Resolve comments

nshankar · nshankar · commit 9eedc39aa69b · 2024-04-11T10:32:18.000-04:00
Signed-off-by: nshankar &lt;nshankar@microsoft.ghe.com&gt;
diff --git a/articles/aks/istio-meshconfig.md b/articles/aks/istio-meshconfig.md
@@ -16,7 +16,7 @@ This article walks through how to configure Istio-based service mesh add-on for
 
 ## Prerequisites
 
-This guide assumes you followed the [documentation](./istio-deploy-addon.md) to enable the Istio add-on on an AKS cluster.
+This guide assumes you followed the [documentation][istio-deploy-addon] to enable the Istio add-on on an AKS cluster.
 
 ## Set up configuration on cluster
 
@@ -85,42 +85,42 @@ Mesh configuration and the list of allowed/supported fields are revision specifi
 
 | **Field** | **Supported** | **Notes** |
 |-----------|---------------|-----------|
-| proxyListenPort | false |
-| proxyInboundListenPort | false |
-| proxyHttpPort | false |
+| proxyListenPort | false | - |
+| proxyInboundListenPort | false | - |
+| proxyHttpPort | false | - |
 | connectTimeout | false | Configurable in [DestinationRule](https://istio.io/latest/docs/reference/config/networking/destination-rule/#ConnectionPoolSettings-TCPSettings) |
 | tcpKeepAlive | false | Configurable in [DestinationRule](https://istio.io/latest/docs/reference/config/networking/destination-rule/#ConnectionPoolSettings-TCPSettings) |
 | defaultConfig | true | Used to configure [ProxyConfig](https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/#ProxyConfig) |
 | outboundTrafficPolicy | true | Also configurable in [Sidecar CR](https://istio.io/latest/docs/reference/config/networking/sidecar/#OutboundTrafficPolicy) |
-| extensionProviders | false |
-| defaultProviders | false |
-| accessLogFile | true |
-| accessLogFormat | true |
-| accessLogEncoding | true |
-| enableTracing | true |
-| enableEnvoyAccessLogService | true |
-| disableEnvoyListenerLog | true |
-| trustDomain | false |
-| trustDomainAliases | false |
+| extensionProviders | false | - |
+| defaultProviders | false | - |
+| accessLogFile | true | - |
+| accessLogFormat | true | - |
+| accessLogEncoding | true | - |
+| enableTracing | true | - |
+| enableEnvoyAccessLogService | true | - |
+| disableEnvoyListenerLog | true | - |
+| trustDomain | false | - |
+| trustDomainAliases | false | - |
 | caCertificates | false | Configurable in [DestinationRule](https://istio.io/latest/docs/reference/config/networking/destination-rule/#ClientTLSSettings) |
 | defaultServiceExportTo | false | Configurable in [ServiceEntry](https://istio.io/latest/docs/reference/config/networking/service-entry/#ServiceEntry) |
 | defaultVirtualServiceExportTo | false | Configurable in [VirtualService](https://istio.io/latest/docs/reference/config/networking/virtual-service/#VirtualService) |
 | defaultDestinationRuleExportTo | false | Configurable in [DestinationRule](https://istio.io/latest/docs/reference/config/networking/destination-rule/#DestinationRule) |
 | localityLbSetting | false | Configurable in [DestinationRule](https://istio.io/latest/docs/reference/config/networking/destination-rule/#LoadBalancerSettings) |
-| dnsRefreshRate | false |
+| dnsRefreshRate | false | - |
 | h2UpgradePolicy | false | Configurable in [DestinationRule](https://istio.io/latest/docs/reference/config/networking/destination-rule/#ConnectionPoolSettings-HTTPSettings) |
-| enablePrometheusMerge | true |
-| discoverySelectors | true |
-| pathNormalization | false |
+| enablePrometheusMerge | true | - |
+| discoverySelectors | true | - |
+| pathNormalization | false | - |
 | defaultHttpRetryPolicy | false | Configurable in [VirtualService](https://istio.io/latest/docs/reference/config/networking/virtual-service/#HTTPRetry) |
-| serviceSettings | false |
-| meshMTLS | false |
-| tlsDefaults | false |
+| serviceSettings | false | - |
+| meshMTLS | false | - |
+| tlsDefaults | false | - |
 
 ### ProxyConfig (meshConfig.defaultConfig)
 
-| **Field** | **Supported** | **Notes** |
-|-----------|---------------|-----------|
+| **Field** | **Supported** |
+|-----------|---------------|
 | tracingServiceName | true |
 | drainDuration | true |
 | statsUdpAddress | false |
@@ -158,4 +158,4 @@ Fields present in [open source MeshConfig reference documentation][istio-meshcon
 
 [istio-meshconfig]: https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/
 [istio-sidecar-race-condition]: https://istio.io/latest/docs/ops/common-problems/injection/#pod-or-containers-start-with-network-issues-if-istio-proxy-is-not-ready
-
+[istio-deploy-addon]: istio-deploy-addon.md
diff --git a/articles/aks/istio-plugin-ca.md b/articles/aks/istio-plugin-ca.md
@@ -47,7 +47,7 @@ The add-on requires Azure CLI version 2.57.0 or later installed. You can run `az
     > When rotating certificates, to control how quickly the secrets are synced down to the cluster you can use the `--rotation-poll-interval` parameter of the Azure Key Vault Secrets Provider add-on. For example:
     > `az aks addon update --resource-group $RESOURCE_GROUP --name $CLUSTER --addon azure-keyvault-secrets-provider --enable-secret-rotation --rotation-poll-interval 20s`
 
-1. Authorize the system-assigned managed identity of the add-on to have access to the Azure Key Vault resource:
+1. Authorize the user-assigned managed identity of the add-on to have access to the Azure Key Vault resource:
 
     ```bash
     OBJECT_ID=$(az aks show --resource-group $RESOURCE_GROUP --name $CLUSTER --query 'addonProfiles.azureKeyvaultSecretsProvider.identity.objectId' -o tsv)
@@ -56,7 +56,7 @@ The add-on requires Azure CLI version 2.57.0 or later installed. You can run `az
     ```
 
     > [!NOTE]
-    > If you created your Key Vault with Azure RBAC Authorization, follow the instructions [here](https://learn.microsoft.com/azure/key-vault/general/rbac-guide) to create permissions for the managed identity. Add a role assignment for `Key Vault Reader` for the cluster's system-assigned managed identity. 
+    > If you created your Key Vault with Azure RBAC Authorization, follow the instructions [here][akv-rbac-guide] to create permissions for the managed identity. Add a role assignment for `Key Vault Reader` for the cluster's system-assigned managed identity. 
 
 ## Set up Istio-based service mesh addon with plug-in CA certificates
 
@@ -253,6 +253,7 @@ You may need to periodically rotate the certificate authorities for security or
 
 [akv-quickstart]: ../key-vault/general/quick-create-cli.md
 [akv-addon]: ./csi-secrets-store-driver.md
+[akv-rbac-guide]: ../key-vault/general/rbac-guide.md
 [install-azure-cli]: /cli/azure/install-azure-cli
 [az-feature-register]: /cli/azure/feature#az-feature-register
 [az-feature-show]: /cli/azure/feature#az-feature-show
diff --git a/articles/aks/istio-upgrade.md b/articles/aks/istio-upgrade.md
@@ -11,7 +11,7 @@ author: shashankbarsin
 
 This article addresses upgrade experiences for Istio-based service mesh add-on for Azure Kubernetes Service (AKS).
 
-New Istio add-on releases are announced via [AKS release notes](https://github.com/Azure/AKS/releases).
+Announcements about the releases of new minor revisions or patches to the Istio-based service mesh add-on are published in the [AKS release notes][aks-release-notes].
 
 ## Minor revision upgrade
 
