pod7[&quot;Pod&quot;]
+                    Pod8[&quot;Pod&quot;]
+                    Pod9[&quot;Pod&quot;]
+                    Pod10[&quot;Pod&quot;]
+                    Pod11[&quot;Pod&quot;]
+                    Pod12[&quot;Pod&quot;]
                 end
             end
         end
 
-        VNet1["VNet-CC"] &lt;---&gt;|HA| VNet2["VNet-CE"]
-        Kubernetes1["Kubernetes-CC"] &lt;---&gt;|1:1 redundancy| Kubernetes2["Kubernetes-CE"]
-    end</code></pre>
+        VNet1[&quot;VNet-CC&quot;] &lt;---&gt;|HA| VNet2[&quot;VNet-CE&quot;]
+        Kubernetes1[&quot;Kubernetes-CC&quot;] &lt;---&gt;|1:1 redundancy| Kubernetes2[&quot;Kubernetes-CE&quot;]
+    end
+</code></pre>
 <p>Represents the process of sending a request to our infrastructure
 within Azure</p>
-<pre class="mermaid"><code>flowchart
-    Client["Client"] --&gt;|request| LB
-    subgraph Azure["Azure"]
-        LB["Load balancer"]
+<pre><code class="language-mermaid">flowchart
+    Client[&quot;Client&quot;] --&gt;|request| LB
+    subgraph Azure[&quot;Azure&quot;]
+        LB[&quot;Load balancer&quot;]
         LB --&gt; VNet1
         LB --&gt; VNet2
         direction LR
-        subgraph CC["Canada central (CC)"]
-            subgraph VNet1["VNet-CC"]
-                subgraph Kubernetes1["Kubernetes-CC"]
+        subgraph CC[&quot;Canada central (CC)&quot;]
+            subgraph VNet1[&quot;VNet-CC&quot;]
+                subgraph Kubernetes1[&quot;Kubernetes-CC&quot;]
                     direction TB
-                    Ingress1["Ingress"]
-                    Pod1["Pod"]
-                    Pod2["Pod"]
-                    Pod3["Pod"]
-                    Pod4["Pod"]
-                    Pod5["Pod"]
-                    Pod6["Pod"]
+                    Ingress1[&quot;Ingress&quot;]
+                    Pod1[&quot;Pod&quot;]
+                    Pod2[&quot;Pod&quot;]
+                    Pod3[&quot;Pod&quot;]
+                    Pod4[&quot;Pod&quot;]
+                    Pod5[&quot;Pod&quot;]
+                    Pod6[&quot;Pod&quot;]
                 end
             end
         end
 
-        subgraph CE["Canada east (CE)"]
-            subgraph VNet2["VNet-CE"]
-                subgraph Kubernetes2["Kubernetes-CE"]
+        subgraph CE[&quot;Canada east (CE)&quot;]
+            subgraph VNet2[&quot;VNet-CE&quot;]
+                subgraph Kubernetes2[&quot;Kubernetes-CE&quot;]
                     direction TB
-                    Ingress2["Ingress"]
-                    Pod7["Pod"]
-                    Pod8["Pod"]
-                    Pod9["Pod"]
-                    Pod10["Pod"]
-                    Pod11["Pod"]
-                    Pod12["Pod"]
+                    Ingress2[&quot;Ingress&quot;]
+                    Pod7[&quot;Pod&quot;]
+                    Pod8[&quot;Pod&quot;]
+                    Pod9[&quot;Pod&quot;]
+                    Pod10[&quot;Pod&quot;]
+                    Pod11[&quot;Pod&quot;]
+                    Pod12[&quot;Pod&quot;]
                 end
             end
         end
-    end</code></pre>
+    end
+</code></pre>
 <p>Representation of the two diagrams above in one</p>
 <p><img alt="Diagram" src="../img/ha-redundancy-lb.png" /></p>
 <h2 id="references">References</h2>

en/index.html

@@ -408,13 +408,13 @@ <h3 id="kubectl-configuration">Kubectl configuration</h3>
 CLI</a> and
 <a href="https://github.com/Azure/kubelogin">kubelogin</a> plugin installed, here is how
 you can locally fetch the kube config :</p>
-<div class="highlight"><pre><span></span><code>az<span class="w"> </span>login
-az<span class="w"> </span>account<span class="w"> </span><span class="nb">set</span><span class="w"> </span>--subscription<span class="w"> </span>xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
-az<span class="w"> </span>aks<span class="w"> </span>get-credentials<span class="w"> </span>--resource-group<span class="w"> </span>resource-group-name<span class="w"> </span>--name<span class="w"> </span>aks-name<span class="w"> </span>--overwrite-existing
-kubelogin<span class="w"> </span>convert-kubeconfig<span class="w"> </span>-l<span class="w"> </span>azurecli
-</code></pre></div>
+<pre><code class="language-bash">az login
+az account set --subscription xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+az aks get-credentials --resource-group resource-group-name --name aks-name --overwrite-existing
+kubelogin convert-kubeconfig -l azurecli
+</code></pre>
 <h2 id="documentation">Documentation</h2>
-<p><a href="https://ai-cfia.github.io/howard/en/">https://ai-cfia.github.io/howard/en/</a></p>
+<p>mkdocs link here</p>
 
 
 

en/multi-layered-application/index.html

@@ -402,7 +402,7 @@ <h2 id="diagram">Diagram</h2>
 <p>This diagram shows the communication between the <code>frontend</code>, the
 <code>backend (/api)</code>, the <code>browser (client)</code>, and the <code>ingress (ingress nginx)</code>
 for an application.</p>
-<pre class="mermaid"><code>sequenceDiagram
+<pre><code class="language-mermaid">sequenceDiagram
     participant Browser
     participant Ingress
     participant Frontend
@@ -420,7 +420,8 @@ <h2 id="diagram">Diagram</h2>
     Ingress-&gt;&gt;Backend: GET /search
     Note over Ingress: /api is /search (ImplementationSpecific)
     Backend--&gt;&gt;Ingress: 200
-    Ingress--&gt;&gt;Browser: The browser display the result</code></pre>
+    Ingress--&gt;&gt;Browser: The browser display the result
+</code></pre>
 <h2 id="references">References</h2>
 <p><a href="https://docs.nginx.com/nginx-ingress-controller/">Ingress NGINX</a></p>
 <p><a href="https://docs.nginx.com/nginx-ingress-controller/configuration/ingress-resources/basic-configuration/">Ingress NGINX - ImplementationSpecific</a></p>

en/secrets-management/index.html

@@ -433,7 +433,7 @@ <h2 id="vault-architecture">Vault architecture</h2>
 <p>The following sequence diagram describes the process of how a developer can
 update secrets using the Vault UI service and how the secrets are injected into
 pods :</p>
-<pre class="mermaid"><code>sequenceDiagram
+<pre><code class="language-mermaid">sequenceDiagram
     participant Developer
     participant FinesseRepo as Finesse Repository
     participant GHWorkflow as GitHub Workflow
@@ -460,7 +460,8 @@ <h2 id="vault-architecture">Vault architecture</h2>
     ArgoRepoServer-&gt;&gt;+ArgoVaultPlugin: triggers refresh on finesse namespace,&lt;br&gt; sync secrets from Vault
     ArgoVaultPlugin-&gt;&gt;+Vault: Fetch specific version of secrets
     ArgoVaultPlugin-&gt;&gt;+FinessePod: Injects secrets
-    Developer-&gt;&gt;+FinessePod: 4. Trigger hard refresh through argoCD</code></pre>
+    Developer-&gt;&gt;+FinessePod: 4. Trigger hard refresh through argoCD
+</code></pre>
 <p>Take note that the developer needs to trigger a hard refresh on the pod to
 reflect the changes in the secrets. This is done in the ArgoCD UI, but we are
 working on a way to automate this process.</p>
@@ -534,19 +535,19 @@ <h3 id="steps-to-update-secrets-injected-into-pods">Steps to update secrets inje
    secret, you can add a new key-value pair to the <code>data</code> section of the secret
   manifest :</li>
 </ol>
-<div class="highlight"><pre><span></span><code><span class="nt">FINESSE_BACKEND_AZURE_SEARCH_TRANSFORM_MAP</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">&lt;FINESSE_BACKEND_AZURE_SEARCH_TRANSFORM_MAP&gt;</span>
-</code></pre></div>
+<p><code>yaml
+   FINESSE_BACKEND_AZURE_SEARCH_TRANSFORM_MAP: &lt;FINESSE_BACKEND_AZURE_SEARCH_TRANSFORM_MAP&gt;</code></p>
 <p>The key represents the environment variable name that will be injected into the
    pod, and the value represents the secret key in Vault that will be used to fetch
    the secret value.</p>
 <ol>
 <li>Update the version annotation of  the secrets being fetch from vault :</li>
 </ol>
-<div class="highlight"><pre><span></span><code><span class="c1"># Bump the version of the secret from</span>
-<span class="nt">avp.kubernetes.io/secret-version</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;4&quot;</span>
-<span class="c1"># To</span>
-<span class="nt">avp.kubernetes.io/secret-version</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;5&quot;</span>
-</code></pre></div>
+<p><code>yaml
+   # Bump the version of the secret from
+   avp.kubernetes.io/secret-version: "4"
+   # To
+   avp.kubernetes.io/secret-version: "5"</code></p>
 <p>This is the new version that we create in step 5 of the previous section.</p>
 <p>As additional example, here is an issue and a pull request that showcases the
    process of updating secrets in the Nachet application :</p>

fr/auth-workflow/index.html

@@ -388,11 +388,11 @@ <h2 id="integration-avec-azure-active-directory">Intégration avec Azure Active
 <li>L'utilisation des détails de l'enregistrement d'application (ID client, secret
 client, tenantID) dans la configuration de Vouch-Proxy :</li>
 </ul>
-<div class="highlight"><pre><span></span><code><span class="w">  </span><span class="nt">client_id</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">&lt;id&gt;</span>
-<span class="w">  </span><span class="nt">client_secret</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">&lt;secret&gt;</span>
-<span class="w">  </span><span class="nt">auth_url</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://login.microsoftonline.com/&lt;tenantID&gt;/oauth2/v2.0/authorize</span>
-<span class="w">  </span><span class="nt">token_url</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://login.microsoftonline.com/&lt;tenantID&gt;/oauth2/v2.0/token</span>
-</code></pre></div>
+<p><code>yaml
+    client_id: &lt;id&gt;
+    client_secret: &lt;secret&gt;
+    auth_url: https://login.microsoftonline.com/&lt;tenantID&gt;/oauth2/v2.0/authorize
+    token_url: https://login.microsoftonline.com/&lt;tenantID&gt;/oauth2/v2.0/token</code></p>
 <p>Lorsqu'un utilisateur tente d'accéder à une ressource protégée, il est redirigé
 vers Azure AD pour se connecter. Une fois authentifié, Azure AD redirige vers
 Vouch-Proxy, qui valide ensuite la session de l'utilisateur et transmet les
@@ -404,15 +404,15 @@ <h2 id="annotations-nginx-ingress-pour-lauthentification">Annotations Nginx Ingr
 avant d'accorder l'accès à l'application. Voici comment configurer ces
 annotations pour une app avec le nom d'hôte d'ingress
 <code>vouch.inspection.alpha.canada.ca</code> :</p>
-<div class="highlight"><pre><span></span><code><span class="nt">annotations</span><span class="p">:</span>
-<span class="w">  </span><span class="nt">nginx.ingress.kubernetes.io/auth-signin</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;https://vouch.inspection.alpha.canada.ca/login?url=$scheme://$http_host$request_uri&amp;vouch-failcount=$auth_resp_failcount&amp;X-Vouch-Token=$auth_resp_jwt&amp;error=$auth_resp_err&quot;</span>
-<span class="w">  </span><span class="nt">nginx.ingress.kubernetes.io/auth-url</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://vouch.inspection.alpha.canada.ca/validate</span>
-<span class="w">  </span><span class="nt">nginx.ingress.kubernetes.io/auth-snippet</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">|</span>
-<span class="w">    </span><span class="no"># these return values are used by the @error401 call</span>
-<span class="w">    </span><span class="no">auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt;</span>
-<span class="w">    </span><span class="no">auth_request_set $auth_resp_err $upstream_http_x_vouch_err;</span>
-<span class="w">    </span><span class="no">auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount;</span>
-</code></pre></div>
+<pre><code class="language-yaml">annotations:
+  nginx.ingress.kubernetes.io/auth-signin: &quot;https://vouch.inspection.alpha.canada.ca/login?url=$scheme://$http_host$request_uri&amp;vouch-failcount=$auth_resp_failcount&amp;X-Vouch-Token=$auth_resp_jwt&amp;error=$auth_resp_err&quot;
+  nginx.ingress.kubernetes.io/auth-url: https://vouch.inspection.alpha.canada.ca/validate
+  nginx.ingress.kubernetes.io/auth-snippet: |
+    # these return values are used by the @error401 call
+    auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt;
+    auth_request_set $auth_resp_err $upstream_http_x_vouch_err;
+    auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount;
+</code></pre>
 <h2 id="authentication-flow">Authentication Flow</h2>
 <p><img alt="Flux d'authentification de Vouch-Proxy" src="../img/auth-vouch-proxy.svg" /></p>
 <ol>