Add STACKIT to readme (#2988)

* Add STACKIT to readme

and sort CSPs alphabetically in sentences

* fix links

docs/versioned_docs/version-2.16/architecture/keys.md

@@ -105,7 +105,7 @@ Initially, it will support the following KMSs:
 * [Azure Key Vault](https://azure.microsoft.com/en-us/services/key-vault/#product-overview)
 * [KMIP-compatible KMS](https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=kmip)
 
-Storing the keys in Cloud KMS of AWS, GCP, or Azure binds the key usage to the particular cloud identity access management (IAM).
+Storing the keys in Cloud KMS of AWS, Azure, or GCP binds the key usage to the particular cloud identity access management (IAM).
 In the future, Constellation will support remote attestation-based access policies for Cloud KMS once available.
 Note that using a Cloud KMS limits the isolation and protection to the guarantees of the particular offering.
 

docs/versioned_docs/version-2.16/getting-started/install.md

@@ -9,7 +9,7 @@ Make sure the following requirements are met:
 * Your machine is running Linux, macOS, or Windows
 * You have admin rights on your machine
 * [kubectl](https://kubernetes.io/docs/tasks/tools/) is installed
-* Your CSP is Microsoft Azure, Google Cloud Platform (GCP), Amazon Web Services (AWS), or STACKIT
+* Your CSP is Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), or STACKIT
 
 ## Install the Constellation CLI
 
@@ -398,6 +398,7 @@ You need to authenticate with the infrastructure API (OpenStack) and create a se
 
 1. [Follow the STACKIT documentation](https://docs.stackit.cloud/stackit/en/step-1-generating-of-user-access-token-11763726.html) for obtaining a User Access Token (UAT) to use the infrastructure API
 2. Create a configuration file under `~/.config/openstack/clouds.yaml` (`%AppData%\openstack\clouds.yaml` on Windows) with the credentials from the User Access Token
+
     ```yaml
     clouds:
         stackit:
@@ -412,9 +413,11 @@ You need to authenticate with the infrastructure API (OpenStack) and create a se
             region_name: RegionOne
             identity_api_version: 3
     ```
+
 3. [Follow the STACKIT documentation](https://docs.stackit.cloud/stackit/en/getting-started-in-service-accounts-134415831.html) for creating a service account and an access token
 4. Assign the `editor` role to the service account by [following the documentation](https://docs.stackit.cloud/stackit/en/getting-started-in-service-accounts-134415831.html)
 5. Create a configuration file under `~/.stackit/credentials.json` (`%USERPROFILE%\.stackit\credentials.json` on Windows)
+
     ```json
     {"STACKIT_SERVICE_ACCOUNT_TOKEN":"REPLACE_WITH_TOKEN"}
     ```

docs/versioned_docs/version-2.16/overview/clouds.md

@@ -34,13 +34,12 @@ Thus, the Azure closed-source firmware becomes part of Constellation's trusted c
 
 ## Google Cloud Platform (GCP)
 
-The [CVMs Generally Available in GCP](https://cloud.google.com/compute/confidential-vm/docs/create-confidential-vm-instance) are based on AMD SEV but don't have SNP features enabled.
-CVMs with SEV-SNP enabled are currently in [public preview](https://cloud.google.com/blog/products/identity-security/rsa-snp-vm-more-confidential). Regarding (3), with their SEV-SNP offering Google provides direct access to remote-attestation statements.
+The [CVMs Generally Available in GCP](https://cloud.google.com/confidential-computing/confidential-vm/docs/confidential-vm-overview#amd_sev) are based on AMD SEV but don't have SNP features enabled.
+CVMs with [SEV-SNP enabled are in public preview](https://cloud.google.com/confidential-computing/confidential-vm/docs/confidential-vm-overview#amd_sev-snp). Regarding (3), with their SEV-SNP offering Google provides direct access to remote-attestation statements.
 However, regarding (5), attestation is partially based on the [Shielded VM vTPM](https://cloud.google.com/compute/shielded-vm/docs/shielded-vm#vtpm) for [measured boot](../architecture/attestation.md#measured-boot), which is a vTPM managed by Google's hypervisor.
 Hence, the hypervisor is currently part of Constellation's TCB.
 Regarding (4), the CVMs still include closed-source firmware.
 
-
 In the past, Intel and Google have [collaborated](https://cloud.google.com/blog/products/identity-security/rsa-google-intel-confidential-computing-more-secure) to enhance the security of TDX.
 Recently, Google has announced a [private preview for TDX](https://cloud.google.com/blog/products/identity-security/confidential-vms-on-intel-cpus-your-datas-new-intelligent-defense?hl=en).
 With TDX on Google, Constellation has a similar TCB and attestation flow as with the current SEV-SNP offering.

docs/versioned_docs/version-2.16/overview/product.md

@@ -6,7 +6,7 @@ From a security perspective, Constellation implements the [Confidential Kubernet
 
 From an operational perspective, Constellation provides the following key features:
 
-* **Native support for different clouds**: Constellation works on Microsoft Azure, Google Cloud Platform (GCP), Amazon Web Services (AWS), and STACKIT. Support for OpenStack-based environments is coming with a future release. Constellation securely interfaces with the cloud infrastructure to provide [cluster autoscaling](https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler), [dynamic persistent volumes](https://kubernetes.io/docs/concepts/storage/dynamic-provisioning/), and [service load balancing](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer).
+* **Native support for different clouds**: Constellation works on Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), and STACKIT. Support for OpenStack-based environments is coming with a future release. Constellation securely interfaces with the cloud infrastructure to provide [cluster autoscaling](https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler), [dynamic persistent volumes](https://kubernetes.io/docs/concepts/storage/dynamic-provisioning/), and [service load balancing](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer).
 * **High availability**: Constellation uses a [multi-master architecture](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/high-availability/) with a [stacked etcd topology](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/ha-topology/#stacked-etcd-topology) to ensure high availability.
 * **Integrated Day-2 operations**: Constellation lets you securely [upgrade](../workflows/upgrade.md) your cluster to a new release. It also lets you securely [recover](../workflows/recovery.md) a failed cluster. Both with a single command.
 * **Support for Terraform**: Constellation includes a [Terraform provider](../workflows/terraform-provider.md) that lets you manage the full lifecycle of your cluster via Terraform.

docs/versioned_docs/version-2.16/workflows/config.md

@@ -135,7 +135,7 @@ This configuration creates an additional node group `high_cpu` with a larger ins
 
 You can use the field `zone` to specify what availability zone nodes of the group are placed in.
 On Azure, this field is empty by default and nodes are automatically spread across availability zones.
-STACKIT currently offers SEV-enabled CPUs in the `eu01-1`, `eu01-2` and `eu01-3` zones.
+STACKIT currently offers SEV-enabled CPUs in the `eu01-1`, `eu01-2`, and `eu01-3` zones.
 Consult the documentation of your cloud provider for more information:
 
 * [AWS](https://aws.amazon.com/about-aws/global-infrastructure/regions_az/)

docs/versioned_docs/version-2.16/workflows/recovery.md

@@ -123,7 +123,7 @@ This means that you have to recover the node manually.
 
 First, open the STACKIT portal to view all servers in your project. Select individual control plane nodes `<cluster-name>-<UID>-control-plane-<UID>-<index>` and check that enough members are in a *Running* state.
 
-Second, check the boot logs of these *Servers*. Click on a server name and select **Overview**. Find the **Machine Setup** section and click on **Web console** > **Open console**.
+Second, check the boot logs of these servers. Click on a server name and select **Overview**. Find the **Machine Setup** section and click on **Web console** > **Open console**.
 
 In the serial console output, search for `Waiting for decryption key`.
 Similar output to the following means your node was restarted and needs to decrypt the [state disk](../architecture/images.md#state-disk):