fluxcd
/
source-controller
mirror of https://github.com/fluxcd/source-controller.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

docs: unify mTLS authentication section titles 

Update HelmRepository, OCIRepository, and Bucket documentation to use
"Mutual TLS Authentication" section titles instead of "Cert secret
reference". This improves discoverability of mTLS capabilities and
follows GitRepository's established pattern.

The previous generic titles obscured mutual TLS functionality, causing
users to miss this important security feature. Updated descriptions
explicitly mention mutual TLS authentication while maintaining all
existing YAML examples and technical accuracy.

Signed-off-by: cappyzawa <cappyzawa@gmail.com>
This commit is contained in:
cappyzawa 2025-07-30 23:03:51 +09:00
parent 93b9048706
commit a65166578d
No known key found for this signature in database
3 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/spec/v1/buckets.md
View File

@ -843,10 +843,13 @@ See [Provider](#provider) for more (provider specific) examples.
See [Provider](#provider) for more (provider specific) examples.
### Cert secret reference
### Mutual TLS Authentication
`.spec.certSecretRef.name` is an optional field to specify a secret containing
TLS certificate data. The secret can contain the following keys:
TLS certificate data for mutual TLS authentication.
To authenticate towards a bucket using mutual TLS,
the referenced Secret's `.data` should contain the following keys:
* `tls.crt` and `tls.key`, to specify the client certificate and private key used
for TLS client authentication. These must be used in conjunction, i.e.
@ -854,9 +857,6 @@ specifying one without the other will lead to an error.
* `ca.crt`, to specify the CA certificate used to verify the server, which is
required if the server is using a self-signed certificate.
If the server is using a self-signed certificate and has TLS client
authentication enabled, all three values are required.
The Secret should be of type `Opaque` or `kubernetes.io/tls`. All the files in
the Secret are expected to be [PEM-encoded][pem-encoding]. Assuming you have
three files; `client.key`, `client.crt` and `ca.crt` for the client private key,

10
docs/spec/v1/helmrepositories.md
View File

@ -439,10 +439,13 @@ deprecated. Please use [`.spec.certSecretRef`](#cert-secret-reference) instead.
If the controller uses the secret specified by this field to configure TLS, then
a deprecation warning will be logged.
### Cert secret reference
### Mutual TLS Authentication
`.spec.certSecretRef.name` is an optional field to specify a secret containing
TLS certificate data. The secret can contain the following keys:
TLS certificate data for mutual TLS authentication.
To authenticate towards a Helm repository using mutual TLS,
the referenced Secret's `.data` should contain the following keys:
* `tls.crt` and `tls.key`, to specify the client certificate and private key used
for TLS client authentication. These must be used in conjunction, i.e.
@ -450,9 +453,6 @@ specifying one without the other will lead to an error.
* `ca.crt`, to specify the CA certificate used to verify the server, which is
required if the server is using a self-signed certificate.
If the server is using a self-signed certificate and has TLS client
authentication enabled, all three values are required.
The Secret should be of type `Opaque` or `kubernetes.io/tls`. All the files in
the Secret are expected to be [PEM-encoded][pem-encoding]. Assuming you have
three files; `client.key`, `client.crt` and `ca.crt` for the client private key,

10
docs/spec/v1/ocirepositories.md
View File

@ -287,10 +287,13 @@ provide a `secretRef` nor `serviceAccountName`.
For a complete guide on how to set up authentication for cloud providers,
see the integration [docs](/flux/integrations/).
### Cert secret reference
### Mutual TLS Authentication
`.spec.certSecretRef.name` is an optional field to specify a secret containing
TLS certificate data. The secret can contain the following keys:
TLS certificate data for mutual TLS authentication.
To authenticate towards an OCI repository using mutual TLS,
the referenced Secret's `.data` should contain the following keys:
* `tls.crt` and `tls.key`, to specify the client certificate and private key used
for TLS client authentication. These must be used in conjunction, i.e.
@ -298,9 +301,6 @@ specifying one without the other will lead to an error.
* `ca.crt`, to specify the CA certificate used to verify the server, which is
required if the server is using a self-signed certificate.
If the server is using a self-signed certificate and has TLS client
authentication enabled, all three values are required.
The Secret should be of type `Opaque` or `kubernetes.io/tls`. All the files in
the Secret are expected to be [PEM-encoded][pem-encoding]. Assuming you have
three files; `client.key`, `client.crt` and `ca.crt` for the client private key,