Deployed 715e0dc to main with MkDocs 1.2.3 and mike 1.1.2

main/provider-akeyless/index.html

@@ -1319,7 +1319,7 @@
 
 <h3 id="update-secret-store">Update secret store</h3>
 <p>Be sure the <code>akeyless</code> provider is listed in the <code>Kind=SecretStore</code> and the <code>akeylessGWApiURL</code> is set (def: "https://api.akeless.io".</p>
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
+<p><div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
 <span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
 <span class="nt">metadata</span><span class="p">:</span>
   <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">akeyless-secret-store</span>
@@ -1340,7 +1340,7 @@
             <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">akeylss-secret-creds</span>
             <span class="nt">key</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">accessTypeParam</span>
 </code></pre></div>
-
+<strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> for <code>accessID</code>, <code>accessType</code> and <code>accessTypeParam</code> with the namespaces where the secrets reside.</p>
 <h3 id="creating-external-secret">Creating external secret</h3>
 <p>To get a secret from Akeyless and secret it on the Kubernetes cluster, a <code>Kind=ExternalSecret</code> is needed.</p>
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>

main/provider-aws-parameter-store/index.html

@@ -1276,7 +1276,7 @@
 defined region. You should define Roles that define fine-grained access to
 individual secrets and pass them to ESO using <code>spec.provider.aws.role</code>. This
 way users of the <code>SecretStore</code> can only access the secrets necessary.</p>
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
+<p><div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
 <span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
 <span class="nt">metadata</span><span class="p">:</span>
   <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">secretstore-sample</span>
@@ -1297,7 +1297,7 @@ way users of the <code>SecretStore</code> can only access the secrets necessary.
             <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">awssm-secret</span>
             <span class="nt">key</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">secret-access-key</span>
 </code></pre></div>
-
+<strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> in <code>accessKeyIDSecretRef</code> and <code>secretAccessKeySecretRef</code>  with the namespaces where the secrets reside.</p>
 <div class="admonition warning">
 <p class="admonition-title">API Pricing &amp; Throttling</p>
 <p>The SSM Parameter Store API is charged by throughput and
@@ -1371,7 +1371,7 @@ Please estimate your costs before using ESO. Cost depends on the RefreshInterval
 <h3 id="access-key-id-secret-access-key">Access Key ID &amp; Secret Access Key</h3>
 <p><img alt="SecretRef" src="../pictures/diagrams-provider-aws-auth-secret-ref.png" /></p>
 <p>You can store Access Key ID &amp; Secret Access Key in a <code>Kind=Secret</code> and reference it from a SecretStore.</p>
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
+<p><div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
 <span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
 <span class="nt">metadata</span><span class="p">:</span>
   <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">team-b-store</span>
@@ -1391,7 +1391,7 @@ Please estimate your costs before using ESO. Cost depends on the RefreshInterval
             <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">awssm-secret</span>
             <span class="nt">key</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">secret-access-key</span>
 </code></pre></div>
-
+<strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> in <code>accessKeyIDSecretRef</code>, <code>secretAccessKeySecretRef</code>  with the namespaces where the secrets reside.</p>
 <h3 id="eks-service-account-credentials">EKS Service Account credentials</h3>
 <p><img alt="Service Account" src="../pictures/diagrams-provider-aws-auth-service-account.png" /></p>
 <p>This feature lets you use short-lived service account tokens to authenticate with AWS.
@@ -1420,7 +1420,8 @@ You must have <a href="https://kubernetes.io/docs/tasks/configure-pod-container/
         <span class="nt">jwt</span><span class="p">:</span>
           <span class="nt">serviceAccountRef</span><span class="p">:</span>
             <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">my-serviceaccount</span>
-</code></pre></div></p>
+</code></pre></div>
+<strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> for <code>serviceAccountRef</code> with the namespace where the service account resides.</p>
 
               
             </article>

main/provider-aws-secrets-manager/index.html

@@ -1276,7 +1276,7 @@
 defined region. You should define Roles that define fine-grained access to
 individual secrets and pass them to ESO using <code>spec.provider.aws.role</code>. This
 way users of the <code>SecretStore</code> can only access the secrets necessary.</p>
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
+<p><div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
 <span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
 <span class="nt">metadata</span><span class="p">:</span>
   <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">secretstore-sample</span>
@@ -1299,7 +1299,7 @@ way users of the <code>SecretStore</code> can only access the secrets necessary.
             <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">awssm-secret</span>
             <span class="nt">key</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">secret-access-key</span>
 </code></pre></div>
-
+<strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> in <code>accessKeyIDSecretRef</code> and <code>secretAccessKeySecretRef</code>  with the namespaces where the secrets reside.</p>
 <h3 id="iam-policy">IAM Policy</h3>
 <p>Create a IAM Policy to pin down access to secrets matching <code>dev-*</code>.</p>
 <div class="highlight"><pre><span></span><code><span class="p">{</span>
@@ -1379,7 +1379,7 @@ way users of the <code>SecretStore</code> can only access the secrets necessary.
 <h3 id="access-key-id-secret-access-key">Access Key ID &amp; Secret Access Key</h3>
 <p><img alt="SecretRef" src="../pictures/diagrams-provider-aws-auth-secret-ref.png" /></p>
 <p>You can store Access Key ID &amp; Secret Access Key in a <code>Kind=Secret</code> and reference it from a SecretStore.</p>
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
+<p><div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
 <span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
 <span class="nt">metadata</span><span class="p">:</span>
   <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">team-b-store</span>
@@ -1399,7 +1399,7 @@ way users of the <code>SecretStore</code> can only access the secrets necessary.
             <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">awssm-secret</span>
             <span class="nt">key</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">secret-access-key</span>
 </code></pre></div>
-
+<strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> in <code>accessKeyIDSecretRef</code>, <code>secretAccessKeySecretRef</code>  with the namespaces where the secrets reside.</p>
 <h3 id="eks-service-account-credentials">EKS Service Account credentials</h3>
 <p><img alt="Service Account" src="../pictures/diagrams-provider-aws-auth-service-account.png" /></p>
 <p>This feature lets you use short-lived service account tokens to authenticate with AWS.
@@ -1428,7 +1428,8 @@ You must have <a href="https://kubernetes.io/docs/tasks/configure-pod-container/
         <span class="nt">jwt</span><span class="p">:</span>
           <span class="nt">serviceAccountRef</span><span class="p">:</span>
             <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">my-serviceaccount</span>
-</code></pre></div></p>
+</code></pre></div>
+<strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> for <code>serviceAccountRef</code> with the namespace where the service account resides.</p>
 
               
             </article>

main/provider-azure-key-vault/index.html

@@ -1293,7 +1293,7 @@
 
 <h3 id="update-secret-store">Update secret store</h3>
 <p>Be sure the <code>azurekv</code> provider is listed in the <code>Kind=SecretStore</code></p>
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
+<p><div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
 <span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
 <span class="nt">metadata</span><span class="p">:</span>
   <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">example-secret-store</span>
@@ -1315,7 +1315,7 @@
           <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">azure-secret-sp</span>
           <span class="nt">key</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">ClientSecret</span>
 </code></pre></div>
-
+<strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> in <code>clientId</code> and <code>clientSecret</code>  with the namespaces where the secrets reside.</p>
 <p>Or in case of Managed Idenetity authentication:</p>
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
 <span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">SecretStore</span>

main/provider-gitlab-project-variables/index.html

@@ -1292,7 +1292,7 @@
 
 <h3 id="update-secret-store">Update secret store</h3>
 <p>Be sure the <code>gitlab</code> provider is listed in the <code>Kind=SecretStore</code> and the ProjectID is set. If you are not using <code>https://gitlab.com</code>, you must set the <code>url</code> field as well.</p>
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
+<p><div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
 <span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
 <span class="nt">metadata</span><span class="p">:</span>
   <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">gitlab-secret-store</span>
@@ -1308,7 +1308,7 @@
             <span class="nt">key</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">token</span>
       <span class="nt">projectID</span><span class="p">:</span> <span class="s">&quot;**project</span><span class="nv"> </span><span class="s">ID</span><span class="nv"> </span><span class="s">goes</span><span class="nv"> </span><span class="s">here**&quot;</span>
 </code></pre></div>
-
+<strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> in <code>accessToken</code> with the namespace where the secret resides.</p>
 <p>Your project ID can be found on your project's page.
 <img alt="projectID" src="../pictures/screenshot_gitlab_projectID.png" /></p>
 <h3 id="creating-external-secret">Creating external secret</h3>

main/provider-google-secrets-manager/index.html

@@ -1416,7 +1416,6 @@ You just need to set the <code>projectID</code>, all other fields can be omitted
     <span class="no">}</span>
 </code></pre></div>
 
-<p><strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> for <code>SecretAccessKeyRef</code> with the namespace of the secret that we just created.</p>
 <h4 id="update-secret-store">Update secret store</h4>
 <p>Be sure the <code>gcpsm</code> provider is listed in the <code>Kind=SecretStore</code></p>
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
@@ -1434,6 +1433,7 @@ You just need to set the <code>projectID</code>, all other fields can be omitted
         <span class="nt">projectID</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">myproject</span>                  <span class="c1"># name of Google Cloud project</span>
 </code></pre></div>
 
+<p><strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> for <code>SecretAccessKeyRef</code> with the namespace of the secret that we just created.</p>
 <h4 id="creating-external-secret">Creating external secret</h4>
 <p>To create a kubernetes secret from the GCP Secret Manager secret a <code>Kind=ExternalSecret</code> is needed.</p>
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>

main/provider-hashicorp-vault/index.html

@@ -1369,7 +1369,7 @@ management. Vault itself implements lots of different secret engines, as of now
 <a href="https://www.vaultproject.io/docs/secrets/kv">KV Secrets Engine</a>.</p>
 <h3 id="example">Example</h3>
 <p>First, create a SecretStore with a vault backend. For the sake of simplicity we'll use a static token <code>root</code>:</p>
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
+<p><div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
 <span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
 <span class="nt">metadata</span><span class="p">:</span>
   <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">vault-backend</span>
@@ -1384,7 +1384,6 @@ management. Vault itself implements lots of different secret engines, as of now
         <span class="c1"># https://www.vaultproject.io/docs/auth/token</span>
         <span class="nt">tokenSecretRef</span><span class="p">:</span>
           <span class="nt">name</span><span class="p">:</span> <span class="s">&quot;vault-token&quot;</span>
-          <span class="nt">namespace</span><span class="p">:</span> <span class="s">&quot;default&quot;</span>
           <span class="nt">key</span><span class="p">:</span> <span class="s">&quot;token&quot;</span>
 <span class="nn">---</span>
 <span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">v1</span>
@@ -1394,7 +1393,7 @@ management. Vault itself implements lots of different secret engines, as of now
 <span class="nt">data</span><span class="p">:</span>
   <span class="nt">token</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">cm9vdA==</span> <span class="c1"># &quot;root&quot;</span>
 </code></pre></div>
-
+<strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> for <code>tokenSecretRef</code> with the namespace of the secret that we just created.</p>
 <p>Then create a simple k/v pair at path <code>secret/foo</code>:</p>
 <div class="highlight"><pre><span></span><code>vault kv put secret/foo my-value=s3cr3t
 </code></pre></div>
@@ -1437,7 +1436,7 @@ management. Vault itself implements lots of different secret engines, as of now
 trade-offs. Depending on the authentication method you need to adapt your environment.</p>
 <h4 id="token-based-authentication">Token-based authentication</h4>
 <p>A static token is stored in a <code>Kind=Secret</code> and is used to authenticate with vault.</p>
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
+<p><div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
 <span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
 <span class="nt">metadata</span><span class="p">:</span>
   <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">vault-backend</span>
@@ -1453,14 +1452,13 @@ trade-offs. Depending on the authentication method you need to adapt your enviro
         <span class="c1"># https://www.vaultproject.io/docs/auth/token</span>
         <span class="nt">tokenSecretRef</span><span class="p">:</span>
           <span class="nt">name</span><span class="p">:</span> <span class="s">&quot;my-secret&quot;</span>
-          <span class="nt">namespace</span><span class="p">:</span> <span class="s">&quot;secret-admin&quot;</span>
           <span class="nt">key</span><span class="p">:</span> <span class="s">&quot;vault-token&quot;</span>
 </code></pre></div>
-
+<strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> in <code>tokenSecretRef</code> with the namespace where the secret resides.</p>
 <h4 id="approle-authentication-example">AppRole authentication example</h4>
 <p><a href="https://www.vaultproject.io/docs/auth/approle">AppRole authentication</a> reads the secret id from a
 <code>Kind=Secret</code> and uses the specified <code>roleId</code> to aquire a temporary token to fetch secrets.</p>
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
+<p><div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
 <span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
 <span class="nt">metadata</span><span class="p">:</span>
   <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">vault-backend</span>
@@ -1483,10 +1481,9 @@ trade-offs. Depending on the authentication method you need to adapt your enviro
           <span class="c1"># Reference to a key in a K8 Secret that contains the App Role SecretId</span>
           <span class="nt">secretRef</span><span class="p">:</span>
             <span class="nt">name</span><span class="p">:</span> <span class="s">&quot;my-secret&quot;</span>
-            <span class="nt">namespace</span><span class="p">:</span> <span class="s">&quot;secret-admin&quot;</span>
             <span class="nt">key</span><span class="p">:</span> <span class="s">&quot;secret-id&quot;</span>
 </code></pre></div>
-
+<strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> in <code>secretRef</code> with the namespace where the secret resides.</p>
 <h4 id="kubernetes-authentication">Kubernetes authentication</h4>
 <p><a href="https://www.vaultproject.io/docs/auth/kubernetes">Kubernetes-native authentication</a> has three
 options of optaining credentials for vault:</p>
@@ -1496,7 +1493,7 @@ options of optaining credentials for vault:</p>
 <li>by using transient credentials from the mounted service account token within the
     external-secrets operator</li>
 </ol>
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
+<p><div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
 <span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
 <span class="nt">metadata</span><span class="p">:</span>
   <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">vault-backend</span>
@@ -1520,21 +1517,19 @@ options of optaining credentials for vault:</p>
           <span class="c1"># of a kubernetes ServiceAccount</span>
           <span class="nt">serviceAccountRef</span><span class="p">:</span>
             <span class="nt">name</span><span class="p">:</span> <span class="s">&quot;my-sa&quot;</span>
-            <span class="nt">namespace</span><span class="p">:</span> <span class="s">&quot;secret-admin&quot;</span>
           <span class="c1"># Optional secret field containing a Kubernetes ServiceAccount JWT</span>
           <span class="c1">#  used for authenticating with Vault</span>
           <span class="nt">secretRef</span><span class="p">:</span>
             <span class="nt">name</span><span class="p">:</span> <span class="s">&quot;my-secret&quot;</span>
-            <span class="nt">namespace</span><span class="p">:</span> <span class="s">&quot;secret-admin&quot;</span>
             <span class="nt">key</span><span class="p">:</span> <span class="s">&quot;vault&quot;</span>
 </code></pre></div>
-
+<strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> in <code>serviceAccountRef</code> or in <code>secretRef</code>, if used.</p>
 <h4 id="ldap-authentication">LDAP authentication</h4>
 <p><a href="https://www.vaultproject.io/docs/auth/ldap">LDAP authentication</a> uses
 username/password pair to get an access token. Username is stored directly in
 a <code>Kind=SecretStore</code> or <code>Kind=ClusterSecretStore</code> resource, password is stored
 in a <code>Kind=Secret</code> referenced by the <code>secretRef</code>.</p>
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
+<p><div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
 <span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
 <span class="nt">metadata</span><span class="p">:</span>
   <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">vault-backend</span>
@@ -1555,16 +1550,15 @@ in a <code>Kind=Secret</code> referenced by the <code>secretRef</code>.</p>
           <span class="nt">username</span><span class="p">:</span> <span class="s">&quot;username&quot;</span>
           <span class="nt">secretRef</span><span class="p">:</span>
             <span class="nt">name</span><span class="p">:</span> <span class="s">&quot;my-secret&quot;</span>
-            <span class="nt">namespace</span><span class="p">:</span> <span class="s">&quot;secret-admin&quot;</span>
             <span class="nt">key</span><span class="p">:</span> <span class="s">&quot;ldap-password&quot;</span>
 </code></pre></div>
-
+<strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> in <code>secretRef</code> with the namespace where the secret resides.</p>
 <h4 id="jwtoidc-authentication">JWT/OIDC authentication</h4>
 <p><a href="https://www.vaultproject.io/docs/auth/jwt">JWT/OIDC</a> uses a
 <a href="https://jwt.io/">JWT</a> token stored in a <code>Kind=Secret</code> and referenced by the
 <code>secretRef</code>. Optionally a <code>role</code> field can be defined in a <code>Kind=SecretStore</code>
 or <code>Kind=ClusterSecretStore</code> resource.</p>
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
+<p><div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
 <span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
 <span class="nt">metadata</span><span class="p">:</span>
   <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">vault-backend</span>
@@ -1585,10 +1579,9 @@ or <code>Kind=ClusterSecretStore</code> resource.</p>
           <span class="nt">role</span><span class="p">:</span> <span class="s">&quot;vault-jwt-role&quot;</span>
           <span class="nt">secretRef</span><span class="p">:</span>
             <span class="nt">name</span><span class="p">:</span> <span class="s">&quot;my-secret&quot;</span>
-            <span class="nt">namespace</span><span class="p">:</span> <span class="s">&quot;secret-admin&quot;</span>
             <span class="nt">key</span><span class="p">:</span> <span class="s">&quot;jwt-token&quot;</span>
 </code></pre></div>
-
+<strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> in <code>secretRef</code> with the namespace where the secret resides.</p>
 <h3 id="vault-enterprise-and-eventual-consistency">Vault Enterprise and Eventual Consistency</h3>
 <p>When using Vault Enterprise with <a href="https://www.vaultproject.io/docs/enterprise/consistency#performance-standby-nodes">performance standby nodes</a>,
 any follower can handle read requests immediately after the provider has

main/provider-ibm-secrets-manager/index.html

@@ -1358,7 +1358,7 @@
 
 <h3 id="update-secret-store">Update secret store</h3>
 <p>Be sure the <code>ibm</code> provider is listed in the <code>Kind=SecretStore</code></p>
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
+<p><div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
 <span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
 <span class="nt">metadata</span><span class="p">:</span>
   <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">secretstore-sample</span>
@@ -1372,7 +1372,7 @@
             <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">ibm-secret</span>
             <span class="nt">key</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">apiKey</span>
 </code></pre></div>
-
+<strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> in <code>secretApiKeySecretRef</code> with the namespace where the secret resides.</p>
 <p>To find your serviceURL, under your Secrets Manager resource, go to "Endpoints" on the left.
 Note: Use the url without the <code>/api</code> suffix that is presented in the UI.
 See here for a list of <a href="https://cloud.ibm.com/apidocs/secrets-manager#getting-started-endpoints">publicly available endpoints</a>.</p>

main/provider-oracle-vault/index.html

@@ -1308,6 +1308,7 @@ This will automatically generate a fingerprint.
             <span class="nt">key</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">fingerprint</span>
 </code></pre></div>
 
+<p><strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> in <code>privatekey</code> and <code>fingerprint</code> with the namespaces where the secrets reside.</p>
 <h3 id="creating-external-secret">Creating external secret</h3>
 <p>To create a kubernetes secret from the Oracle Cloud Interface secret a<code>Kind=ExternalSecret</code> is needed.</p>
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>

main/provider-webhook/index.html

@@ -1272,6 +1272,7 @@
 </code></pre></div>
 
 <p>NB: This is obviously not practical because it just returns the key as the result, but it shows how it works</p>
+<p><strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> in all <code>secrets</code> references with the namespaces where the secrets reside.</p>
 <p>Now create an ExternalSecret that uses the above SecretStore:</p>
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
 <span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
@@ -1331,14 +1332,14 @@ Each secret has a <code>name</code> property which determines the name of the ob
       <span class="c1"># Use this name to refer to this secret in templating, above</span>
       <span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">&lt;name&gt;</span>
         <span class="nt">secretRef</span><span class="p">:</span>
-          <span class="nt">namespace</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">&lt;namespace&gt;</span>
+          <span class="nt">namespace</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">&lt;namespace&gt;</span> <span class="c1"># Only used in ClusterSecretStores</span>
           <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">&lt;name&gt;</span>
       <span class="c1"># Add CAs here for the TLS handshake</span>
       <span class="nt">caBundle</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">&lt;base64 encoded cabundle&gt;</span>
       <span class="nt">caProvider</span><span class="p">:</span>
         <span class="nt">type</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">Secret or COnfigMap</span>
         <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">&lt;name of secret or configmap&gt;</span>
-        <span class="nt">namespace</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">&lt;namespace&gt;</span>
+        <span class="nt">namespace</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">&lt;namespace&gt;</span> <span class="c1"># Only used in ClusterSecretStores</span>
         <span class="nt">key</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">&lt;key inside secret&gt;</span>
 </code></pre></div>
 

main/provider-yandex-lockbox/index.html

@@ -1252,6 +1252,7 @@ for secret management.</p>
           <span class="nt">key</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">authorized-key</span>
 </code></pre></div></li>
 </ul>
+<p><strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> in all <code>authorizedKeySecretRef</code> with the namespace where the secret resides.</p>
 <h3 id="creating-external-secret">Creating external secret</h3>
 <p>To make External Secrets Operator sync a k8s secret with a Lockbox secret:</p>
 <ul>

main/snippets/provider-aws-access/index.html

@@ -1170,7 +1170,7 @@
 <h3 id="access-key-id-secret-access-key">Access Key ID &amp; Secret Access Key</h3>
 <p><img alt="SecretRef" src="./pictures/diagrams-provider-aws-auth-secret-ref.png" /></p>
 <p>You can store Access Key ID &amp; Secret Access Key in a <code>Kind=Secret</code> and reference it from a SecretStore.</p>
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
+<p><div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
 <span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
 <span class="nt">metadata</span><span class="p">:</span>
   <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">team-b-store</span>
@@ -1190,7 +1190,7 @@
             <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">awssm-secret</span>
             <span class="nt">key</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">secret-access-key</span>
 </code></pre></div>
-
+<strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> in <code>accessKeyIDSecretRef</code>, <code>secretAccessKeySecretRef</code>  with the namespaces where the secrets reside.</p>
 <h3 id="eks-service-account-credentials">EKS Service Account credentials</h3>
 <p><img alt="Service Account" src="./pictures/diagrams-provider-aws-auth-service-account.png" /></p>
 <p>This feature lets you use short-lived service account tokens to authenticate with AWS.
@@ -1219,7 +1219,8 @@ You must have <a href="https://kubernetes.io/docs/tasks/configure-pod-container/
         <span class="nt">jwt</span><span class="p">:</span>
           <span class="nt">serviceAccountRef</span><span class="p">:</span>
             <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">my-serviceaccount</span>
-</code></pre></div></p>
+</code></pre></div>
+<strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> for <code>serviceAccountRef</code> with the namespace where the service account resides.</p>
 
               
             </article>

main/snippets/vault-approle-store.yaml

@@ -21,5 +21,4 @@ spec:
           # Reference to a key in a K8 Secret that contains the App Role SecretId
           secretRef:
             name: "my-secret"
-            namespace: "secret-admin"
             key: "secret-id"

main/snippets/vault-jwt-store.yaml

@@ -19,5 +19,4 @@ spec:
           role: "vault-jwt-role"
           secretRef:
             name: "my-secret"
-            namespace: "secret-admin"
             key: "jwt-token"

main/snippets/vault-kubernetes-store.yaml

@@ -22,10 +22,8 @@ spec:
           # of a kubernetes ServiceAccount
           serviceAccountRef:
             name: "my-sa"
-            namespace: "secret-admin"
           # Optional secret field containing a Kubernetes ServiceAccount JWT
           #  used for authenticating with Vault
           secretRef:
             name: "my-secret"
-            namespace: "secret-admin"
             key: "vault"

main/snippets/vault-ldap-store.yaml

@@ -19,5 +19,4 @@ spec:
           username: "username"
           secretRef:
             name: "my-secret"
-            namespace: "secret-admin"
             key: "ldap-password"

main/snippets/vault-token-store.yaml

@@ -14,5 +14,4 @@ spec:
         # https://www.vaultproject.io/docs/auth/token
         tokenSecretRef:
           name: "my-secret"
-          namespace: "secret-admin"
           key: "vault-token"