fix(categories): use relative file refs instead of absolute

docs/blog/posts/2024/0001-azure-shared-image-gallery.md

@@ -187,15 +187,15 @@ In no particular order, and in a non-exhaustive list, here are some horror stori
 - Creating a parent and a child resource, updating the parent which forces a
 replacement and then the provided complains not being able to delete the parent
 because the child is still referencing it. I mean, isn't the whole point of
-[IaC](/category/iac/) to be able to create, update and delete resources and the
+[IaC](../../category/iac.md) to be able to create, update and delete resources and the
 underlying provider takes care of the ugly work for you!?
 - The Azure Kubernetes module creates a child resource group for you, and for
 any other node-pool you want to add to the cluster, you can't create a separate
 resource group, but rather, you gotta reference the same resource group to create
 the new node-pool. :exploding_head:
 
 Some of these would have been fine if we weren't promised that
-[IaC](/category/iac/) tools such as OpenTofu are supposed to protect you from a
+[IaC](../../category/iac.md) tools such as OpenTofu are supposed to protect you from a
 need to get into the Azure portal and do the manual chores yourself, the same
 chore the provider should've done for you.
 

docs/blog/posts/2024/0005-install-k3s-on-ubuntu22.md

@@ -69,8 +69,8 @@ environments, and edge computing. It is a fully compliant Kubernetes distributio
 that is packaged in a single binary and requires minimal dependencies.
 
 In this post, I will show you how to install k3s on Ubuntu 22.04 using [Hetzner
-Cloud](/category/hetzner/), [OpenTofu](/category/opentofu/),
-[Ansible](/category/ansible/), and [Cilium](/category/cilium/).
+Cloud](../../category/hetzner.md), [OpenTofu](../../category/opentofu.md),
+[Ansible](../../category/ansible.md), and [Cilium](../../category/cilium.md).
 Stay with me till the end cause we got some cool stuff to cover.
 
 ## Prerequisites

docs/blog/posts/2024/0007-oidc-authentication.md

@@ -42,7 +42,7 @@ The rationale is that those secrets can be compromised and put your account at
 risk. Even on non-extreme cases, you are advised to rotate your credentials and
 having to update every credential can be cumbersome when working at scale.
 
-That's where [OpenID Connect (OIDC)](/category/openid-connect/) comes in.
+That's where [OpenID Connect (OIDC)](../../category/openid-connect.md) comes in.
 
 <!-- subscribe -->
 
@@ -544,7 +544,7 @@ Thanks for reading thus far, *ciao*, and till next time! :saluting_face:
 !!! success "OIDC future blogs"
 
     There will be at least two more blog posts on the
-    [OIDC](/category/openid-connect/) topic. One will be
+    [OIDC](../../category/openid-connect.md) topic. One will be
     to authenticate Kubernetes in-cluster ServiceAccounts with the AWS so that
     the pods can access the AWS services.
 

docs/blog/posts/2024/0009-external-secrets-aks-to-aws-ssm.md

@@ -94,13 +94,13 @@ article.
 First off, we'll
 [create an Azure AKS Kubernetes cluster](#step-0-setting-up-azure-managed-kubernetes-cluster)
 using the official
-[OpenTofu](/category/opentofu) module. The AKS cluster will have its OpenID
+[OpenTofu](../../category/opentofu.md) module. The AKS cluster will have its OpenID
 Connect endpoint exposed to the internet.
 
 We will use that OpenID Connect endpoint to
 [establish a trust relationship between the Kubernetes cluster and the AWS IAM](#step-1-establishing-azure-aks-trust-relationship-with-aws-iam)
 , leveraging
-[OpenID Connect](/category/openid-connect/). This trust relationship will
+[OpenID Connect](../../category/openid-connect.md). This trust relationship will
 allow the Kubernetes cluster's Service Accounts to assume an IAM Role with
 web identity to access AWS resources.
 
@@ -160,7 +160,7 @@ Before we start, you need to have the following prerequisites:
 - [x] Internet accessible endpoint to your Kubernetes API server (1). We have
       covered [how to expose your Kubernetes API server](./0008-k8s-federated-oidc.md)
       in last week's guide. Azure AKS, however, comes with a public
-      [OpenID Connect](/category/openid-connect/) endpoint by default[^7].
+      [OpenID Connect](../../category/openid-connect.md) endpoint by default[^7].
 - [x] An AWS account with the permissions to read and write SSM parameters and
       to create OIDC provider and IAM roles.
 - [x] OpenTofu v1.6[^8]
@@ -270,7 +270,7 @@ Let's write the TF code to create the OIDC provider in the AWS.
 ```
 
 The code should be self-explanatory, especially at this point after covering
-three blog posts on the topic of [OpenID Connect](/category/openid-connect/).
+three blog posts on the topic of [OpenID Connect](../../category/openid-connect.md).
 
 But, let's emphasize the highlighting points:
 
@@ -419,7 +419,7 @@ their GitHub repository's issue[^18].
 The gist of that discussion, if you're not feeling like reading my whole
 rambling, is that the External Secrets operator is not able to assume IAM Role
 with Web Identity outside the AWS EKS Kubernetes cluster; that is, you'll only
-get the benefit of [OpenID Connect](/category/openid-connect/) if
+get the benefit of [OpenID Connect](../../category/openid-connect.md) if
 only you're within AWS[^19] as far as External Secrets operator is concerned.
 
 That is something I consider to be a bug! It shouldn't be the case and they

docs/blog/posts/2024/0010-cert-manager.md

@@ -304,7 +304,7 @@ to talk to the Route53 API for record creation and domain verfication.
 -8<- "docs/blog/codes/2024/0010/hosted-zone/outputs.tf"
 ```
 
-To apply this stack we'll use [OpenTofu](/category/opentofu).
+To apply this stack we'll use [OpenTofu](../../category/opentofu.md).
 
 We could've either separated the stacks to create the Route53 zone beforehand,
 or we will go ahead and target our resources separately from command line as
@@ -349,7 +349,7 @@ We now need an IAM Role with enough permissions to create the DNS records to
 satisfy the DNS01 challenge[^14].
 
 Make sure you have a good understanding of the
-[OpenID Connect](/category/openid-connect/), the technique we're employing in
+[OpenID Connect](../../category/openid-connect.md), the technique we're employing in
 the trust relationship of the AWS IAM Role.
 
 ```hcl title="route53-iam-role/variables.tf"
@@ -373,7 +373,7 @@ tofu plan -out tfplan -var=oidc_issuer_url="KUBERNETES_OIDC_ISSUER_URL"
 tofu apply tfplan
 ```
 
-If you don't know what [OpenID Connect](/category/openid-connect/) is and what
+If you don't know what [OpenID Connect](../../category/openid-connect.md) is and what
 we're doing here, you might want to check out our ealier guides on the
 following topics:
 
@@ -440,13 +440,13 @@ This stack allows the cert-manager controller to talk to AWS Route53.
 
 Notice that we didn't pass any credentials, nor did we have to create any IAM
 User for this communication to work. It's all the power of
-[OpenID Connect](/category/openid-connect/) and
+[OpenID Connect](../../category/openid-connect.md) and
 allows us to establish a trust relationship and never have to worry about any
 credentials in the client service. :white_check_mark:
 
 ### Is There a Simpler Way?
 
-Sure there is. If you don't fancy [OpenID Connect](/category/openid-connect/),
+Sure there is. If you don't fancy [OpenID Connect](../../category/openid-connect.md),
 there is always the option to pass the credentials around in your environment.
 That leaves you with the burden of having to rotate them every now and then,
 but if you're cool with that, there's nothing stopping you from going down
@@ -612,7 +612,7 @@ implementation. Infact, it is unopinionated about the implementation and you
 can use any networking solution that fits your needs and **has support for it**.
 
 In our case, and based on the personal preference and tendency of the author
-:innocent:, we'll use [Cilium](/category/cilium/) as the networking solution,
+:innocent:, we'll use [Cilium](../../category/cilium.md) as the networking solution,
 both as the CNI, as well as the implementation for our Gateway API.
 
 We have covered the [Cilium installation before][k3s-ubuntu], but, for the sake
@@ -629,7 +629,7 @@ And now, let's create the Gateway CRD.
 ```
 
 Notice that we did not create the `gatewayClassName`. It comes as
-battery-included with [Cilium](/category/cilium/). You can find the
+battery-included with [Cilium](../../category/cilium.md). You can find the
 `GatewayClass` as soon as Cilium installation completes with the following
 command:
 

docs/blog/posts/2024/0012-ory-kratos.md

@@ -137,8 +137,8 @@ to your own stack:
 - [x] The Kratos server has been installed as a Helm installation[^3] on a
       Kubernetes cluster. The Kratos public endpoints are exposed to the
       internet using the Gateway API[^4] and with the help of
-      Cilium. We have guides in our archive for [Kubernetes](/category/kubernetes/)
-      and [Cilium](/category/cilium/) installation if you need further help.
+      Cilium. We have guides in our archive for [Kubernetes](../../category/kubernetes.md)
+      and [Cilium](../../category/cilium.md) installation if you need further help.
 - [x] The source code for the frontend[^5] is written in pure Vanilla JavaScript,
       bundled with ViteJS[^6] and built with Bun[^7]. I am by no means a frontender
       as you shall see shortly for yourself, however, the code is
@@ -258,7 +258,7 @@ free version. Not having the same top-level root domain is a big no-no for
 Kratos and its UI and as such, we'll deploy the opensource version in our
 Kubernetes deployment.
 
-If you need assistance setting up a [Kubernetes](/category/kubernetes/) cluster,
+If you need assistance setting up a [Kubernetes](../../category/kubernetes.md) cluster,
 follow one of our earlier guides. The main requirement, however, is that the
 cluster needs to be internet-facing.
 
@@ -281,7 +281,7 @@ in the following ExternalSecret resource; remember all those values in our
 -8<- "docs/blog/codes/2024/0012/kratos/externalsecret.yml"
 ```
 
-The following [Kustomization](/category/kustomization/) patches applied to the
+The following [Kustomization](../../category/kustomization.md) patches applied to the
 HelmRelease are just because of the lack of flexibility in the Ory Kratos' Helm
 chart. We have to manually pass some of the otherwise missing values.
 
@@ -322,8 +322,8 @@ That is to say, if you're not a Kubernetes guy, don't worry. All you need from
 this step, is an internet-accessible Ory Kratos server hosted under the same
 top-level domain as your UI frontend.
 
-Moving forward, we will only work on [JavaScript](/category/javascript/),
-[HTML](/category/html/), and [CSS](/category/css/). :nerd:
+Moving forward, we will only work on [JavaScript](../../category/javascript.md),
+[HTML](../../category/html.md), and [CSS](../../category/css.md). :nerd:
 
 ## Frontend Code
 
@@ -524,8 +524,8 @@ bun run build
 ## CI Definition
 
 When our project is ready to be published, we will use
-[GitHub Actions](/category/github-actions/) to build and deploy the frontend to
-the [GitHub Pages](/category/github-pages/).
+[GitHub Actions](../../category/github-actions.md) to build and deploy the frontend to
+the [GitHub Pages](../../category/github-pages.md).
 
 ```yaml title=".github/workflows/ci.yml"
 -8<- "docs/blog/codes/2024/0012/junk/ci.yml"
@@ -599,7 +599,7 @@ The DNS record we want to create should be the following:
 {{ read_csv('docs/blog/codes/2024/0012/junk/dns.csv') }}
 
 And since the [developer-friendly.blog] domain is hosted on Cloudflare, here's
-how the [IaC](/category/iac/) will look like for such a change.
+how the [IaC](../../category/iac.md) will look like for such a change.
 
 ```hcl title="dns/variables.tf"
 -8<- "docs/blog/codes/2024/0012/dns/variables.tf"
@@ -613,7 +613,7 @@ how the [IaC](/category/iac/) will look like for such a change.
 -8<- "docs/blog/codes/2024/0012/dns/main.tf"
 ```
 
-Now, let's apply this stack using [OpenTofu](/category/opentofu/):
+Now, let's apply this stack using [OpenTofu](../../category/opentofu.md):
 
 ```shell title="" linenums="0"
 export TF_VAR_cloudflare_api_token="PLACEHOLDER"

docs/blog/posts/2024/0013-azure-vm-to-aws.md

@@ -72,7 +72,7 @@ enough. :face_with_monocle:
 If you have never used OIDC ever before, or if you're still doubtful of its
 potential, then this blog post is for you. We have a full archive of posts
 discussing various implementations and integration guides when it comes to
-[OpenID Connect](/category/openid-connect/) should you choose to study this
+[OpenID Connect](../../category/openid-connect.md) should you choose to study this
 topic further.
 
 <!-- subscribe -->
@@ -136,10 +136,10 @@ If you think about it, the AWS doesn't even **need** to keep the identity
 information of such a VM, because it is not a resource managed by AWS after
 all.
 
-That's the whole idea of [OpenID Connect](/category/openid-connect/), and in
-this post, we will provide the [Infrastructure as Code](/category/iac/) to
-implement such a trust relationship between [Azure](/category/azure/) and
-[AWS](/category/aws/).
+That's the whole idea of [OpenID Connect](../../category/openid-connect.md), and in
+this post, we will provide the [Infrastructure as Code](../../category/iac.md) to
+implement such a trust relationship between [Azure](../../category/azure.md) and
+[AWS](../../category/aws.md).
 
 ## Directory Structure
 
@@ -266,7 +266,7 @@ At this point, we should head over to AWS to create a new IAM Role with the
 proper conditionals and trust relationship to Azure AD.
 
 The idea is that using the newly created
-[OpenID Connect](/category/openid-connect/) provider in the last
+[OpenID Connect](../../category/openid-connect.md) provider in the last
 step, we can now instruct the AWS IAM to grant access to ^^any identity coming
 from such a provider^^ and ^^has a specific subject claim^^ in its JWT token.
 
@@ -294,7 +294,7 @@ This stack contains two main components, which we'll explain below.
 
 ### 1. User Assigned Identity
 
-The first one includes creating an [Azure](/category/azure/) User Assigned
+The first one includes creating an [Azure](../../category/azure.md) User Assigned
 Identity. This will be the identity of our Virtual Machine in the next step. It
 is basically like a username assigned to the VM of our choice and it is
 guaranteed to be unique and persistent; that's the reason we can rely on its ID
@@ -334,15 +334,15 @@ have an IAM Role similar to what you see below:
 
 At this point all is ready from administration and managerial point of view.
 We only need to create the VM, let it know which IAM Role it should assume,
-and make a test API call to [AWS](/category/aws/) to list the S3 buckets.
+and make a test API call to [AWS](../../category/aws.md) to list the S3 buckets.
 
 If that works, all this has been successful.
 
 Therefore, we have two main objectives:
 
 1. Create the Azure VM using TF code for the provisioning stage.
 2. Wait a bit for the VM to be ready and then run an
-   [Ansible](/category/ansible/) playbook to take care of the rest.
+   [Ansible](../../category/ansible.md) playbook to take care of the rest.
 
 In Azure, any VM with an identity attached can fetch an access token[^5]. You
 can grant such identity permissions in and outside Azure cloud. For us, this
@@ -424,7 +424,7 @@ with the following Debian image that has ARM64 support[^8].
 For the VM user data, we're leveraging the cloud-init[^9]. Do check them out if
 not already, but know that I personally find them very limited in terms of
 functionality. In more complex cases, I'd rather run
-[Ansible](/category/ansible/) playbooks and save the golden image for further
+[Ansible](../../category/ansible.md) playbooks and save the golden image for further
 use.
 
 In a nutshell, in the following config we're installing Azure CLI, AWS CLI,
@@ -556,7 +556,7 @@ token[^13].
 ## Conclusion
 
 This blog post should wash away all doubts you might have had about the
-potential of [OpenID Connect](/category/openid-connect/) and how it can improve
+potential of [OpenID Connect](../../category/openid-connect.md) and how it can improve
 the security posture of your platform.
 
 This is not the only use-case of OIDC, yet you can see the huge gain we've

docs/blog/posts/2024/0015-ory-oathkeeper.md

@@ -746,27 +746,27 @@ Make your decisions wisely, and do the right things before doing things right.
 
 Happy hacking and until next time :saluting_face:, _ciao_. :penguin: :crab:
 
-[Kubernetes]: /category/kubernetes/
-[FluxCD]: /category/fluxcd/
-[cert-manager]: /category/cert-manager/
-[ESO]: /category/external-secrets/
+[Kubernetes]: ../../category/kubernetes.md
+[FluxCD]: ../../category/fluxcd.md
+[cert-manager]: ../../category/cert-manager.md
+[ESO]: ../../category/external-secrets.md
 [How to Access AWS From Azure VM Using OpenID Connect]: ./0013-azure-vm-to-aws.md
-[Azure]: /category/azure/
-[Ory]: /category/ory/
-[Kustomization]: /category/kustomization/
-[Jaeger]: /category/jaeger/
+[Azure]: ../../category/azure.md
+[Ory]: ../../category/ory.md
+[Kustomization]: ../../category/kustomization.md
+[Jaeger]: ../../category/jaeger.md
 [Ory Kratos: Headless Authentication, Identity and User Management]: ./0012-ory-kratos.md
 [cert-manager: All-in-One Kubernetes TLS Certificate Manager]: ./0010-cert-manager.md
 [External Secrets Operator: Fetching AWS SSM Parameters into Azure AKS]: ./0009-external-secrets-aks-to-aws-ssm.md
 [GitOps Demystified: Introduction to FluxCD for Kubernetes]: ./0006-gettings-started-with-gitops-and-fluxcd.md
 [our previous _echo server_ example]: ./0010-cert-manager.md#step-4-https-application
 [previously deployed Ory Kratos server]: ./0012-ory-kratos.md#kratos-deployment
-[Gateway API]: /category/gateway-api/
+[Gateway API]: ../../category/gateway-api.md
 [GitOps Continuous Deployment: FluxCD Advanced CRDs]: ./0011-fluxcd-advanced-topics.md
 [Oathkeeper server configuration]: #oathkeeper-server-configuration
-[Oathkeeper]: /category/oathkeeper/
-[OpenID Connect]: /category/openid-connect/
-[Kratos]: /category/kratos/
+[Oathkeeper]: ../../category/oathkeeper.md
+[OpenID Connect]: ../../category/openid-connect.md
+[Kratos]: ../../category/kratos.md
 
 [^grpc-middleware]: https://www.ory.sh/docs/oathkeeper/grpc-middleware
 [^websocket-support]: https://www.ory.sh/docs/oathkeeper/guides/proxy-websockets