From e72ec8fbd0463cc4dc885025b02e6348d9e983e3 Mon Sep 17 00:00:00 2001
From: Charly Rippenkroeger <36778983+CharlyRipp@users.noreply.github.com>
Date: Fri, 8 Jan 2021 13:40:07 -0600
Subject: [PATCH 1/2] Update misleading documentation

Update misleading information that HTTPS is required and link to self-documented code to find more edge-case configuration options
---
 .../en/docs/reference/access-authn-authz/authentication.md    | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/content/en/docs/reference/access-authn-authz/authentication.md b/content/en/docs/reference/access-authn-authz/authentication.md
index c385a15fda..da1dcfd6f0 100644
--- a/content/en/docs/reference/access-authn-authz/authentication.md
+++ b/content/en/docs/reference/access-authn-authz/authentication.md
@@ -457,7 +457,7 @@ clusters:
   - name: name-of-remote-authn-service
     cluster:
       certificate-authority: /path/to/ca.pem         # CA for verifying the remote service.
-      server: https://authn.example.com/authenticate # URL of remote service to query. Must use 'https'.
+      server: https://authn.example.com/authenticate # URL of remote service to query. 'https' recommended for production.
 
 # users refers to the API server's webhook configuration.
 users:
@@ -475,6 +475,8 @@ contexts:
   name: webhook
 ```
 
+Refer to [Cluster Struct](https://github.com/kubernetes/kubernetes/blob/2b8cac754c88900ea3ad91d6c3f0997b602a3051/staging/src/k8s.io/client-go/tools/clientcmd/api/v1/types.go#L63) for more configuration options.
+
 When a client attempts to authenticate with the API server using a bearer token as discussed [above](#putting-a-bearer-token-in-a-request),
 the authentication webhook POSTs a JSON-serialized `TokenReview` object containing the token to the remote service.
 

From 7347a9d008d593b9b04b2ff251d6e7c4e99f89f2 Mon Sep 17 00:00:00 2001
From: Charly Rippenkroeger <36778983+CharlyRipp@users.noreply.github.com>
Date: Mon, 11 Jan 2021 11:57:32 -0600
Subject: [PATCH 2/2] Remove code reference

Remove reference in favor of https://github.com/kubernetes/website/issues/23889
---
 content/en/docs/reference/access-authn-authz/authentication.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/content/en/docs/reference/access-authn-authz/authentication.md b/content/en/docs/reference/access-authn-authz/authentication.md
index da1dcfd6f0..41a4054783 100644
--- a/content/en/docs/reference/access-authn-authz/authentication.md
+++ b/content/en/docs/reference/access-authn-authz/authentication.md
@@ -475,8 +475,6 @@ contexts:
   name: webhook
 ```
 
-Refer to [Cluster Struct](https://github.com/kubernetes/kubernetes/blob/2b8cac754c88900ea3ad91d6c3f0997b602a3051/staging/src/k8s.io/client-go/tools/clientcmd/api/v1/types.go#L63) for more configuration options.
-
 When a client attempts to authenticate with the API server using a bearer token as discussed [above](#putting-a-bearer-token-in-a-request),
 the authentication webhook POSTs a JSON-serialized `TokenReview` object containing the token to the remote service.