Update Operations

daprdocs/content/en/concepts/observability-concept.md

@@ -15,7 +15,7 @@ The observability capabilities enable users to monitor the Dapr system services,
 
     You can use distributed tracing to help debug and optimize application code. Distributed tracing contains trace spans between the Dapr runtime, Dapr system services, and user apps across process, nodes, network, and security boundaries. It provides a detailed understanding of service invocations (call flows) and service dependencies.
 
-    Dapr uses [W3C tracing context for distributed tracing](./W3C-traces.md)
+    Dapr uses [W3C distributed tracing]({{< ref w3c-tracing >}})
 
     It is generally recommended to run Dapr in production with tracing.
 * **[Metrics](./metrics.md)**: are the series of measured values and counts that are collected and stored over time. Dapr metrics provide monitoring and understanding of the behavior of Dapr system services and user apps. For example, the service metrics between Dapr sidecars and user apps show call latency, traffic failures, error rates of requests etc. Dapr system services metrics show side car injection failures, health of the system services including CPU usage, number of actor placement made etc.  

daprdocs/content/en/developing-applications/building-blocks/bindings/bindings-overview.md

@@ -47,60 +47,9 @@ In order to invoke an output binding:
 
 Read the [Send events to external systems using Output Bindings]({{< ref howto-bindings.md >}}) page to get started with output bindings.
 
-## Supported bindings
 
-Every binding has its own unique set of properties. Click the name link to see the component YAML for each binding.
-
-### Generic
-
-| Name | Input<br>Binding | Output<br>Binding | Status |
-|------|:----------------:|:-----------------:|--------|
-| [Cron (Scheduler)]({{< ref cron.md >}}) | ✅ | ✅ | Experimental |
-| [HTTP]({{< ref http.md >}})           |    | ✅ | Experimental |
-| [InfluxDB]({{< ref influxdb.md >}})       |    | ✅ | Experimental |
-| [Kafka]({{< ref kafka.md >}})         | ✅ | ✅ | Experimental |
-| [Kubernetes Events]({{< ref "kubernetes-binding.md" >}}) | ✅ |    | Experimental |
-| [MQTT]({{< ref mqtt.md >}})           | ✅ | ✅ | Experimental |
-| [PostgreSql]({{< ref postgres.md >}})       |    | ✅ | Experimental |
-| [RabbitMQ]({{< ref rabbitmq.md >}})   | ✅ | ✅ | Experimental |
-| [Redis]({{< ref redis.md >}})         |    | ✅ | Experimental |
-| [Twilio]({{< ref twilio.md >}})       |    | ✅ | Experimental |
-| [Twitter]({{< ref twitter.md >}})       | ✅ | ✅ | Experimental |
-| [SendGrid]({{< ref sendgrid.md >}})       |    | ✅ | Experimental |
-
-
-### Amazon Web Service (AWS)
-
-| Name | Input<br>Binding | Output<br>Binding | Status |
-|------|:----------------:|:-----------------:|--------|
-| [AWS DynamoDB]({{< ref dynamodb.md >}}) |    | ✅ | Experimental |
-| [AWS S3]({{< ref s3.md >}})             |    | ✅ | Experimental |
-| [AWS SNS]({{< ref sns.md >}})           |    | ✅ | Experimental |
-| [AWS SQS]({{< ref sqs.md >}})           | ✅ | ✅ | Experimental |
-| [AWS Kinesis]({{< ref kinesis.md >}})   | ✅ | ✅ | Experimental |
-
-
-### Google Cloud Platform (GCP)
-
-| Name | Input<br>Binding | Output<br>Binding | Status |
-|------|:----------------:|:-----------------:|--------|
-| [GCP Cloud Pub/Sub]({{< ref gcppubsub.md >}})  | ✅ | ✅ | Experimental |
-| [GCP Storage Bucket]({{< ref gcpbucket.md >}}) |     | ✅ | Experimental |
-
-### Microsoft Azure
-
-| Name | Input<br>Binding | Output<br>Binding | Status |
-|------|:----------------:|:-----------------:|--------|
-| [Azure Blob Storage]({{< ref blobstorage.md >}})            |    | ✅ | Experimental |
-| [Azure EventHubs]({{< ref eventhubs.md >}})                 | ✅ | ✅ | Experimental |
-| [Azure CosmosDB]({{< ref cosmosdb.md >}})                   |    | ✅ | Experimental |
-| [Azure Service Bus Queues]({{< ref servicebusqueues.md >}}) | ✅ | ✅ | Experimental |
-| [Azure SignalR]({{< ref signalr.md >}})                     |    | ✅ | Experimental |
-| [Azure Storage Queues]({{< ref storagequeues.md >}})        | ✅ | ✅ | Experimental |
-| [Azure Event Grid]({{< ref eventgrid.md >}})                | ✅ | ✅ | Experimental |
 
  ## Related Topics
-- [Implementing a new binding]({{< ref binding-specs >}})
 - [Trigger a service from different resources with input bindings]({{< ref howto-triggers.md >}})
 - [Invoke different resources using output bindings]({{< ref howto-bindings.md >}})
 

daprdocs/content/en/developing-applications/building-blocks/observability/tracing.md

@@ -23,7 +23,7 @@ Dapr adds a HTTP/gRPC middleware to the Dapr sidecar. The middleware intercepts
 
 Dapr uses the standard W3C Trace Context headers. For HTTP requests, Dapr uses `traceparent` header. For gRPC requests, Dapr uses `grpc-trace-bin` header.   When a request arrives without a trace ID, Dapr creates a new one. Otherwise, it passes the trace ID along the call chain.
 
-Read [W3C Tracing Context for distributed tracing](./W3C-traces.md) for more background on W3C Trace Context.
+Read [W3C distributed tracing]({{< ref w3c-tracing >}}) for more background on W3C Trace Context.
 
 ## Configuration
 
@@ -65,7 +65,7 @@ spec:
 
 ## References
 
-* [How-To: Set up Application Insights for distributed tracing](../../howto/diagnose-with-tracing/azure-monitor.md)
-* [How-To: Set up Zipkin for distributed tracing](../../howto/diagnose-with-tracing/zipkin.md)
-* [How-To: Use W3C Trace Context for distributed tracing](../../howto/use-w3c-tracecontext/README.md)
+- [How-To: Set up Application Insights for distributed tracing]({{< ref azure-monitor.md >}})
+- [How-To: Set up Zipkin for distributed tracing]({{< ref zipkin.md >}})
+- [W3C distributed tracing]({{< ref w3c-tracing >}})
 

daprdocs/content/en/developing-applications/building-blocks/observability/w3c-tracing/w3c-tracing-howto.md

@@ -8,23 +8,10 @@ type: docs
 ---
 
 # How to use trace context
-Dapr uses W3C trace context for distributed tracing for both service invocation and pub/sub messaging. Dapr does all the heavy lifting of generating and propagating the trace context information and there are very few cases where you need to either propagate or create a trace context. First read scenarios in the [W3C trace context for distributed tracing](../../concepts/observability/W3C-traces.md) article to understand whether you need to propagate or create a trace context.
+Dapr uses W3C trace context for distributed tracing for both service invocation and pub/sub messaging. Dapr does all the heavy lifting of generating and propagating the trace context information and there are very few cases where you need to either propagate or create a trace context. First read scenarios in the [W3C distributed tracing]({{< ref w3c-tracing >}}) article to understand whether you need to propagate or create a trace context.
 
 To view traces, read the [how to diagnose with tracing](../diagnose-with-tracing) article.
 
-## Contents
-- [How to retrieve trace context from a response](#how-to-retrieve-trace-context-from-a-response)
-- [How to propagate trace context in a request](#how-to-propagate-trace-context-in-a-request)
-- [How to create trace context](#how-to-create-trace-context)
-    - [Go](#create-trace-context-in-go)
-    - [Java](#create-trace-context-in-java)
-    - [Python](#create-trace-context-in-python)
-    - [NodeJS](#create-trace-context-in-nodejs)
-    - [C++](#create-trace-context-in-c++)
-    - [C#](#create-trace-context-in-c#)
-- [Putting it all together with a Go Sample](#putting-it-all-together-with-a-go-sample)
-- [Related Links](#related-links)
-
 ## How to retrieve trace context from a response
 `Note: There are no helper methods exposed in Dapr SDKs to propagate and retrieve trace context. You need to use http/gRPC clients to propagate and retrieve trace headers through http headers and gRPC metadata.`
 

daprdocs/content/en/developing-applications/building-blocks/secrets/howto-secrets.md

@@ -22,7 +22,13 @@ The first step involves setting up a secret store, either in the cloud or in the
 
 The second step is to configure the secret store with Dapr.
 
-Follow the instructions [here](../setup-secret-store) to set up the secret store of your choice.
+To deploy in Kubernetes, save the file above to `aws_secret_manager.yaml` and then run:
+
+```bash
+kubectl apply -f aws_secret_manager.yaml
+```
+
+To run locally, create a `components` dir containing the YAML file and provide the path to the `dapr run` command with the flag `--components-path`.
 
 Watch this [video](https://www.youtube.com/watch?v=OtbYCBt9C34&feature=youtu.be&t=1818) for an example on how to use the secrets API. Or watch this [video](https://www.youtube.com/watch?v=8W-iBDNvCUM&feature=youtu.be&t=1765) for an example on how to component scopes with secret components and the secrets API.
 

daprdocs/content/en/developing-applications/building-blocks/state-management/howto-get-save-state.md

@@ -17,12 +17,12 @@ In this guide we'll start of with the basics: Using the key/value state API to a
 ## Step 1: Setup a state store
 
 A state store component represents a resource that Dapr uses to communicate with a database.
-For the purpose of this how to we'll use a Redis state store, but any state store from the [supported list]({{< ref supported-state-stores.md >}}) will work.
+For the purpose of this how to we'll use a Redis state store, but any state store from the [supported list]({{< ref supported-state-stores >}}) will work.
 
 {{< tabs "Self-Hosted (CLI)" Kubernetes>}}
 
 {{% codetab %}}
-When using `Dapr init` in Standalone mode, the Dapr CLI automatically provisions a state store (Redis) and creates the relevant YAML when running your app with `dapr run`.
+When using `Dapr init` in Standalone mode, the Dapr CLI automatically provisions a state store (Redis) and creates the relevant YAML in a `components` directory, which for Linux/MacOS is `$HOME/.dapr/components` and for Windows is `%USERPROFILE%\.dapr\components`
 
 To change the state store being used, replace the YAML under `/components` with the file of your choice.
 {{% /codetab %}}

daprdocs/content/en/operations/components/component-scopes.md

@@ -2,7 +2,7 @@
 type: docs
 title: "How-To: Scope components to one or more applications"
 linkTitle: "How-To: Set component scopes"
-weight: 6000
+weight: 100
 description: "Limit component access to particular Dapr instances"
 ---
 

daprdocs/content/en/operations/components/component-secrets.md

@@ -2,7 +2,7 @@
 type: docs
 title: "How-To: Reference secret stores in components"
 linkTitle: "How-To: Reference secrets"
-weight: 7000
+weight: 200
 description: "How to securly reference secrets from a component definition"
 ---
 

daprdocs/content/en/operations/components/setup-bindings/supported-bindings/_index.md

@@ -0,0 +1,57 @@
+---
+type: docs
+title: "Supported external bindings"
+linkTitle: "Supported bindings"
+weight: 200
+description: List of all the supported external bindings that can interface with Dapr
+---
+
+Every binding has its own unique set of properties. Click the name link to see the component YAML for each binding.
+
+### Generic
+
+| Name | Input<br>Binding | Output<br>Binding | Status |
+|------|:----------------:|:-----------------:|--------|
+| [Cron (Scheduler)]({{< ref cron.md >}}) | ✅ | ✅ | Experimental |
+| [HTTP]({{< ref http.md >}})           |    | ✅ | Experimental |
+| [InfluxDB]({{< ref influxdb.md >}})       |    | ✅ | Experimental |
+| [Kafka]({{< ref kafka.md >}})         | ✅ | ✅ | Experimental |
+| [Kubernetes Events]({{< ref "kubernetes-binding.md" >}}) | ✅ |    | Experimental |
+| [MQTT]({{< ref mqtt.md >}})           | ✅ | ✅ | Experimental |
+| [PostgreSql]({{< ref postgres.md >}})       |    | ✅ | Experimental |
+| [RabbitMQ]({{< ref rabbitmq.md >}})   | ✅ | ✅ | Experimental |
+| [Redis]({{< ref redis.md >}})         |    | ✅ | Experimental |
+| [Twilio]({{< ref twilio.md >}})       |    | ✅ | Experimental |
+| [Twitter]({{< ref twitter.md >}})       | ✅ | ✅ | Experimental |
+| [SendGrid]({{< ref sendgrid.md >}})       |    | ✅ | Experimental |
+
+
+### Amazon Web Service (AWS)
+
+| Name | Input<br>Binding | Output<br>Binding | Status |
+|------|:----------------:|:-----------------:|--------|
+| [AWS DynamoDB]({{< ref dynamodb.md >}}) |    | ✅ | Experimental |
+| [AWS S3]({{< ref s3.md >}})             |    | ✅ | Experimental |
+| [AWS SNS]({{< ref sns.md >}})           |    | ✅ | Experimental |
+| [AWS SQS]({{< ref sqs.md >}})           | ✅ | ✅ | Experimental |
+| [AWS Kinesis]({{< ref kinesis.md >}})   | ✅ | ✅ | Experimental |
+
+
+### Google Cloud Platform (GCP)
+
+| Name | Input<br>Binding | Output<br>Binding | Status |
+|------|:----------------:|:-----------------:|--------|
+| [GCP Cloud Pub/Sub]({{< ref gcppubsub.md >}})  | ✅ | ✅ | Experimental |
+| [GCP Storage Bucket]({{< ref gcpbucket.md >}}) |     | ✅ | Experimental |
+
+### Microsoft Azure
+
+| Name | Input<br>Binding | Output<br>Binding | Status |
+|------|:----------------:|:-----------------:|--------|
+| [Azure Blob Storage]({{< ref blobstorage.md >}})            |    | ✅ | Experimental |
+| [Azure EventHubs]({{< ref eventhubs.md >}})                 | ✅ | ✅ | Experimental |
+| [Azure CosmosDB]({{< ref cosmosdb.md >}})                   |    | ✅ | Experimental |
+| [Azure Service Bus Queues]({{< ref servicebusqueues.md >}}) | ✅ | ✅ | Experimental |
+| [Azure SignalR]({{< ref signalr.md >}})                     |    | ✅ | Experimental |
+| [Azure Storage Queues]({{< ref storagequeues.md >}})        | ✅ | ✅ | Experimental |
+| [Azure Event Grid]({{< ref eventgrid.md >}})                | ✅ | ✅ | Experimental |

daprdocs/content/en/operations/components/setup-bindings/supported-bindings/rethinkdb.md

@@ -1,10 +1,8 @@
 ---
 type: docs
-title: "RethinkDB binding"
+title: "RethinkDB binding spec"
 linkTitle: "RethinkDB"
-description: "Use bindings to RethinkDB for tracking state store changes"
-weight: 4000
-type: docs
+description: "Detailed documentation on the RethinkDB binding component"
 ---
 
 The RethinkDB state store supports transactions which means it can be used to support Dapr actors. Dapr persists only the actor's current state which doesn't allow the users to track how actor's state may have changed over time.

daprdocs/content/en/operations/components/setup-pubsub/_index.md

@@ -1,8 +1,7 @@
 ---
 type: docs
-title: "Pub/Sub components"
-linkTitle: "Pub/Sub"
+title: "Pub/Sub brokers"
+linkTitle: "Pub/sub brokers"
 description: "Guidance on setting up different message brokers for Dapr Pub/Sub"
 weight: 2000
-type: docs
 ---

daprdocs/content/en/operations/components/setup-pubsub/pubsub-namespaces.md

@@ -1,8 +1,8 @@
 ---
 type: docs
 title: "Pub/Sub and namespaces"
-linkTitle: "Kubernetes Namespaces"
-weight: 4000
+linkTitle: "Kubernetes namespaces"
+weight: 20000
 description: "Use Dapr Pub/Sub with multiple namespaces"
 ---
 

daprdocs/content/en/operations/components/setup-pubsub/setup-pubsub-overview.md

@@ -7,9 +7,7 @@ weight: 10000
 type: docs
 ---
 
-Dapr integrates with pub/sub message buses to provide apps with the ability to create event-driven, loosely coupled architectures where producers send events to consumers via topics.
-
-Dapr supports the configuration of multiple, named, pub/sub components *per application*. Each pub/sub component has a name and this name is used when publishing a message topic
+Dapr integrates with pub/sub message buses to provide apps with the ability to create event-driven, loosely coupled architectures where producers send events to consumers via topics. It supports the configuration of multiple, named, pub/sub components *per application*. Each pub/sub component has a name and this name is used when publishing a message topic
 
 Pub/Sub message buses are extensible and can be found in the [components-contrib repo](https://github.com/dapr/components-contrib).
 
@@ -32,33 +30,10 @@ spec:
 ```
 
 The type of pub/sub is determined by the `type` field, and things like connection strings and other metadata are put in the `.metadata` section.
-Even though you can put plain text secrets in there, it is recommended you use a [secret store](../../concepts/secrets) using a `secretKeyRef`
+Even though you can put plain text secrets in there, it is recommended you use a [secret store]({{< ref component-secrets.md >}}) using a `secretKeyRef`
 
-## Running locally
-
-When running locally with the Dapr CLI, a component file for a Redis pub/sub is  created in a `components` directory, which for Linux/MacOS is `$HOME/.dapr/components` and for Windows is `%USERPROFILE%\.dapr\components`. See [Environment Setup](../getting-started/environment-setup.md#installing-dapr-in-self-hosted-mode)
-
-You can make changes to this file the way you see fit, whether to change connection values or replace it with a different pub/sub.
-
-## Running in Kubernetes
-
-Dapr uses a Kubernetes Operator to update the sidecars running in the cluster with different components.
-To setup a pub/sub in Kubernetes, use `kubectl` to apply the component file:
-
-```bash
-kubectl apply -f pubsub.yaml
-```
+Visit [this guide]({{< ref "howto-publish-subscribe.md#step-2-publish-a-topic" >}}) for instructions on configuring pub/sub components.
 
 ## Related links
 
-- [Setup Redis Streams](./setup-redis.md)
-- [Setup NATS Streaming](./setup-nats-streaming.md)
-- [Setup Azure Service bus](./setup-azure-servicebus.md)
-- [Setup RabbitMQ](./setup-rabbitmq.md)
-- [Setup GCP Pubsub](./setup-gcp.md)
-- [Setup Hazelcast Pubsub](./setup-hazelcast.md)
-- [Setup Azure Event Hubs](./setup-azure-eventhubs.md)
-- [Setup SNS/SQS](./setup-snssqs.md)
-- [Setup MQTT](./setup-mqtt.md)
-- [Setup Apache Pulsar](./setup-pulsar.md)
-- [Setup Kafka](./setup-kafka.md)
+- [Supported pub/sub components]({{< ref supported-pubsub >}})

daprdocs/content/en/operations/components/setup-pubsub/supported-pubsub/_index.md

@@ -0,0 +1,8 @@
+---
+type: docs
+title: "Supported pub/sub components"
+linkTitle: "Supported pub/sub"
+weight: 30000
+description: List of all the supported external bindings that can interface with Dapr
+simple_list: true
+---

daprdocs/content/en/operations/components/setup-pubsub/supported-pubsub/setup-apache-kafka.md

@@ -2,17 +2,22 @@
 type: docs
 title: "Apache Kafka"
 linkTitle: "Apache Kafka"
-type: docs
+description: "Detailed documentation on the Apache Kafka pubsub component"
 ---
 
-## Locally
+## Setup Kafka
+{{< tabs "Self-Hosted" "Kubernetes">}}
 
+{{% codetab %}}
 You can run Kafka locally using [this](https://github.com/wurstmeister/kafka-docker) Docker image.
 To run without Docker, see the getting started guide [here](https://kafka.apache.org/quickstart).
+{{% /codetab %}}
 
-## Kubernetes
-
+{{% codetab %}}
 To run Kafka on Kubernetes, you can use the [Helm Chart](https://github.com/helm/charts/tree/master/incubator/kafka#installing-the-chart).
+{{% /codetab %}}
+
+{{< /tabs >}}
 
 ## Create a Dapr component
 
@@ -43,19 +48,13 @@ spec:
     - name: saslPassword
       value: <password>
 ```
-
-The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here](../../concepts/secrets/README.md).
+{{% alert title="Warning" color="warning" %}}
+The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{< ref component-secrets.md >}}).
+{{% /alert %}}
 
 ## Apply the configuration
 
-### In Kubernetes
+Visit [this guide]({{< ref "howto-publish-subscribe.md#step-2-publish-a-topic" >}}) for instructions on configuring pub/sub components.
 
-To apply the Kafka component to Kubernetes, use the `kubectl`:
-
-```
-kubectl apply -f kafka.yaml
-```
-
-### Running locally
-
-To run locally, create a `components` dir containing the YAML file and provide the path to the `dapr run` command with the flag `--components-path`.
+## Related links
+- [Pub/Sub building block]({{< ref pubsub >}})

daprdocs/content/en/operations/components/setup-pubsub/supported-pubsub/setup-aws-snssqs.md

@@ -2,13 +2,17 @@
 type: docs
 title: "AWS SNS/SQS"
 linkTitle: "AWS SNS/SQS"
-type: docs
+description: "Detailed documentation on the AWS SNS/SQS pubsub component"
 ---
 
-This article describes configuring Dapr to use AWS SNS/SQS for pub/sub on local and Kubernetes environments. For local development, the [localstack project](https://github.com/localstack/localstack) is used to integrate AWS SNS/SQS.
-Follow the instructions [here](https://github.com/localstack/localstack#installing) to install the localstack CLI.
+This article describes configuring Dapr to use AWS SNS/SQS for pub/sub on local and Kubernetes environments. 
 
-## Locally
+## Setup SNS/SQS
+
+{{< tabs "Self-Hosted" "Kubernetes" "AWS" >}}
+
+{{% codetab %}}
+For local development the [localstack project](https://github.com/localstack/localstack) is used to integrate AWS SNS/SQS. Follow the instructions [here](https://github.com/localstack/localstack#installing) to install the localstack CLI.
 
 In order to use localstack with your pubsub binding, you need to provide the `awsEndpoint` configuration 
 in the component metadata. The `awsEndpoint` is unncessary when running against production AWS.
@@ -27,9 +31,9 @@ spec:
     - name: awsRegion
       value: us-east-1
 ```
+{{% /codetab %}}
 
-## Kubernetes
-
+{{% codetab %}}
 To run localstack on Kubernetes, you can apply the configuration below. Localstack is then 
 reachable at the DNS name `http://localstack.default.svc.cluster.local:4566` 
 (assuming this was applied to the default namespace) and this should be used as the `awsEndpoint`
@@ -73,11 +77,15 @@ spec:
   type: LoadBalancer
 
 ```
+{{% /codetab %}}
 
-## Run in AWS
+{{% codetab %}}
 In order to run in AWS, you should create an IAM user with permissions to the SNS and SQS services. 
 Use the account ID and account secret and plug them into the `awsAccountID` and `awsAccountSecret`
 in the component metadata using kubernetes secrets.
+{{% /codetab %}}
+
+{{< /tabs >}}
 
 ## Create a Dapr component
 
@@ -107,24 +115,16 @@ spec:
       value: us-east-1
 ```
 
-The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here](../../concepts/secrets/README.md).
+{{% alert title="Warning" color="warning" %}}
+The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{< ref component-secrets.md >}}).
+{{% /alert %}}
 
 ## Apply the configuration
 
-### In Kubernetes
+Visit [this guide]({{< ref "howto-publish-subscribe.md#step-2-publish-a-topic" >}}) for instructions on configuring pub/sub components.
 
-To apply the SNS/SQS component to Kubernetes, use the `kubectl` command:
-
-```
-kubectl apply -f snssqs.yaml
-```
-
-### Running locally
-
-Place the above components file `snssqs.yaml` in the local components directory (either the default directory or in a path you define when running the CLI command `dapr run`)
-
-
-## Related Links
+## Related links
+- [Pub/Sub building block]({{< ref pubsub >}})
 - [AWS SQS as subscriber to SNS](https://docs.aws.amazon.com/sns/latest/dg/sns-sqs-as-subscriber.html)
 - [AWS SNS API refernce](https://docs.aws.amazon.com/sns/latest/api/Welcome.html)
 - [AWS SQS API refernce](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/Welcome.html)

daprdocs/content/en/operations/components/setup-pubsub/supported-pubsub/setup-azure-eventhubs.md

@@ -2,9 +2,11 @@
 type: docs
 title: "Azure Events Hub"
 linkTitle: "Azure Events Hub"
-type: docs
+description: "Detailed documentation on the Azure Event Hubs pubsub component"
 ---
 
+## Setup Azure Event Hubs
+
 Follow the instructions [here](https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-create) on setting up Azure Event Hubs.
 Since this implementation uses the Event Processor Host, you will also need an [Azure Storage Account](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-create?tabs=azure-portal).
 
@@ -35,7 +37,9 @@ spec:
 
 See [here](https://docs.microsoft.com/en-us/azure/event-hubs/authorize-access-shared-access-signature) on how to get the Event Hubs connection string. Note this is not the Event Hubs namespace.
 
-The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here](../../concepts/secrets/README.md)
+{{% alert title="Warning" color="warning" %}}
+The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{< ref component-secrets.md >}}).
+{{% /alert %}}
 
 ## Create consumer groups for each subscriber
 
@@ -44,14 +48,7 @@ For example, a Dapr app running on Kubernetes with `dapr.io/app-id: "myapp"` wil
 
 ## Apply the configuration
 
-### In Kubernetes
+Visit [this guide]({{< ref "howto-publish-subscribe.md#step-2-publish-a-topic" >}}) for instructions on configuring pub/sub components.
 
-To apply the Azure Event Hubs pub/sub to Kubernetes, use the `kubectl` CLI:
-
-```bash
-kubectl apply -f eventhubs.yaml
-```
-
-### Running locally
-
-To run locally, create a `components` dir containing the YAML file and provide the path to the `dapr run` command with the flag `--components-path`.
+## Related links
+- [Pub/Sub building block]({{< ref pubsub >}})

daprdocs/content/en/operations/components/setup-pubsub/supported-pubsub/setup-azure-servicebus.md

@@ -1,10 +1,12 @@
 ---
 type: docs
 title: "Azure Service Bus"
-linkTitle: "Azure Events Hub"
-type: docs
+linkTitle: "Azure Service Bus"
+description: "Detailed documentation on the Azure Service Bus pubsub component"
 ---
 
+## Setup Azure Service Bus
+
 Follow the instructions [here](https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-quickstart-topics-subscriptions-portal) on setting up Azure Service Bus Topics.
 
 ## Create a Dapr component
@@ -52,18 +54,13 @@ spec:
 
 > __NOTE:__ The above settings are shared across all topics that use this component.
 
-The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here](../../concepts/secrets/README.md)
+{{% alert title="Warning" color="warning" %}}
+The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{< ref component-secrets.md >}}).
+{{% /alert %}}
 
 ## Apply the configuration
 
-### In Kubernetes
+Visit [this guide]({{< ref "howto-publish-subscribe.md#step-2-publish-a-topic" >}}) for instructions on configuring pub/sub components.
 
-To apply the Azure Service Bus pub/sub to Kubernetes, use the `kubectl` CLI:
-
-```bash
-kubectl apply -f azuresb.yaml
-```
-
-### Running locally
-
-To run locally, create a `components` dir containing the YAML file and provide the path to the `dapr run` command with the flag `--components-path`.
+## Related links
+- [Pub/Sub building block]({{< ref pubsub >}})

daprdocs/content/en/operations/components/setup-pubsub/supported-pubsub/setup-gcp.md

@@ -2,9 +2,11 @@
 type: docs
 title: "GCP Pub/Sub"
 linkTitle: "GCP Pub/Sub"
-type: docs
+description: "Detailed documentation on the GCP Pub/Sub component"
 ---
 
+## Setup GCP Pub/Sub
+
 Follow the instructions [here](https://cloud.google.com/pubsub/docs/quickstart-console) on setting up Google Cloud Pub/Sub system.
 
 ## Create a Dapr component
@@ -61,18 +63,13 @@ spec:
 - `private_key` is the GCP credentials private key.
 - `disableEntityManagement`  Optional. Default: false. When set to true, topics and subscriptions do not get created automatically.
 
-The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here](../../concepts/secrets/README.md)
+{{% alert title="Warning" color="warning" %}}
+The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{< ref component-secrets.md >}}).
+{{% /alert %}}
 
 ## Apply the configuration
 
-### In Kubernetes
+Visit [this guide]({{< ref "howto-publish-subscribe.md#step-2-publish-a-topic" >}}) for instructions on configuring pub/sub components.
 
-To apply the Google Cloud pub/sub to Kubernetes, use the `kubectl` CLI:
-
-```bash
-kubectl apply -f messagebus.yaml
-```
-
-### Running locally
-
-To run locally, create a `components` dir containing the YAML file and provide the path to the `dapr run` command with the flag `--components-path`.
+## Related links
+- [Pub/Sub building block]({{< ref pubsub >}})

daprdocs/content/en/operations/components/setup-pubsub/supported-pubsub/setup-hazelcast.md

@@ -2,11 +2,14 @@
 type: docs
 title: "Hazelcast"
 linkTitle: "Hazelcast"
-type: docs
+description: "Detailed documentation on the Hazelcast pubsub component"
 ---
 
-## Locally
+## Setup Hazelcast
 
+{{< tabs "Self-Hosted" "Kubernetes">}}
+
+{{% codetab %}}
 You can run Hazelcast locally using Docker:
 
 ```
@@ -14,10 +17,13 @@ docker run -e JAVA_OPTS="-Dhazelcast.local.publicAddress=127.0.0.1:5701" -p 5701
 ```
 
 You can then interact with the server using the `127.0.0.1:5701`.
+{{% /codetab %}}
 
-## Kubernetes
+{{% codetab %}}
+The easiest way to install Hazelcast on Kubernetes is by using the [Helm chart](https://github.com/helm/charts/tree/master/stable/hazelcast).
+{{% /codetab %}}
 
-The easiest way to install Hazelcast on Kubernetes is by using the [Helm chart](https://github.com/helm/charts/tree/master/stable/hazelcast):
+{{< /tabs >}}
 
 ## Create a Dapr component
 
@@ -38,19 +44,13 @@ spec:
     value: <REPLACE-WITH-HOSTS> # Required. A comma delimited string of servers. Example: "hazelcast:3000,hazelcast2:3000"
 ```
 
-The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here](../../concepts/secrets/README.md).
-
+{{% alert title="Warning" color="warning" %}}
+The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{< ref component-secrets.md >}}).
+{{% /alert %}}
 
 ## Apply the configuration
 
-### In Kubernetes
+Visit [this guide]({{< ref "howto-publish-subscribe.md#step-2-publish-a-topic" >}}) for instructions on configuring pub/sub components.
 
-To apply the Hazelcast state store to Kubernetes, use the `kubectl` CLI:
-
-```
-kubectl apply -f hazelcast.yaml
-```
-
-### Running locally
-
-To run locally, create a `components` dir containing the YAML file and provide the path to the `dapr run` command with the flag `--components-path`.
+## Related links
+- [Pub/Sub building block]({{< ref pubsub >}})

daprdocs/content/en/operations/components/setup-pubsub/supported-pubsub/setup-mqtt.md

@@ -2,20 +2,23 @@
 type: docs
 title: "MQTT"
 linkTitle: "MQTT"
-type: docs
+description: "Detailed documentation on the MQTT pubsub component"
 ---
 
-## Locally
+## Setup MQTT
 
+{{< tabs "Self-Hosted" "Kubernetes">}}
+
+{{% codetab %}}
 You can run a MQTT broker [locally using Docker](https://hub.docker.com/_/eclipse-mosquitto):
 
 ```bash
 docker run -d -p 1883:1883 -p 9001:9001 --name mqtt eclipse-mosquitto:1.6.9
 ```
 You can then interact with the server using the client port: `mqtt://localhost:1883`
+{{% /codetab %}}
 
-## Kubernetes
-
+{{% codetab %}}
 You can run a MQTT broker in kubernetes using following yaml:
 
 ```yaml
@@ -68,6 +71,9 @@ spec:
       protocol: TCP
 ```
 You can then interact with the server using the client port: `tcp://mqtt-broker.default.svc.cluster.local:1883`
+{{% /codetab %}}
+
+{{< /tabs >}}
 
 ## Create a Dapr component
 
@@ -113,29 +119,23 @@ spec:
 ```
 
 Where:
-* **url** (required) is the address of the MQTT broker.
-    - use **tcp://** scheme for non-TLS communication.
-    - use **tcps://** scheme for TLS communication.
-* **qos** (optional) indicates the Quality of Service Level (QoS) of the message. (Default 0)
-* **retain** (optional) defines whether the message is saved by the broker as the last known good value for a specified topic. (Default false)
-* **cleanSession** (optional) will set the "clean session" in the connect message when client connects to an MQTT broker . (Default true)
-* **caCert** (required for using TLS) is the certificate authority certificate.
-* **clientCert** (required for using TLS) is the client certificate.
-* **clientKey** (required for using TLS) is the client key.
+- **url** (required) is the address of the MQTT broker.
+-   - use **tcp://** scheme for non-TLS communication.
+-   - use **tcps://** scheme for TLS communication.
+- **qos** (optional) indicates the Quality of Service Level (QoS) of the message. (Default 0)
+- **retain** (optional) defines whether the message is saved by the broker as the last known good value for a specified topic. (Default false)
+- **cleanSession** (optional) will set the "clean session" in the connect message when client connects to an MQTT broker . (Default true)
+- **caCert** (required for using TLS) is the certificate authority certificate.
+- **clientCert** (required for using TLS) is the client certificate.
+- **clientKey** (required for using TLS) is the client key.
 
-The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here](../../concepts/secrets/README.md)
+{{% alert title="Warning" color="warning" %}}
+The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{< ref component-secrets.md >}}).
+{{% /alert %}}
 
 ## Apply the configuration
 
-### In Kubernetes
-
-To apply the MQTT pubsub to Kubernetes, use the `kubectl` CLI:
-
-```bash
-kubectl apply -f mqtt.yaml
-```
-
-### Running locally
-
-To run locally, create a `components` dir containing the YAML file and provide the path to the `dapr run` command with the flag `--components-path`.
+Visit [this guide]({{< ref "howto-publish-subscribe.md#step-2-publish-a-topic" >}}) for instructions on configuring pub/sub components.
 
+## Related links
+- [Pub/Sub building block]({{< ref pubsub >}})

daprdocs/content/en/operations/components/setup-pubsub/supported-pubsub/setup-nats-streaming.md

@@ -2,11 +2,14 @@
 type: docs
 title: "NATS streaming"
 linkTitle: "NATS streaming"
-type: docs
+description: "Detailed documentation on the NATS pubsub component"
 ---
 
-## Locally
+## Setup NATS
 
+{{< tabs "Self-Hosted" "Kubernetes">}}
+
+{{% codetab %}}
 You can run a NATS server locally using Docker:
 
 ```bash
@@ -14,9 +17,9 @@ docker run -d -name nats-streaming -p 4222:4222 -p 8222:8222 nats-streaming
 ```
 
 You can then interact with the server using the client port: `localhost:4222`.
+{{% /codetab %}}
 
-## Kubernetes
-
+{{% codetab %}}
 Install NATS on Kubernetes by using the [kubectl](https://docs.nats.io/nats-on-kubernetes/minimal-setup):
 
 ```bash
@@ -33,6 +36,9 @@ To interact with NATS, find the service with: `kubectl get svc stan`.
 For example, if installing using the example above, the NATS Streaming address would be:
 
 `<YOUR-HOST>:4222`
+{{% /codetab %}}
+
+{{< /tabs >}}
 
 ## Create a Dapr component
 
@@ -78,19 +84,13 @@ spec:
   #   value: ""
 ```
 
-
-The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here](../../concepts/secrets/README.md)
+{{% alert title="Warning" color="warning" %}}
+The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{< ref component-secrets.md >}}).
+{{% /alert %}}
 
 ## Apply the configuration
 
-### In Kubernetes
+Visit [this guide]({{< ref "howto-publish-subscribe.md#step-2-publish-a-topic" >}}) for instructions on configuring pub/sub components.
 
-To apply the NATS pub/sub to Kubernetes, use the `kubectl` CLI:
-
-```bash
-kubectl apply -f nats-stan.yaml
-```
-
-### Running locally
-
-To run locally, create a `components` dir containing the YAML file and provide the path to the `dapr run` command with the flag `--components-path`.
+## Related links
+- [Pub/Sub building block]({{< ref pubsub >}})

daprdocs/content/en/operations/components/setup-pubsub/supported-pubsub/setup-pulsar.md

@@ -2,10 +2,14 @@
 type: docs
 title: "Pulsar"
 linkTitle: "Pulsar"
-type: docs
+description: "Detailed documentation on the Pulsar pubsub component"
 ---
 
-## Locally
+## Setup Pulsar
+
+{{< tabs "Self-Hosted" "Kubernetes">}}
+
+{{% codetab %}}
 ```
 docker run -it \
   -p 6650:6650 \
@@ -16,10 +20,13 @@ docker run -it \
   bin/pulsar standalone
 
 ```
+{{% /codetab %}}
 
-## Kubernetes
-
+{{% codetab %}}
 Please refer to the following [Helm chart](https://pulsar.apache.org/docs/en/kubernetes-helm/) Documentation.
+{{% /codetab %}}
+
+{{< /tabs >}}
 
 ## Create a Dapr component
 
@@ -45,10 +52,7 @@ spec:
 
 ## Apply the configuration
 
-To apply the Pulsar pub/sub to Kubernetes, use the kubectl CLI:
+Visit [this guide]({{< ref "howto-publish-subscribe.md#step-2-publish-a-topic" >}}) for instructions on configuring pub/sub components.
 
-`` kubectl apply -f pulsar.yaml ``
-
-### Running locally ###
-
-To run locally, create a `components` dir containing the YAML file and provide the path to the `dapr run` command with the flag `--components-path`.
+## Related links
+- [Pub/Sub building block]({{< ref pubsub >}})

daprdocs/content/en/operations/components/setup-pubsub/supported-pubsub/setup-rabbitmq.md

@@ -2,11 +2,14 @@
 type: docs
 title: "RabbitMQ"
 linkTitle: "RabbitMQ"
-type: docs
+description: "Detailed documentation on the RabbitMQ pubsub component"
 ---
 
-## Locally
+## Setup RabbitMQ
 
+{{< tabs "Self-Hosted" "Kubernetes" >}}
+
+{{% codetab %}}
 You can run a RabbitMQ server locally using Docker:
 
 ```bash
@@ -14,9 +17,9 @@ docker run -d --hostname my-rabbit --name some-rabbit rabbitmq:3
 ```
 
 You can then interact with the server using the client port: `localhost:5672`.
+{{% /codetab %}}
 
-## Kubernetes
-
+{{% codetab %}}
 The easiest way to install RabbitMQ on Kubernetes is by using the [Helm chart](https://github.com/helm/charts/tree/master/stable/rabbitmq):
 
 ```bash
@@ -31,6 +34,9 @@ To interact with RabbitMQ, find the service with: `kubectl get svc rabbitmq`.
 For example, if installing using the example above, the RabbitMQ server client address would be:
 
 `rabbitmq.default.svc.cluster.local:5672`
+{{% /codetab %}}
+
+{{< /tabs >}}
 
 ## Create a Dapr component
 
@@ -63,18 +69,13 @@ spec:
     value: <REPLACE-WITH-REQUEUE-IN-FAILURE> # Optional. Default: "false".
 ```
 
-The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here](../../concepts/secrets/README.md)
+{{% alert title="Warning" color="warning" %}}
+The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{< ref component-secrets.md >}}).
+{{% /alert %}}
 
 ## Apply the configuration
 
-### In Kubernetes
+Visit [this guide]({{< ref "howto-publish-subscribe.md#step-2-publish-a-topic" >}}) for instructions on configuring pub/sub components.
 
-To apply the RabbitMQ pub/sub to Kubernetes, use the `kubectl` CLI:
-
-```bash
-kubectl apply -f rabbitmq.yaml
-```
-
-### Running locally
-
-To run locally, create a `components` dir containing the YAML file and provide the path to the `dapr run` command with the flag `--components-path`.
+## Related links
+- [Pub/Sub building block]({{< ref pubsub >}})

daprdocs/content/en/operations/components/setup-pubsub/supported-pubsub/setup-redis-pubsub.md

@@ -1,22 +1,24 @@
 ---
 type: docs
-title: "Redis streams"
-linkTitle: "Redis streams"
-type: docs
+title: "Redis Streams"
+linkTitle: "Redis Streams"
+description: "Detailed documentation on the Redis Streams pubsub component"
+weight: 100
 ---
 
-## Creating a Redis instance
+## Setup a Redis instance
 
 Dapr can use any Redis instance - containerized, running on your local dev machine, or a managed cloud service, provided the version of Redis is 5.0.0 or later. If you already have a Redis instance > 5.0.0 installed, move on to the [Configuration](#configuration) section.
 
-### Running locally
+{{< tabs "Self-Hosted" "Kubernetes" "AWS" "GCP" "Azure">}}
 
+{{% codetab %}}
 The Dapr CLI will automatically create and setup a Redis Streams instance for you.
 The Redis instance will be installed via Docker when you run `dapr init`, and the component file will be created in default directory. (`$HOME/.dapr/components` directory (Mac/Linux) or `%USERPROFILE%\.dapr\components` on Windows).
+{{% /codetab %}}
 
-### Creating a Redis instance in your Kubernetes Cluster using Helm
-
-We can use [Helm](https://helm.sh/) to quickly create a Redis instance in our Kubernetes cluster. This approach requires [Installing Helm](https://github.com/helm/helm#install).
+{{% codetab %}}
+You can use [Helm](https://helm.sh/) to quickly create a Redis instance in our Kubernetes cluster. This approach requires [Installing Helm](https://github.com/helm/helm#install).
 
 1. Install Redis into your cluster.
     ```bash
@@ -44,19 +46,27 @@ We can use [Helm](https://helm.sh/) to quickly create a Redis instance in our Ku
         - name: redisPassword
           value: "lhDOkwTlp0"
     ```
+{{% /codetab %}}
 
-### Other ways to create a Redis Database
+{{% codetab %}}
+[AWS Redis](https://aws.amazon.com/redis/)
+{{% /codetab %}}
 
-- [AWS Redis](https://aws.amazon.com/redis/)
-- [GCP Cloud MemoryStore](https://cloud.google.com/memorystore/)
+{{% codetab %}}
+[GCP Cloud MemoryStore](https://cloud.google.com/memorystore/)
+{{% /codetab %}}
 
-## Configuration
+{{% codetab %}}
+[Azure Redis](https://docs.microsoft.com/en-us/azure/azure-cache-for-redis/quickstart-create-redis)
+{{% /codetab %}}
+
+{{< /tabs >}}
+
+## Create a Dapr component
 
 To setup Redis, you need to create a component for `pubsub.redis`.
 
-The following yaml files demonstrates how to define each. If the Redis instance supports TLS with public certificates it can be configured to enable or disable TLS in the yaml. **Note:** yaml files below illustrate secret management in plain text. In a production-grade application, follow [secret management](../../concepts/secrets/README.md) instructions to securely manage your secrets.
-
-### Configuring Redis Streams for Pub/Sub
+The following yaml files demonstrates how to define each. If the Redis instance supports TLS with public certificates it can be configured to enable or disable TLS in the yaml. 
 
 Create a file called pubsub.yaml, and paste the following:
 
@@ -77,14 +87,17 @@ spec:
     value: <bool>
 ```
 
+{{% alert title="Warning" color="warning" %}}
+The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{< ref component-secrets.md >}}).
+{{% /alert %}}
+
 ## Apply the configuration
 
-### Kubernetes
+{{% alert title="Note" color="primary" %}}
+The Dapr CLI automatically deploys a redis instance and creates Dapr components as part of the `dapr init` command.
+{{% /alert %}}
 
-```bash
-kubectl apply -f pubsub.yaml
-```
+Visit [this guide]({{< ref "howto-publish-subscribe.md#step-2-publish-a-topic" >}}) for instructions on configuring pub/sub components.
 
-### Standalone
-
-To run locally, create a `components` dir containing the YAML file and provide the path to the `dapr run` command with the flag `--components-path`.
+## Related links
+- [Pub/Sub building block]({{< ref pubsub >}})

daprdocs/content/en/operations/components/setup-secret-store/azure-keyvault.md

@@ -1,289 +0,0 @@
----
-type: docs
-title: "Azure Key Vault"
-linkTitle: "Azure Key Vault"
-type: docs
----
-
-This document shows how to enable Azure Key Vault secret store using [Dapr Secrets Component](../../concepts/secrets/README.md) for Standalone and Kubernetes mode. The Dapr secret store component uses Service Principal using certificate authorization to authenticate Key Vault.
-
-> **Note:** Find the Managed Identity for Azure Key Vault instructions [here](azure-keyvault-managed-identity.md).
-
-## Prerequisites
-
-- [Azure Subscription](https://azure.microsoft.com/en-us/free/)
-- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest)
-
-## Create an Azure Key Vault and a service principal
-
-This creates new service principal and grants it the permission to keyvault.
-
-1. Login to Azure and set the default subscription
-
-```bash
-# Log in Azure
-az login
-
-# Set your subscription to the default subscription
-az account set -s [your subscription id]
-```
-
-2. Create an Azure Key Vault in a region
-
-```bash
-az keyvault create --location [region] --name [your_keyvault] --resource-group [your resource group]
-```
-
-3. Create a service principal
-
-Create a service principal with a new certificate and store the 1-year certificate inside [your keyvault]'s certificate vault.
-
-> **Note** you can skip this step if you want to use an existing service principal for keyvault instead of creating new one
-
-```bash
-az ad sp create-for-rbac --name [your_service_principal_name] --create-cert --cert [certificate_name] --keyvault [your_keyvault] --skip-assignment --years 1
-
-{
-  "appId": "a4f90000-0000-0000-0000-00000011d000",
-  "displayName": "[your_service_principal_name]",
-  "name": "http://[your_service_principal_name]",
-  "password": null,
-  "tenant": "34f90000-0000-0000-0000-00000011d000"
-}
-```
-
-**Save the both the appId and tenant from the output which will be used in the next step**
-
-4. Get the Object Id for [your_service_principal_name]
-
-```bash
-az ad sp show --id [service_principal_app_id]
-
-{
-    ...
-    "objectId": "[your_service_principal_object_id]",
-    "objectType": "ServicePrincipal",
-    ...
-}
-```
-
-5. Grant the service principal the GET permission to your Azure Key Vault
-
-```bash
-az keyvault set-policy --name [your_keyvault] --object-id [your_service_principal_object_id] --secret-permissions get
-```
-
-Now, your service principal has access to your keyvault,  you are ready to configure the secret store component to use secrets stored in your keyvault to access other components securely.
-
-6. Download the certificate in PFX format from your Azure Key Vault either using the Azure portal or the Azure CLI:
-
-- **Using the Azure portal:**
-
-  Go to your key vault on the Azure portal and navigate to the *Certificates* tab under *Settings*. Find the certificate that was created during the service principal creation, named [certificate_name] and click on it.
-
-  Click *Download in PFX/PEM format* to download the certificate.
-
-- **Using the Azure CLI:**
-
-   ```bash
-   az keyvault secret download --vault-name [your_keyvault] --name [certificate_name] --encoding base64 --file [certificate_name].pfx
-   ```
-
-## Use Azure Key Vault secret store in Standalone mode
-
-This section walks you through how to enable an Azure Key Vault secret store to store a password to securely access a Redis state store in Standalone mode.
-
-1. Create a components directory in your application root
-
-```bash
-mkdir components
-```
-
-2. Copy downloaded PFX cert from your Azure Keyvault Certificate Vault into `./components` or a secure location in your local disk
-
-3. Create a file called azurekeyvault.yaml in the components directory
-
-Now create an Dapr azurekeyvault component. Create a file called azurekeyvault.yaml in the components directory with the content below
-
-```yaml
-apiVersion: dapr.io/v1alpha1
-kind: Component
-metadata:
-  name: azurekeyvault
-  namespace: default
-spec:
-  type: secretstores.azure.keyvault
-  metadata:
-  - name: vaultName
-    value: [your_keyvault_name]
-  - name: spnTenantId
-    value: "[your_service_principal_tenant_id]"
-  - name: spnClientId
-    value: "[your_service_principal_app_id]"
-  - name: spnCertificateFile
-    value : "[pfx_certificate_file_local_path]"
-```
-
-To run locally, create a `components` dir containing the YAML file and provide the path to the `dapr run` command with the flag `--components-path`.
-
-4. Store redisPassword secret to keyvault
-
-```bash
-az keyvault secret set --name redisPassword --vault-name [your_keyvault_name] --value "your redis passphrase"
-```
-
-5. Create redis.yaml in the components directory with the content below
-
-Create a statestore component file. This Redis component yaml shows how to use the `redisPassword` secret stored in an Azure Key Vault called azurekeyvault as a Redis connection password.
-
-```yaml
-apiVersion: dapr.io/v1alpha1
-kind: Component
-metadata:
-  name: statestore
-  namespace: default
-spec:
-  type: state.redis
-  metadata:
-  - name: redisHost
-    value: "[redis]:6379"
-  - name: redisPassword
-    secretKeyRef:
-      name: redisPassword
-      key: redisPassword
-auth:
-    secretStore: azurekeyvault
-```
-
-6. Run your app
-
-You can check that `secretstores.azure.keyvault` component is loaded and redis server connects successfully by looking at the log output when using the dapr `run` command
-
-Here is the log when you run [HelloWorld sample](https://github.com/dapr/quickstarts/tree/master/hello-world) with Azure Key Vault secret store.
-
-```bash
-$ dapr run --app-id mynode --app-port 3000 --dapr-http-port 3500 node app.js
-
-ℹ️  Starting Dapr with id mynode on port 3500
-✅  You're up and running! Both Dapr and your app logs will appear here.
-
-...
-== DAPR == time="2019-09-25T17:57:37-07:00" level=info msg="loaded component azurekeyvault (secretstores.azure.keyvault)"
-== APP == Node App listening on port 3000!
-== DAPR == time="2019-09-25T17:57:38-07:00" level=info msg="loaded component statestore (state.redis)"
-== DAPR == time="2019-09-25T17:57:38-07:00" level=info msg="loaded component messagebus (pubsub.redis)"
-...
-== DAPR == 2019/09/25 17:57:38 redis: connecting to [redis]:6379
-== DAPR == 2019/09/25 17:57:38 redis: connected to [redis]:6379 (localAddr: x.x.x.x:62137, remAddr: x.x.x.x:6379)
-...
-```
-
-## Use Azure Key Vault secret store in Kubernetes mode
-
-In Kubernetes mode, you store the certificate for the service principal into the Kubernetes Secret Store and then enable Azure Key Vault secret store with this certificate in Kubernetes secretstore.
-
-1. Create a kubernetes secret using the following command
-
-- **[pfx_certificate_file_local_path]** is the path of PFX cert file you downloaded from [Create Azure Key Vault and Service principal](#create-azure-key-vault-and-service-principal)
-
-- **[your_k8s_spn_secret_name]** is secret name in Kubernetes secret store
-
-```bash
-kubectl create secret generic [your_k8s_spn_secret_name] --from-file=[pfx_certificate_file_local_path]
-```
-
-2. Create azurekeyvault.yaml component file
-
-The component yaml refers to the Kubernetes secretstore using `auth` property and  `secretKeyRef` refers to the certificate stored in Kubernetes secret store.
-
-```yaml
-apiVersion: dapr.io/v1alpha1
-kind: Component
-metadata:
-  name: azurekeyvault
-  namespace: default
-spec:
-  type: secretstores.azure.keyvault
-  metadata:
-  - name: vaultName
-    value: [your_keyvault_name]
-  - name: spnTenantId
-    value: "[your_service_principal_tenant_id]"
-  - name: spnClientId
-    value: "[your_service_principal_app_id]"
-  - name: spnCertificate
-    secretKeyRef:
-      name: [your_k8s_spn_secret_name]
-      key: [pfx_certificate_file_local_name]
-auth:
-    secretStore: kubernetes
-```
-
-3. Apply azurekeyvault.yaml component
-
-```bash
-kubectl apply -f azurekeyvault.yaml
-```
-
-4. Store the redisPassword as a secret into your keyvault
-Now store the redisPassword as a secret into your keyvault
-
-```bash
-az keyvault secret set --name redisPassword --vault-name [your_keyvault_name] --value "your redis passphrase"
-```
-
-5. Create redis.yaml state store component
-
-This redis state store component refers to `azurekeyvault` component as a secretstore and uses the secret for `redisPassword` stored in Azure Key Vault.
-
-```yaml
-apiVersion: dapr.io/v1alpha1
-kind: Component
-metadata:
-  name: statestore
-  namespace: default
-spec:
-  type: state.redis
-  metadata:
-  - name: redisHost
-    value: "[redis_url]:6379"
-  - name: redisPassword
-    secretKeyRef:
-      name: redisPassword
-      key: redisPassword
-auth:
-    secretStore: azurekeyvault
-```
-
-6. Apply redis statestore component
-
-  ```bash
-  kubectl apply -f redis.yaml
-  ```
-
-7. Deploy your app to Kubernetes
-
-Make sure that `secretstores.azure.keyvault` is loaded successfully in `daprd` sidecar log
-
-Here is the nodeapp log of [HelloWorld Kubernetes sample](https://github.com/dapr/quickstarts/tree/master/hello-kubernetes). Note: use the nodeapp name for your deployed container instance.
-
-```bash
-$ kubectl logs nodeapp-f7b7576f4-4pjrj daprd
-
-time="2019-09-26T20:34:23Z" level=info msg="starting Dapr Runtime -- version 0.4.0-alpha.4 -- commit 876474b-dirty"
-time="2019-09-26T20:34:23Z" level=info msg="log level set to: info"
-time="2019-09-26T20:34:23Z" level=info msg="kubernetes mode configured"
-time="2019-09-26T20:34:23Z" level=info msg="app id: nodeapp"
-time="2019-09-26T20:34:24Z" level=info msg="loaded component azurekeyvault (secretstores.azure.keyvault)"
-time="2019-09-26T20:34:25Z" level=info msg="loaded component statestore (state.redis)"
-...
-2019/09/26 20:34:25 redis: connecting to redis-master:6379
-2019/09/26 20:34:25 redis: connected to redis-master:6379 (localAddr: 10.244.3.67:42686, remAddr: 10.0.1.26:6379)
-...
-```
-
-## References
-
-- [Azure CLI Keyvault CLI](https://docs.microsoft.com/en-us/cli/azure/keyvault?view=azure-cli-latest#az-keyvault-create)
-- [Create an Azure service principal with Azure CLI](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest)
-- [Secrets Component](../../concepts/secrets/README.md)

daprdocs/content/en/operations/components/setup-secret-store/envvar-secret-store.md

@@ -1,74 +0,0 @@
----
-type: docs
-title: "Local environment variables (for Development)"
-linkTitle: "Local environment variables"
-type: docs
----
-
-This document shows how to enable [environment variable](https://en.wikipedia.org/wiki/Environment_variable) secret store using [Dapr Secrets Component](../../concepts/secrets/README.md) for Development scenarios in Standalone mode. This Dapr secret store component locally defined environment variable and does not use authentication.
-
-> Note, this approach to secret management is not recommended for production environments.
-
-## How to enable environment variable secret store
-
-To enable environment variable secret store, create a file with the following content in your components directory:
-
-```yaml
-apiVersion: dapr.io/v1alpha1
-kind: Component
-metadata:
-  name: envvar-secret-store
-  namespace: default
-spec:
-  type: secretstores.local.env
-  metadata:
-```
-
-## How to use the environment variable secret store in other components
-
-To use the environment variable secrets in other component you can replace the `value` with `secretKeyRef` containing the name of your local environment variable like this:
-
-```yaml
-apiVersion: dapr.io/v1alpha1
-kind: Component
-metadata:
-  name: statestore
-  namespace: default
-spec:
-  type: state.redis
-  metadata:
-  - name: redisHost
-    value: "[redis]:6379"
-  - name: redisPassword
-    secretKeyRef:
-      name: REDIS_PASSWORD
-auth:
-    secretStore: envvar-secret-store
-```
-
-# How to confirm the secrets are being used
-
-To confirm the secrets are being used you can check the logs output by `dapr run` command. Here is the log when you run [HelloWorld sample](https://github.com/dapr/quickstarts/tree/master/hello-world) with Local Secret secret store.
-
-```bash
-$ dapr run --app-id mynode --app-port 3000 --dapr-http-port 3500 node app.js
-
-ℹ️  Starting Dapr with id mynode on port 3500
-✅  You're up and running! Both Dapr and your app logs will appear here.
-
-...
-== DAPR == time="2019-09-25T17:57:37-07:00" level=info msg="loaded component envvar-secret-store (secretstores.local.env)"
-== APP == Node App listening on port 3000!
-== DAPR == time="2019-09-25T17:57:38-07:00" level=info msg="loaded component statestore (state.redis)"
-== DAPR == time="2019-09-25T17:57:38-07:00" level=info msg="loaded component messagebus (pubsub.redis)"
-...
-== DAPR == 2019/09/25 17:57:38 redis: connecting to [redis]:6379
-== DAPR == 2019/09/25 17:57:38 redis: connected to [redis]:6379 (localAddr: x.x.x.x:62137, remAddr: x.x.x.x:6379)
-...
-```
-
-## Related Links
-
-- [Secrets Component](../../concepts/secrets/README.md)
-- [Secrets API](../../reference/api/secrets_api.md)
-- [Secrets API Samples](https://github.com/dapr/quickstarts/blob/master/secretstore/README.md)

daprdocs/content/en/operations/components/setup-secret-store/file-secret-store.md

@@ -1,114 +0,0 @@
----
-type: docs
-title: "Local file (for Development)"
-linkTitle: "Local file"
-type: docs
----
-
-This document shows how to enable file-based secret store using [Dapr Secrets Component](../../concepts/secrets/README.md) for Development scenarios in Standalone mode. This Dapr secret store component reads plain text JSON from a given file and does not use authentication.
-
-> Note, this approach to secret management is not recommended for production environments.
-
-## Create JSON file to hold the secrets
-
-This creates new JSON file to hold the secrets.
-
-1. Create a json file (i.e. secrets.json) with the following contents:
-
-```json
-{
-    "redisPassword": "your redis passphrase"
-}
-```
-
-## Use file-based secret store in Standalone mode
-
-This section walks you through how to enable a Local secret store to store a password to access a Redis state store in Standalone mode.
-
-1. Create a JSON file in components directory with following content. 
-
-```yaml
-apiVersion: dapr.io/v1alpha1
-kind: Component
-metadata:
-  name: local-secret-store
-  namespace: default
-spec:
-  type: secretstores.local.file
-  metadata:
-  - name: secretsFile
-    value: [path to the JSON file]
-  - name: nestedSeparator
-    value: ":"
-```
-
-The `nestedSeparator` parameter, is not required (default value is ':') and it's used by the store when flattening the json hierarchy to a map. So given the following json:
-
-```json
-{
-    "redisPassword": "your redis password",
-    "connectionStrings": {
-        "sql": "your sql connection string",
-        "mysql": "your mysql connection string"
-    }
-}
-```
-
-the store will load the file and create a map with the following key value pairs:
-
-| flattened key           | value                           |
-| ---                     | ---                             |
-|"redis"                  | "your redis password"           |
-|"connectionStrings:sql"  | "your sql connection string"    |
-|"connectionStrings:mysql"| "your mysql connection string"  |
-
-> Use the flattened key to access the secret.
-
-2. Use secrets in other components
-
-To use the previously created secrets for example in a Redis state store component you can replace the `value` with `secretKeyRef` and a nested name of the key like this:
-
-```yaml
-apiVersion: dapr.io/v1alpha1
-kind: Component
-metadata:
-  name: statestore
-  namespace: default
-spec:
-  type: state.redis
-  metadata:
-  - name: redisHost
-    value: "[redis]:6379"
-  - name: redisPassword
-    secretKeyRef:
-      name: redisPassword
-auth:
-    secretStore: local-secret-store
-```
-
-# Confirm the secrets are being used
-
-To confirm the secrets are being used you can check the logs output by `dapr run` command. Here is the log when you run [HelloWorld sample](https://github.com/dapr/quickstarts/tree/master/hello-world) with Local Secret secret store.
-
-```bash
-$ dapr run --app-id mynode --app-port 3000 --dapr-http-port 3500 node app.js
-
-ℹ️  Starting Dapr with id mynode on port 3500
-✅  You're up and running! Both Dapr and your app logs will appear here.
-
-...
-== DAPR == time="2019-09-25T17:57:37-07:00" level=info msg="loaded component local-secret-store (secretstores.local.file)"
-== APP == Node App listening on port 3000!
-== DAPR == time="2019-09-25T17:57:38-07:00" level=info msg="loaded component statestore (state.redis)"
-== DAPR == time="2019-09-25T17:57:38-07:00" level=info msg="loaded component messagebus (pubsub.redis)"
-...
-== DAPR == 2019/09/25 17:57:38 redis: connecting to [redis]:6379
-== DAPR == 2019/09/25 17:57:38 redis: connected to [redis]:6379 (localAddr: x.x.x.x:62137, remAddr: x.x.x.x:6379)
-...
-```
-
-## Related Links
-
-- [Secrets Component](../../concepts/secrets/README.md)
-- [Secrets API](../../reference/api/secrets_api.md)
-- [Secrets API Samples](https://github.com/dapr/quickstarts/blob/master/secretstore/README.md)

daprdocs/content/en/operations/components/setup-secret-store/kubernetes.md

@@ -1,11 +0,0 @@
----
-type: docs
-title: "Kubernetes Secrets"
-linkTitle: "Kubernetes Secrets"
-type: docs
----
-
-Kubernetes has a built-in state store which Dapr components can use to fetch secrets from.
-No special configuration is needed to setup the Kubernetes state store.
-
-Please refer to [this](../../concepts/secrets/README.md) document for information and examples on how to fetch secrets from Kubernetes using Dapr.

daprdocs/content/en/operations/components/setup-secret-store/secret-stores-overview.md

@@ -0,0 +1,39 @@
+---
+type: docs
+title: "Overview"
+linkTitle: "Overview"
+description: "General overview on set up of secret stores for Dapr"
+weight: 10000
+type: docs
+---
+
+Dapr integrates with secret stores to provide apps and other components with secure store and access to secrets such as access keys and passwords.. Each secret store component has a name and this name is used when accessing a secret.
+
+Secret stores are extensible and can be found in the [components-contrib repo](https://github.com/dapr/components-contrib).
+
+A secret store in Dapr is described using a `Component` file:
+
+```yaml
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: secretstore
+  namespace: default
+spec:
+  type: secretstores.<NAME>
+  metadata:
+  - name: <KEY>
+    value: <VALUE>
+  - name: <KEY>
+    value: <VALUE>
+...
+```
+
+The type of secret store is determined by the `type` field, and things like connection strings and other metadata are put in the `.metadata` section.
+
+Visit [this guide]({{< ref "howto-secrets.md#setting-up-a-secret-store-component" >}}) for instructions on configuring a secret store component.
+
+## Related links
+
+- [Supported secret store components]({{< ref supported-secret-stores >}})
+- [Secrets building block]({{< ref secrets >}})

daprdocs/content/en/operations/components/setup-secret-store/supported-secret-stores/_index.md

@@ -0,0 +1,8 @@
+---
+type: docs
+title: "Supported secret stores"
+linkTitle: "Supported secret stores"
+weight: 30000
+description: List of all the supported secret stores that can interface with Dapr
+simple_list: true
+---

daprdocs/content/en/operations/components/setup-secret-store/supported-secret-stores/aws-secret-manager.md

@@ -5,13 +5,11 @@ linkTitle: "AWS Secrets Manager"
 type: docs
 ---
 
-This document shows how to enable AWS Secrets Manager secret store using [Dapr Secrets Component](../../concepts/secrets/README.md) for self hosted and Kubernetes mode.
-
 ## Create an AWS Secrets Manager instance
 
 Setup AWS Secrets Manager using the AWS documentation: https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_basic.html.
 
-## Create the component
+## Create the Dapr component
 
 ```yaml
 apiVersion: dapr.io/v1alpha1
@@ -32,15 +30,11 @@ spec:
     value: "[aws_session_token]"
 ```
 
-To deploy in Kubernetes, save the file above to `aws_secret_manager.yaml` and then run:
+## Apply the configuration
 
-```bash
-kubectl apply -f aws_secret_manager.yaml
-```
+Read [this guide]({{< ref howto-secrets.md >}}) to learn how to apply a Dapr component.
 
-To run locally, create a `components` dir containing the YAML file and provide the path to the `dapr run` command with the flag `--components-path`.
-
-## AWS Secret Manager reference example
+## Example
 
 This example shows you how to set the Redis password from the AWS Secret Manager secret store.
 Here, you created a secret named `redisPassword` in AWS Secret Manager. Note its important to set it both as the `name` and `key` properties.
@@ -63,3 +57,13 @@ spec:
 auth:
     secretStore: awssecretmanager
 ```
+
+{{% alert title="Warning" color="warning" %}}
+The above example uses secrets as plain strings. It is recommended to use a local secret store such as [Kubernetes secret store]({{< ref kubernetes-secret-store.md >}}) or a [local file]({{< ref file-secret-store.md >}}) to bootstrap secure key storage.
+{{% /alert %}}
+
+## Related links
+- [Secrets building block]({{< ref secrets >}})
+- [How-To: Retreive a secret]({{< ref "howto-secrets.md" >}})
+- [How-To: Reference secrets in Dapr components]({{< ref component-secrets.md >}})
+- [Secrets API reference]({{< ref secrets_api.md >}})

daprdocs/content/en/operations/components/setup-secret-store/supported-secret-stores/azure-keyvault-managed-identity.md

@@ -1,18 +1,16 @@
 ---
 type: docs
-title: "Azure Key Vault (Managed identities)"
-linkTitle: "Azure Key Vault (Managed identities)"
-type: docs
+title: "Azure Key Vault with Managed Identities on Kubernetes"
+linkTitle: "Azure Key Vault w/ Managed Identity"
+description: How to configure Azure Key Vault and Kubernetes to use Azure Managed Identities to access secrets
 ---
 
-This document shows how to enable Azure Key Vault secret store using [Dapr secrets component](../../concepts/secrets/README.md) for Kubernetes mode using Managed Identities to authenticate to a Key Vault.
-
 ## Prerequisites
 
-* [Azure Subscription](https://azure.microsoft.com/en-us/free/)
-* [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest)
+- [Azure Subscription](https://azure.microsoft.com/en-us/free/)
+- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest)
 
-## Setup Kubernetes to use Managed identities and Azure Key Vault
+## Setup Managed Identity and Azure Key Vault
 
 1. Login to Azure and set the default subscription
 
@@ -120,7 +118,7 @@ This document shows how to enable Azure Key Vault secret store using [Dapr secre
     kubectl apply -f azure-identity-config.yaml
     ```
 
-## Use Azure Key Vault secret store in Kubernetes mode with managed identities
+## Configure Dapr component
 
 In Kubernetes mode, you store the certificate for the service principal into the Kubernetes Secret Store and then enable Azure Key Vault secret store with this certificate in Kubernetes secretstore.
 
@@ -149,124 +147,11 @@ In Kubernetes mode, you store the certificate for the service principal into the
     kubectl apply -f azurekeyvault.yaml
     ```
 
-3. Store the redisPassword as a secret into your keyvault
-
-    Now store the redisPassword as a secret into your keyvault
-
-    ```bash
-    az keyvault secret set --name redisPassword --vault-name [your_keyvault_name] --value "your redis passphrase"
-    ```
-
-4. Create redis.yaml state store component
-
-    This redis state store component refers to `azurekeyvault` component as a secretstore and uses the secret for `redisPassword` stored in Azure Key Vault.
-
-    ```yaml
-    apiVersion: dapr.io/v1alpha1
-    kind: Component
-    metadata:
-      name: statestore
-      namespace: default
-    spec:
-      type: state.redis
-      metadata:
-      - name: redisHost
-        value: "[redis_url]:6379"
-      - name: redisPassword
-        secretKeyRef:
-          name: redisPassword
-    auth:
-        secretStore: azurekeyvault
-    ```
-
-5. Apply redis statestore component
-
-    ```bash
-    kubectl apply -f redis.yaml
-    ```
-
-6. Create node.yaml deployment
-
-    ```yaml
-    kind: Service
-    apiVersion: v1
-    metadata:
-      name: nodeapp
-      namespace: default
-      labels:
-        app: node
-    spec:
-      selector:
-        app: node
-      ports:
-        - protocol: TCP
-          port: 80
-          targetPort: 3000
-      type: LoadBalancer
-
-    ---
-    apiVersion: apps/v1
-    kind: Deployment
-    metadata:
-      name: nodeapp
-      namespace: default
-      labels:
-        app: node
-    spec:
-      replicas: 1
-      selector:
-        matchLabels:
-          app: node
-      template:
-        metadata:
-          labels:
-            app: node
-            aadpodidbinding: [you managed identity selector]
-          annotations:
-            dapr.io/enabled: "true"
-            dapr.io/app-id: "nodeapp"
-            dapr.io/app-port: "3000"
-        spec:
-          containers:
-            - name: node
-              image: dapriosamples/hello-k8s-node
-              ports:
-                - containerPort: 3000
-              imagePullPolicy: Always
-
-    ```
-
-7. Apply the node app deployment
-
-    ```bash
-    kubectl apply -f redis.yaml
-    ```
-
-    Make sure that `secretstores.azure.keyvault` is loaded successfully in `daprd` sidecar log
-
-    Here is the nodeapp log of the sidecar. Note: use the nodeapp name for your deployed container instance.
-
-    ```bash
-    $ kubectl logs $(kubectl get po --selector=app=node -o jsonpath='{.items[*].metadata.name}') daprd
-
-    time="2020-02-05T09:15:03Z" level=info msg="starting Dapr Runtime -- version edge -- commit v0.3.0-rc.0-58-ge540a71-dirty"
-    time="2020-02-05T09:15:03Z" level=info msg="log level set to: info"
-    time="2020-02-05T09:15:03Z" level=info msg="kubernetes mode configured"
-    time="2020-02-05T09:15:03Z" level=info msg="app id: nodeapp"
-    time="2020-02-05T09:15:03Z" level=info msg="mTLS enabled. creating sidecar authenticator"
-    time="2020-02-05T09:15:03Z" level=info msg="trust anchors extracted successfully"
-    time="2020-02-05T09:15:03Z" level=info msg="authenticator created"
-    time="2020-02-05T09:15:03Z" level=info msg="loaded component azurekeyvault (secretstores.azure.keyvault)"
-    time="2020-02-05T09:15:04Z" level=info msg="loaded component statestore (state.redis)"
-    ...
-    2020-02-05 09:15:04.636348 I | redis: connecting to redis-master:6379
-    2020-02-05 09:15:04.639435 I | redis: connected to redis-master:6379 (localAddr: 10.244.0.11:38294, remAddr: 10.0.74.145:6379)
-    ...
-    ```
-
 ## References
-
 - [Azure CLI Keyvault CLI](https://docs.microsoft.com/en-us/cli/azure/keyvault?view=azure-cli-latest#az-keyvault-create)
 - [Create an Azure service principal with Azure CLI](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest)
 - [AAD Pod Identity](https://github.com/Azure/aad-pod-identity)
-- [Secrets Component](../../concepts/secrets/README.md)
+- [Secrets building block]({{< ref secrets >}})
+- [How-To: Retreive a secret]({{< ref "howto-secrets.md" >}})
+- [How-To: Reference secrets in Dapr components]({{< ref component-secrets.md >}})
+- [Secrets API reference]({{< ref secrets_api.md >}})

daprdocs/content/en/operations/components/setup-secret-store/supported-secret-stores/azure-keyvault.md

@@ -0,0 +1,173 @@
+---
+type: docs
+title: "Azure Key Vault secret store"
+linkTitle: "Azure Key Vault"
+---
+
+{{% alert title="Note" color="primary" %}}
+Azure Managed Identity can be used for Azure Key Vault access on Kubernetes. Instructions [here]({{< ref azure-keyvault-managed-identity.md >}}).
+{{% /alert %}}
+
+## Prerequisites
+
+- [Azure Subscription](https://azure.microsoft.com/en-us/free/)
+- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest)
+
+## Setup Key Vault and service principal
+
+1. Login to Azure and set the default subscription
+
+    ```bash
+    # Log in Azure
+    az login
+    
+    # Set your subscription to the default subscription
+    az account set -s [your subscription id]
+    ```
+
+2. Create an Azure Key Vault in a region
+
+     ```bash
+     az keyvault create --location [region] --name [your_keyvault] --resource-group [your resource group]
+     ```
+
+3. Create a service principal
+
+    Create a service principal with a new certificate and store the 1-year certificate inside your keyvault's certificate vault. You can skip this step if you want to use an existing service principal for keyvault instead of creating new one
+
+    ```bash
+    az ad sp create-for-rbac --name [your_service_principal_name] --create-cert --cert [certificate_name] --keyvault [your_keyvault] --skip-assignment --years 1
+    
+    {
+       "appId": "a4f90000-0000-0000-0000-00000011d000",
+       "displayName": "[your_service_principal_name]",
+       "name": "http://[your_service_principal_name]",
+       "password": null,
+       "tenant": "34f90000-0000-0000-0000-00000011d000"
+    }
+    ```
+
+    **Save the both the appId and tenant from the output which will be used in the next step**
+
+4. Get the Object Id for [your_service_principal_name]
+
+    ```bash
+    az ad sp show --id [service_principal_app_id]
+    
+    {
+        ...
+        "objectId": "[your_service_principal_object_id]",
+        "objectType": "ServicePrincipal",
+        ...
+    }
+    ```
+
+5. Grant the service principal the GET permission to your Azure Key Vault
+
+    ```bash
+    az keyvault set-policy --name [your_keyvault] --object-id [your_service_principal_object_id] --secret-permissions get
+    ```
+
+    Now that your service principal has access to your keyvault you are ready to configure the secret store component to use secrets stored in your keyvault to access     other components securely.
+
+6. Download the certificate in PFX format from your Azure Key Vault either using the Azure portal or the Azure CLI:
+
+- **Using the Azure portal:**
+
+  Go to your key vault on the Azure portal and navigate to the *Certificates* tab under *Settings*. Find the certificate that was created during the service principal creation, named [certificate_name] and click on it.
+
+  Click *Download in PFX/PEM format* to download the certificate.
+
+- **Using the Azure CLI:**
+
+   ```bash
+   az keyvault secret download --vault-name [your_keyvault] --name [certificate_name] --encoding base64 --file [certificate_name].pfx
+   ```
+
+## Configure Dapr component
+
+{{< tabs "Self-Hosted" "Kubernetes">}}
+
+{{% codetab %}}
+1. Copy downloaded PFX cert from your Azure Keyvault into your components directory or a secure location on your local disk
+
+2. Create a file called `azurekeyvault.yaml` in the components directory
+
+    ```yaml
+    apiVersion: dapr.io/v1alpha1
+    kind: Component
+    metadata:
+      name: azurekeyvault
+      namespace: default
+    spec:
+      type: secretstores.azure.keyvault
+      metadata:
+      - name: vaultName
+        value: [your_keyvault_name]
+      - name: spnTenantId
+        value: "[your_service_principal_tenant_id]"
+      - name: spnClientId
+        value: "[your_service_principal_app_id]"
+      - name: spnCertificateFile
+        value : "[pfx_certificate_file_local_path]"
+    ```
+
+Fill in the metadata fields with your Key Vault details from the above setup process.
+{{% /codetab %}}
+
+{{% codetab %}}
+In Kubernetes mode, you store the certificate for the service principal into the Kubernetes Secret Store and then enable Azure Key Vault secret store with this certificate in Kubernetes secretstore.
+
+1. Create a kubernetes secret using the following command:
+
+   ```bash
+   kubectl create secret generic [your_k8s_spn_secret_name] --from-file=[pfx_certificate_file_local_path]
+   ```
+
+- `[pfx_certificate_file_local_path]` is the path of PFX cert file you downloaded above
+- `[your_k8s_spn_secret_name]` is secret name in Kubernetes secret store
+
+2. Create a `azurekeyvault.yaml` component file
+
+The component yaml refers to the Kubernetes secretstore using `auth` property and  `secretKeyRef` refers to the certificate stored in Kubernetes secret store.
+
+```yaml
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: azurekeyvault
+  namespace: default
+spec:
+  type: secretstores.azure.keyvault
+  metadata:
+  - name: vaultName
+    value: [your_keyvault_name]
+  - name: spnTenantId
+    value: "[your_service_principal_tenant_id]"
+  - name: spnClientId
+    value: "[your_service_principal_app_id]"
+  - name: spnCertificate
+    secretKeyRef:
+      name: [your_k8s_spn_secret_name]
+      key: [pfx_certificate_file_local_name]
+auth:
+    secretStore: kubernetes
+```
+
+3. Apply `azurekeyvault.yaml` component
+
+```bash
+kubectl apply -f azurekeyvault.yaml
+```
+{{% /codetab %}}
+
+{{< /tabs >}}
+
+## References
+
+- [Azure CLI Keyvault CLI](https://docs.microsoft.com/en-us/cli/azure/keyvault?view=azure-cli-latest#az-keyvault-create)
+- [Create an Azure service principal with Azure CLI](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest)
+- [Secrets building block]({{< ref secrets >}})
+- [How-To: Retreive a secret]({{< ref "howto-secrets.md" >}})
+- [How-To: Reference secrets in Dapr components]({{< ref component-secrets.md >}})
+- [Secrets API reference]({{< ref secrets_api.md >}})

daprdocs/content/en/operations/components/setup-secret-store/supported-secret-stores/envvar-secret-store.md

@@ -0,0 +1,33 @@
+---
+type: docs
+title: "Local environment variables (for Development)"
+linkTitle: "Local environment variables"
+weight: 10
+---
+
+This Dapr secret store component uses locally defined environment variable and does not use authentication.
+
+{{% alert title="Warning" color="warning" %}}
+This approach to secret management is not recommended for production environments.
+{{% /alert %}}
+
+## Setup environment variable secret store
+
+To enable environment variable secret store, create a file with the following content in your `./components` directory:
+
+```yaml
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: envvar-secret-store
+  namespace: default
+spec:
+  type: secretstores.local.env
+  metadata:
+```
+
+## Related Links
+- [Secrets building block]({{< ref secrets >}})
+- [How-To: Retreive a secret]({{< ref "howto-secrets.md" >}})
+- [How-To: Reference secrets in Dapr components]({{< ref component-secrets.md >}})
+- [Secrets API reference]({{< ref secrets_api.md >}})

daprdocs/content/en/operations/components/setup-secret-store/supported-secret-stores/file-secret-store.md

@@ -0,0 +1,71 @@
+---
+type: docs
+title: "Local file (for Development)"
+linkTitle: "Local file"
+weight: 20
+---
+
+This Dapr secret store component reads plain text JSON from a given file and does not use authentication.
+
+## Setup JSON file to hold the secrets
+
+1. Create a JSON file (i.e. `secrets.json`) with the following contents:
+    
+    ```json
+    {
+        "redisPassword": "your redis passphrase"
+    }
+    ```
+
+2. Save this file to your `./components` directory or a secure location in your filesystem
+
+## Configure Dapr component
+
+Create a Dapr component file (ex. `localSecretStore.yaml`) with following content:
+
+```yaml
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: local-secret-store
+  namespace: default
+spec:
+  type: secretstores.local.file
+  metadata:
+  - name: secretsFile
+    value: [path to the JSON file]
+  - name: nestedSeparator
+    value: ":"
+```
+
+The `nestedSeparator` parameter is optional (default value is ':'). It is used by the store when flattening the json hierarchy to a map. 
+
+## Example
+
+Given the following json:
+
+```json
+{
+    "redisPassword": "your redis password",
+    "connectionStrings": {
+        "sql": "your sql connection string",
+        "mysql": "your mysql connection string"
+    }
+}
+```
+
+The store will load the file and create a map with the following key value pairs:
+
+| flattened key           | value                           |
+| ---                     | ---                             |
+|"redis"                  | "your redis password"           |
+|"connectionStrings:sql"  | "your sql connection string"    |
+|"connectionStrings:mysql"| "your mysql connection string"  |
+
+Use the flattened key (`connectionStrings:sql`) to access the secret.
+
+## Related links
+- [Secrets building block]({{< ref secrets >}})
+- [How-To: Retreive a secret]({{< ref "howto-secrets.md" >}})
+- [How-To: Reference secrets in Dapr components]({{< ref component-secrets.md >}})
+- [Secrets API reference]({{< ref secrets_api.md >}})

daprdocs/content/en/operations/components/setup-secret-store/supported-secret-stores/gcp-secret-manager.md

@@ -2,18 +2,15 @@
 type: docs
 title: "GCP Secret Manager"
 linkTitle: "GCP Secret Manager"
-type: docs
 ---
 
-# Secret Store for GCP Secret Manager
-
 This document shows how to enable GCP Secret Manager secret store using [Dapr Secrets Component](../../concepts/secrets/README.md) for self hosted and Kubernetes mode.
 
-## Create an GCP Secret Manager instance
+## Setup GCP Secret Manager instance
 
 Setup GCP Secret Manager using the GCP documentation: https://cloud.google.com/secret-manager/docs/quickstart.
 
-## Create the component
+## Setup Dapr component
 
 ```yaml
 apiVersion: dapr.io/v1alpha1
@@ -46,15 +43,30 @@ spec:
     value: PRIVATE KEY
 ```
 
+{{% alert title="Warning" color="warning" %}}
+The above example uses secrets as plain strings. It is recommended to use a local secret store such as [Kubernetes secret store]({{< ref kubernetes-secret-store.md >}}) or a [local file]({{< ref file-secret-store.md >}}) to bootstrap secure key storage.
+{{% /alert %}}
+
+## Apply the component
+
+{{< tabs "Self-Hosted" "Kubernetes">}}
+
+{{% codetab %}}
+To run locally, create a `components` dir containing the YAML file and provide the path to the `dapr run` command with the flag `--components-path`.
+
+{{% /codetab %}}
+
+{{% codetab %}}
 To deploy in Kubernetes, save the file above to `gcp_secret_manager.yaml` and then run:
 
 ```bash
 kubectl apply -f gcp_secret_manager.yaml
 ```
+{{% /codetab %}}
 
-To run locally, create a `components` dir containing the YAML file and provide the path to the `dapr run` command with the flag `--components-path`.
+{{< /tabs >}}
 
-## GCP Secret Manager reference example
+## Example
 
 This example shows you how to take the Redis password from the GCP Secret Manager secret store.
 Here, you created a secret named `redisPassword` in GCP Secret Manager. Note its important to set it both as the `name` and `key` properties.
@@ -77,3 +89,9 @@ spec:
 auth:
     secretStore: gcpsecretmanager
 ```
+
+## Related links
+- [Secrets building block]({{< ref secrets >}})
+- [How-To: Retreive a secret]({{< ref "howto-secrets.md" >}})
+- [How-To: Reference secrets in Dapr components]({{< ref component-secrets.md >}})
+- [Secrets API reference]({{< ref secrets_api.md >}})

daprdocs/content/en/operations/components/setup-secret-store/supported-secret-stores/hashicorp-vault.md

@@ -5,13 +5,20 @@ linkTitle: "HashiCorp Vault"
 type: docs
 ---
 
-This document shows how to enable Hashicorp Vault secret store using [Dapr Secrets Component](../../concepts/secrets/README.md) for Standalone and Kubernetes mode.
+## Setup Hashicorp Vault instance
 
-## Create a Hashicorp Vault instance
+{{< tabs "Self-Hosted" "Kubernetes" >}}
 
+{{% codetab %}}
 Setup Hashicorp Vault using the Vault documentation: https://www.vaultproject.io/docs/install/index.html.
+{{% /codetab %}}
 
+{{% codetab %}}
 For Kubernetes, you can use the Helm Chart: <https://github.com/hashicorp/vault-helm>.
+{{% /codetab %}}
+
+{{< /tabs >}}
+
 
 ## Create the Vault component
 
@@ -42,15 +49,24 @@ spec:
     value : "[vault_prefix]"
 ```
 
+{{< tabs "Self-Hosted" "Kubernetes" >}}
+
+{{% codetab %}}
+To run locally, create a `components` dir containing the YAML file and provide the path to the `dapr run` command with the flag `--components-path`.
+{{% /codetab %}}
+
+{{% codetab %}}
 To deploy in Kubernetes, save the file above to `vault.yaml` and then run:
 
 ```bash
 kubectl apply -f vault.yaml
 ```
+{{% /codetab %}}
 
-To run locally, create a `components` dir containing the YAML file and provide the path to the `dapr run` command with the flag `--components-path`.
+{{< /tabs >}}
 
-## Vault reference example
+
+## Example
 
 This example shows you how to take the Redis password from the Vault secret store.
 
@@ -72,3 +88,9 @@ spec:
 auth:
     secretStore: vault
 ```
+
+## Related links
+- [Secrets building block]({{< ref secrets >}})
+- [How-To: Retreive a secret]({{< ref "howto-secrets.md" >}})
+- [How-To: Reference secrets in Dapr components]({{< ref component-secrets.md >}})
+- [Secrets API reference]({{< ref secrets_api.md >}})

daprdocs/content/en/operations/components/setup-secret-store/supported-secret-stores/kubernetes-secret-store.md

@@ -0,0 +1,16 @@
+---
+type: docs
+title: "Kubernetes Secrets"
+linkTitle: "Kubernetes Secrets"
+weight: 30
+---
+
+## Summary
+
+Kubernetes has a built-in state store which Dapr components can use to fetch secrets from. No special configuration is needed to setup the Kubernetes state store, and you are able to retreive secrets from the `http://localhost:3500/v1.0/secrets/kubernetes/[my-secret]` URL.
+
+## Related links
+- [Secrets building block]({{< ref secrets >}})
+- [How-To: Retreive a secret]({{< ref "howto-secrets.md" >}})
+- [How-To: Reference secrets in Dapr components]({{< ref component-secrets.md >}})
+- [Secrets API reference]({{< ref secrets_api.md >}})

daprdocs/content/en/operations/components/setup-state-store/_index.md

@@ -1,8 +1,7 @@
 ---
 type: docs
-title: "State management components"
-linkTitle: "State management"
+title: "State stores components"
+linkTitle: "State stores"
 description: "Guidance on setting up different state stores for Dapr state management"
 weight: 1000
-type: docs
 ---

daprdocs/content/en/operations/components/setup-state-store/setup-state-store-overview.md

@@ -4,12 +4,9 @@ title: "Overview"
 linkTitle: "Overview"
 description: "Guidance on set up for state management components"
 weight: 10000
-type: docs
 ---
 
-Dapr integrates with existing databases to provide apps with state management capabilities for CRUD operations, transactions and more.
-
-Dapr supports the configuration of multiple, named, state store components *per application*.
+Dapr integrates with existing databases to provide apps with state management capabilities for CRUD operations, transactions and more. It also supports the configuration of multiple, named, state store components *per application*.
 
 State stores are extensible and can be found in the [components-contrib repo](https://github.com/dapr/components-contrib).
 
@@ -32,43 +29,11 @@ spec:
 ```
 
 The type of database is determined by the `type` field, and things like connection strings and other metadata are put in the `.metadata` section.
-Even though you can put plain text secrets in there, it is recommended you use a [secret store](../../concepts/secrets/README.md).
+Even though you can put plain text secrets in there, it is recommended you use a [secret store]({{< ref component-secrets.md >}}).
 
-## Running locally
+Visit [this guide]({{< ref "howto-get-save-state.md#step-1-setup-a-state-store" >}}) on how to configure a state store component.
 
-When running locally with the Dapr CLI, a component file for a Redis state store will be automatically created in a `components` directory in your current working directory.
-
-You can make changes to this file the way you see fit, whether to change connection values or replace it with a different store.
-
-## Running in Kubernetes
-
-Dapr uses a Kubernetes Operator to update the sidecars running in the cluster with different components.
-To setup a state store in Kubernetes, use `kubectl` to apply the component file:
-
-```bash
-kubectl apply -f statestore.yaml
-```
- ## Related Topics
-*  [State management concepts](../../concepts/state-management/README.md)
-* [State management API specification](../../reference/api/state_api.md)
-
-## Reference
-
-* [Setup Aerospike](./setup-aerospike.md)
-* [Setup Cassandra](./setup-cassandra.md)
-* [Setup Cloudstate](./setup-cloudstate.md)
-* [Setup Couchbase](./setup-couchbase.md)
-* [Setup etcd](./setup-etcd.md)
-* [Setup Hashicorp Consul](./setup-consul.md)
-* [Setup Hazelcast](./setup-hazelcast.md)
-* [Setup Memcached](./setup-memcached.md)
-* [Setup MongoDB](./setup-mongodb.md)
-* [Setup PostgreSQL](./setup-postgresql.md)
-* [Setup Redis](./setup-redis.md)
-* [Setup Zookeeper](./setup-zookeeper.md)
-* [Setup Azure CosmosDB](./setup-azure-cosmosdb.md)
-* [Setup Azure SQL Server](./setup-sqlserver.md)
-* [Setup Azure Table Storage](./setup-azure-tablestorage.md)
-* [Setup Azure Blob Storage](./setup-azure-blobstorage.md)
-* [Setup Google Cloud Firestore (Datastore mode)](./setup-firestore.md)
-* [Supported State Stores](./supported-state-stores.md)
+## Related topics
+- [Component concept]({{< ref components-concept.md >}})
+- [State management overview]({{< ref state-management >}})
+- [State management API specification]({{< ref state_api.md >}})

daprdocs/content/en/operations/components/setup-state-store/supported-state-stores.md

@@ -1,31 +0,0 @@
----
-type: docs
-title: "Supported stores"
-linkTitle: "Supported stores"
-description: "CRUD and/or transactional support for supported stores"
-weight: 20000
-type: docs
----
-
-The following stores are supported, at various levels, by the Dapr state management building block:
-
-| Name                   | CRUD | Transactional |
-|------------------------|------|---------------|
-| Aerospike              | ✅  | ❌            |
-| Cassandra              | ✅  | ❌            |
-| Cloudstate             | ✅  | ❌            |
-| Couchbase              | ✅  | ❌            |
-| etcd                   | ✅  | ❌            |
-| Hashicorp Consul       | ✅  | ❌            |
-| Hazelcast              | ✅  | ❌            |
-| Memcached              | ✅  | ❌            |
-| MongoDB                | ✅  | ✅            |
-| PostgreSQL             | ✅  | ✅            |
-| Redis                  | ✅  | ✅            |
-| Zookeeper              | ✅  | ❌            |
-| Azure CosmosDB         | ✅  | ✅            |
-| Azure SQL Server       | ✅  | ✅            |
-| Azure Table Storage    | ✅  | ❌            |
-| Azure Blob Storage     | ✅  | ❌            |
-| Google Cloud Firestore | ✅  | ❌            |
-

daprdocs/content/en/operations/components/setup-state-store/supported-state-stores/_index.md

@@ -0,0 +1,31 @@
+---
+type: docs
+title: "Supported stores"
+linkTitle: "Supported stores"
+description: "CRUD and/or transactional support for supported stores"
+weight: 20000
+no_list: true
+---
+
+The following stores are supported, at various levels, by the Dapr state management building block:
+
+| Name                                                           | CRUD | Transactional |
+|----------------------------------------------------------------|------|---------------|
+| [Aerospike]({{< ref setup-aerospike.md >}})                    | ✅  | ❌            |
+| [Cassandra]({{< ref setup-cassandra.md >}})                    | ✅  | ❌            |
+| [Cloudstate]({{< ref setup-cloudstate.md >}})                  | ✅  | ❌            |
+| [Couchbase]({{< ref setup-couchbase.md >}})                    | ✅  | ❌            |
+| [etcd]({{< ref setup-etcd.md >}})                              | ✅  | ❌            |
+| [Hashicorp Consul]({{< ref setup-consul.md >}})                | ✅  | ❌            |
+| [Hazelcast]({{< ref setup-hazelcast.md >}})                    | ✅  | ❌            |
+| [Memcached]({{< ref setup-memcached.md >}})                    | ✅  | ❌            |
+| [MongoDB]({{< ref setup-mongodb.md >}})                        | ✅  | ✅            |
+| [PostgreSQL]({{< ref setup-postgresql.md >}})                  | ✅  | ✅            |
+| [Redis]({{< ref setup-redis.md >}})                            | ✅  | ✅            |
+| [Zookeeper]({{< ref setup-zookeeper.md >}})                    | ✅  | ❌            |
+| [Azure CosmosDB]({{< ref setup-azure-cosmosdb.md >}})          | ✅  | ✅            |
+| [Azure SQL Server]({{< ref setup-sqlserver.md >}})             | ✅  | ✅            |
+| [Azure Table Storage]({{< ref setup-azure-tablestorage.md >}}) | ✅  | ❌            |
+| [Azure Blob Storage]({{< ref setup-azure-blobstorage.md >}})   | ✅  | ❌            |
+| [Google Cloud Firestore]({{< ref setup-firestore.md >}})       | ✅  | ❌            |
+

daprdocs/content/en/operations/configuration/control-concurrency.md

@@ -1,6 +1,6 @@
 ---
 type: docs
-title: "Control concurrency and rate limit applications"
+title: "How-To: Control concurrency and rate limit applications"
 linkTitle: "Concurrency & rate limits"
 weight: 2000
 description: "Control how many requests and events will invoke your application simultaneously"

daprdocs/content/en/operations/configuration/grpc.md

@@ -1,6 +1,6 @@
 ---
 type: docs
-title: "Configure Dapr to use gRPC"
+title: "How-To: Configure Dapr to use gRPC"
 linkTitle: "Use gRPC interface"
 weight: 5000
 description: "How to configure Dapr to use gRPC for low-latency, high performance scenarios"

daprdocs/content/en/operations/configuration/invoke-allowlist.md

@@ -1,6 +1,6 @@
 ---
 type: docs
-title: "Apply access control list configuration for service invocation"
+title: "How-To: Apply access control list configuration for service invocation"
 linkTitle: "Service Invocation access control"
 weight: 4000
 description: "Restrict what operations *calling* applications can perform, via service invocation, on the *called* application"

daprdocs/content/en/operations/configuration/secret-scope.md

@@ -1,6 +1,6 @@
 ---
 type: docs
-title: "Limit the secrets that can be read from secret stores"
+title: "How-To: Limit the secrets that can be read from secret stores"
 linkTitle: "Limit secret store access"
 weight: 3000
 description: "To limit the secrets to which the Dapr application has access, users can define secret scopes by augmenting existing configuration CRD with restrictive permissions."

daprdocs/content/en/operations/hosting/kubernetes/kubernetes-hybrid-clusters.md

@@ -1,6 +1,6 @@
 ---
 type: docs
-title: "Deploy to hybrid Linux/Windows Kubernetes clusters"
+title: "How-To: Deploy to hybrid Linux/Windows Kubernetes clusters"
 linkTitle: "Hybrid clusters"
 weight: 20000
 description: "How to run Dapr apps on kubernetes clusters with windows nodes"

daprdocs/content/en/operations/hosting/self-hosted/self-hosted-no-docker.md

@@ -1,6 +1,6 @@
 ---
 type: docs
-title: "Run Dapr in self-hosted mode without Docker"
+title: "How-To: Run Dapr in self-hosted mode without Docker"
 linkTitle: "Run without Docker"
 weight: 30000
 description: "How to deploy and run Dapr in self-hosted mode without Docker installed on the local machine"

daprdocs/content/en/operations/hosting/self-hosted/self-hosted-with-docker.md

@@ -1,6 +1,6 @@
 ---
 type: docs
-title: "Run Dapr in self-hosted mode with Docker"
+title: "How-To: Run Dapr in self-hosted mode with Docker"
 linkTitle: "Run with Docker"
 weight: 20000
 description: "How to deploy and run Dapr in self-hosted mode using Docker"

daprdocs/content/en/operations/monitoring/application-insights.md

@@ -1,6 +1,6 @@
 ---
 type: docs
-title: "Set up Application Insights for distributed tracing"
+title: "How-To: Set up Application Insights for distributed tracing"
 linkTitle: "Application Insights"
 weight: 3000
 description: "Enable Application Insights to visualize Dapr tracing and application map"

daprdocs/content/en/operations/monitoring/azure-monitor.md

@@ -1,6 +1,6 @@
 ---
 type: docs
-title: "Set up Azure Monitor to search logs and collect metrics"
+title: "How-To: Set up Azure Monitor to search logs and collect metrics"
 linkTitle: "Azure Monitor"
 weight: 2000
 description: "Enable Dapr metrics and logs with Azure Monitor for Azure Kubernetes Service (AKS)"

daprdocs/content/en/operations/monitoring/fluentd.md

@@ -1,6 +1,6 @@
 ---
 type: docs
-title: "Set up Fluentd, Elastic search and Kibana in Kubernetes"
+title: "How-To: Set up Fluentd, Elastic search and Kibana in Kubernetes"
 linkTitle: "FluentD"
 weight: 1000
 description: "How to install Fluentd, Elastic Search, and Kibana to search logs in Kubernetes"

daprdocs/content/en/operations/monitoring/grafana.md

@@ -1,6 +1,6 @@
 ---
 type: docs
-title: "Observe metrics with Grafana"
+title: "How-To: Observe metrics with Grafana"
 linkTitle: "Grafana"
 weight: 5000
 description: "How to view Dapr metrics in a Grafana dashboard."

daprdocs/content/en/operations/monitoring/prometheus.md

@@ -1,6 +1,6 @@
 ---
 type: docs
-title: "Observe metrics with Prometheus"
+title: "How-To: Observe metrics with Prometheus"
 linkTitle: "Prometheus"
 weight: 4000
 description: "Use Prometheus to collect time-series data relating to the execution of the Dapr runtime itself"

daprdocs/content/en/operations/monitoring/zipkin.md

@@ -1,17 +1,12 @@
 ---
 type: docs
-title: "Set up Zipkin for distributed tracing"
+title: "How-To: Set up Zipkin for distributed tracing"
 linkTitle: "Zipkin"
 weight: 3000
 description: "Set up Zipkin for distributed tracing"
 type: docs
 ---
 
-- [Configure self hosted mode](#Configure-self-hosted-mode)
-- [Configure Kubernetes](#Configure-Kubernetes)
-- [Tracing configuration](#Tracing-Configuration)
-
-
 ## Configure self hosted mode
 
 For self hosted mode, on running `dapr init` the following YAML files are created by default and they are referenced by default on `dapr run` calls unless otherwise overridden.
@@ -139,10 +134,9 @@ To view traces, connect to the Zipkin Service and open the UI:
 kubectl port-forward svc/zipkin 9411:9411
 ```
 
-In your browser, go to ```http://localhost:9411``` and you will see the Zipkin UI.
+In your browser, go to `http://localhost:9411` and you will see the Zipkin UI.
 
-![zipkin](../../images/zipkin_ui.png)
+![zipkin](/images/zipkin_ui.png)
 
 ## References
-
-* [How-To: Use W3C Trace Context for distributed tracing](../../howto/use-w3c-tracecontext/README.md)
+- [W3C distributed tracing]({{< ref w3c-tracing >}})