Add ARO SP to MI migration guide (Part 1 & Part 2)

[sgkevin1980]

Summary

Two-part guide for ARO Service Principal to Managed Identity migration:

• Part 1 (index.md) — What changes in authentication (cluster operators + application workloads), why MI matters, and migration methodology
• Part 2 (migration-demo.md) — Hands-on walkthrough with two demo apps: keyvault-reader (requires code change from ClientSecretCredential to DefaultAzureCredential) and blob-writer (requires only K8s manifest changes)
• Demo apps — Complete source code, Dockerfiles, and K8s manifests for both SP and MI deployments

Both demo apps have been deployed and validated on an MI cluster with workload identity.

Files

content/aro/aro-sp-mi/
├── index.md                  # Part 1: SP vs MI explained
├── migration-demo.md         # Part 2: Hands-on migration walkthrough
└── demo-apps/
    ├── keyvault-reader/      # Key Vault demo (code + config change)
    └── blob-writer/          # Blob Storage demo (config-only change)

Test plan

• Review Part 1 for technical accuracy (identity architecture, mermaid diagrams, migration methodology)
• Review Part 2 for walkthrough completeness (prerequisites, steps, validation commands)
• Verify demo app code matches article snippets
• Verify internal links between Part 1 and Part 2 resolve correctly

[netlify]

✅ Deploy Preview for rh-cloud-experts ready!

Name	Link
🔨 Latest commit	a0567d2
🔍 Latest deploy log	https://app.netlify.com/projects/rh-cloud-experts/deploys/6a181cdccef27a000760061d
😎 Deploy Preview	https://deploy-preview-935--rh-cloud-experts.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[paulczar]

This is well-researched content and the technical accuracy looks good. Three things need addressing before merge:

1. Demo app code should live in a separate repo

The demo-apps/ directory (Python apps, Dockerfiles, K8s manifests) doesn't belong in a docs repo — this code has its own lifecycle (dependency updates, SDK version bumps, bug fixes) that is separate from the article. The standard pattern is a dedicated repo (e.g. rh-mobb/aro-sp-mi-demo) that readers git clone at the start of Part 2. The article keeps the relevant snippets inline — just not the full source files.

2. Part 2 is a 404

Because index.md exists in aro-sp-mi/, Hugo treats this as a leaf bundle. migration-demo.md becomes a page resource with no URL — both /experts/aro/aro-sp-mi/migration-demo/ and every link to Part 2 in the article return 404. Fix: restructure as a branch bundle (matching how content/aro/setup-quay/ works):

• rename index.md → _index.md
• move migration-demo.md → migration-demo/index.md

3. Mermaid diagrams render as raw code

The fenced ```mermaid ``` syntax is not processed by the rhds theme — the three sequence diagrams display as line-numbered code blocks showing raw mermaid syntax. Please replace with static images (PNG or SVG exported from https://mermaid.live).

4. Em dashes

Site style prohibits em dashes. There are 33 instances across both files. Please replace with commas, semicolons, or rewrite the sentence (e.g. "operators authenticate to Azure APIs" not "operators — how they authenticate to Azure APIs").

[paulczar]

The rhds theme does not render fenced mermaid blocks — this displays as a raw code block showing the mermaid syntax. Please replace with a static image (PNG or SVG exported from https://mermaid.live).

[paulczar]

Same issue as above — this mermaid block renders as raw code. Replace with a static image.

[paulczar]

Same issue — replace with a static image exported from https://mermaid.live.