fluxcd
/
source-controller
mirror of https://github.com/fluxcd/source-controller.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1857 from cappyzawa/docs/mtls-documentation-unification 

docs: unify mTLS authentication section titles
This commit is contained in:
Matheus Pimenta 2025-07-31 14:02:27 +01:00 committed by GitHub
parent 93b9048706 a65166578d
commit 44098cfd2f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/spec/v1/buckets.md
View File

@ -843,10 +843,13 @@ See [Provider](#provider) for more (provider specific) examples.
See [Provider](#provider) for more (provider specific) examples.
### Cert secret reference
### Mutual TLS Authentication
`.spec.certSecretRef.name` is an optional field to specify a secret containing
TLS certificate data. The secret can contain the following keys:
TLS certificate data for mutual TLS authentication.
To authenticate towards a bucket using mutual TLS,
the referenced Secret's `.data` should contain the following keys:
* `tls.crt` and `tls.key`, to specify the client certificate and private key used
for TLS client authentication. These must be used in conjunction, i.e.
@ -854,9 +857,6 @@ specifying one without the other will lead to an error.
* `ca.crt`, to specify the CA certificate used to verify the server, which is
required if the server is using a self-signed certificate.
If the server is using a self-signed certificate and has TLS client
authentication enabled, all three values are required.
The Secret should be of type `Opaque` or `kubernetes.io/tls`. All the files in
the Secret are expected to be [PEM-encoded][pem-encoding]. Assuming you have
three files; `client.key`, `client.crt` and `ca.crt` for the client private key,

10
docs/spec/v1/helmrepositories.md
View File

@ -439,10 +439,13 @@ deprecated. Please use [`.spec.certSecretRef`](#cert-secret-reference) instead.
If the controller uses the secret specified by this field to configure TLS, then
a deprecation warning will be logged.
### Cert secret reference
### Mutual TLS Authentication
`.spec.certSecretRef.name` is an optional field to specify a secret containing
TLS certificate data. The secret can contain the following keys:
TLS certificate data for mutual TLS authentication.
To authenticate towards a Helm repository using mutual TLS,
the referenced Secret's `.data` should contain the following keys:
* `tls.crt` and `tls.key`, to specify the client certificate and private key used
for TLS client authentication. These must be used in conjunction, i.e.
@ -450,9 +453,6 @@ specifying one without the other will lead to an error.
* `ca.crt`, to specify the CA certificate used to verify the server, which is
required if the server is using a self-signed certificate.
If the server is using a self-signed certificate and has TLS client
authentication enabled, all three values are required.
The Secret should be of type `Opaque` or `kubernetes.io/tls`. All the files in
the Secret are expected to be [PEM-encoded][pem-encoding]. Assuming you have
three files; `client.key`, `client.crt` and `ca.crt` for the client private key,

10
docs/spec/v1/ocirepositories.md
View File

@ -287,10 +287,13 @@ provide a `secretRef` nor `serviceAccountName`.
For a complete guide on how to set up authentication for cloud providers,
see the integration [docs](/flux/integrations/).
### Cert secret reference
### Mutual TLS Authentication
`.spec.certSecretRef.name` is an optional field to specify a secret containing
TLS certificate data. The secret can contain the following keys:
TLS certificate data for mutual TLS authentication.
To authenticate towards an OCI repository using mutual TLS,
the referenced Secret's `.data` should contain the following keys:
* `tls.crt` and `tls.key`, to specify the client certificate and private key used
for TLS client authentication. These must be used in conjunction, i.e.
@ -298,9 +301,6 @@ specifying one without the other will lead to an error.
* `ca.crt`, to specify the CA certificate used to verify the server, which is
required if the server is using a self-signed certificate.
If the server is using a self-signed certificate and has TLS client
authentication enabled, all three values are required.
The Secret should be of type `Opaque` or `kubernetes.io/tls`. All the files in
the Secret are expected to be [PEM-encoded][pem-encoding]. Assuming you have
three files; `client.key`, `client.crt` and `ca.crt` for the client private key,