Deployed 16f27f4 to main with MkDocs 1.2.3 and mike 1.1.2

main/provider-kubernetes/index.html

@@ -1068,8 +1068,8 @@
       <ul class="md-nav__list">
         
           <li class="md-nav__item">
-  <a href="#in-cluster-secrets-using-client-certificates" class="md-nav__link">
-    In-cluster secrets using Client certificates
+  <a href="#in-cluster-secrets-using-a-token" class="md-nav__link">
+    In-cluster secrets using a Token
   </a>
   
 </li>
@@ -1446,8 +1446,8 @@
       <ul class="md-nav__list">
         
           <li class="md-nav__item">
-  <a href="#in-cluster-secrets-using-client-certificates" class="md-nav__link">
-    In-cluster secrets using Client certificates
+  <a href="#in-cluster-secrets-using-a-token" class="md-nav__link">
+    In-cluster secrets using a Token
   </a>
   
 </li>
@@ -1485,50 +1485,42 @@
 
 <p>External Secrets Operator allows to retrieve in-cluster secrets or from a remote Kubernetes Cluster.</p>
 <h3 id="authentication">Authentication</h3>
-<p>It's possible to authenticate against the Kubernetes API using client certificates, a bearer token or a service account (not implemented yet). The operator enforces that exactly one authentication method is used.</p>
+<p>It's possible to authenticate against the Kubernetes API using client certificates or a bearer token. Authentication using a service account has not yet been implemented. The operator enforces that exactly one authentication method is used.</p>
 <p><strong>NOTE:</strong> <code>SelfSubjectAccessReview</code> permission is required for the service account in order to validation work properly.</p>
 <h2 id="example">Example</h2>
-<h3 id="in-cluster-secrets-using-client-certificates">In-cluster secrets using Client certificates</h3>
+<h3 id="in-cluster-secrets-using-a-token">In-cluster secrets using a Token</h3>
 <ol>
-<li>Create a K8s Secret with the encoded base64 ca and client certificates</li>
+<li>Create a K8s Secret with a client token for the default service account</li>
 </ol>
 <p><div class="highlight"><pre><span></span><code>apiVersion: v1
 kind: Secret
 metadata:
-  name: cluster-secrets
-data:
-  # Fill with your encoded base64 CA
-  certificate-authority-data: Cg==
-  # Fill with your encoded base64 Certificate
-  client-certificate-data: Cg==
-  # Fill with your encoded base64 Key
-  client-key-data: Cg==
+  name: mydefaulttoken
+  annotations:
+    kubernetes.io/service-account.name: default
+type: kubernetes.io/service-account-token
 </code></pre></div>
 2. Create a SecretStore</p>
-<p>The Servers <code>url</code> won't be present as it will default to <code>kubernetes.default</code>, add a proper value if needed. In this example the Certificate Authority is fetch using the referenced <code>caProvider</code>.</p>
-<p>The <code>auth</code> section indicates that the type <code>cert</code>  will be used for authentication, it includes the path to fetch the client certificate and key.</p>
+<p>The Servers <code>url</code> won't be present as it will default to <code>kubernetes.default</code>, add a proper value if needed. In this example the Certificate Authority is fetched using the referenced <code>caProvider</code>.</p>
+<p>The <code>auth</code> section indicates that the type <code>token</code> will be used for authentication, it includes the path to fetch the token. Set <code>remoteNamespace</code> to the name of the namespace where your target secrets reside.</p>
 <p><div class="highlight"><pre><span></span><code>apiVersion: external-secrets.io/v1beta1
 kind: SecretStore
 metadata:
   name: example
 spec:
   provider:
-      kubernetes: 
-        server: 
-          # referenced caProvider
-          caProvider: 
-            type: Secret
-            name : cluster-secrets
-            key: certificate-authority-data
+    kubernetes:
+      server: 
+        caProvider: 
+          type: Secret
+          name: mydefaulttoken
+          key: ca.crt
         auth:
-          # referenced client certificates
-          cert:
-            clientCert: 
-                name: cluster-secrets
-                key: certificate
-            clientKey: 
-                name: cluster-secrets
-                key: key
+          token:
+            bearerToken: 
+              name: mydefaulttoken
+              key: token
+        remoteNamespace: default
 </code></pre></div>
 3. Create the local secret that will be synced </p>
 <p><div class="highlight"><pre><span></span><code>---