CMA Update token example

nodes/cma/nodes-cma-autoscaling-custom-trigger-auth.adoc

@@ -15,47 +15,50 @@ Alternatively, to share credentials between objects in multiple namespaces, you
 
 Trigger authentications and cluster trigger authentication use the same configuration. However, a cluster trigger authentication requires an additional `kind` parameter in the authentication reference of the scaled object.
 
-.Example trigger authentication that uses a bound service account token
+.Example secret for Basic authentication
 [source,yaml]
 ----
-kind: TriggerAuthentication
-apiVersion: keda.sh/v1alpha1
+apiVersion: v1
+kind: Secret
 metadata:
-  name: secret-triggerauthentication
-  namespace: my-namespace <1>
-spec:
-  boundServiceAccountToken: <2>
-    - parameter: bearerToken
-      serviceAccountName: thanos <3>
+  name: my-basic-secret
+  namespace: default
+data:
+  username: "dXNlcm5hbWU=" <1>
+  password: "cGFzc3dvcmQ="
 ----
-<1> Specifies the namespace of the object you want to scale.
-<2> Specifies that this trigger authentication uses a bound service account token for authorization when connecting to the metrics endpoint.
-<3> Specifies the name of the service account to use.
+<1> User name and password to supply to the trigger authentication. The values in a `data` stanza must be base-64 encoded.
 
-.Example cluster trigger authentication that uses a bound service account token
+.Example trigger authentication using a secret for Basic authentication
 [source,yaml]
 ----
-kind: ClusterTriggerAuthentication
+kind: TriggerAuthentication
 apiVersion: keda.sh/v1alpha1
 metadata:
-  name: bound-service-account-token-triggerauthentication <1>
+  name: secret-triggerauthentication
+  namespace: my-namespace <1>
 spec:
-  boundServiceAccountToken: <2>
-    - parameter: bearerToken
-      serviceAccountName: thanos <3>
+  secretTargetRef: <2>
+  - parameter: username <3>
+    name: my-basic-secret <4>
+    key: username <5>
+  - parameter: password
+    name: my-basic-secret
+    key: password
 ----
 <1> Specifies the namespace of the object you want to scale.
-<2> Specifies that this cluster trigger authentication uses a bound service account token for authorization when connecting to the metrics endpoint.
-<3> Specifies the name of the service account to use.
+<2> Specifies that this trigger authentication uses a secret for authorization when connecting to the metrics endpoint.
+<3> Specifies the authentication parameter to supply by using the secret.
+<4> Specifies the name of the secret to use.
+<5> Specifies the key in the secret to use with the specified parameter.
 
-.Example trigger authentication that uses a secret for Basic authentication
+.Example cluster trigger authentication with a secret for Basic authentication
 [source,yaml]
 ----
-kind: TriggerAuthentication
+kind: ClusterTriggerAuthentication
 apiVersion: keda.sh/v1alpha1
-metadata:
-  name: secret-triggerauthentication
-  namespace: my-namespace <1>
+metadata: <1>
+  name: secret-cluster-triggerauthentication
 spec:
   secretTargetRef: <2>
   - parameter: username <3>
@@ -65,27 +68,29 @@ spec:
     name: my-basic-secret
     key: password
 ----
-<1> Specifies the namespace of the object you want to scale.
+<1> Note that no namespace is used with a cluster trigger authentication.
 <2> Specifies that this trigger authentication uses a secret for authorization when connecting to the metrics endpoint.
 <3> Specifies the authentication parameter to supply by using the secret.
-<4> Specifies the name of the secret to use. See the following example secret for Basic authentication.
+<4> Specifies the name of the secret to use.
 <5> Specifies the key in the secret to use with the specified parameter.
 
-.Example secret for Basic authentication
+.Example secret with certificate authority (CA) details
 [source,yaml]
 ----
 apiVersion: v1
 kind: Secret
 metadata:
-  name: my-basic-secret
-  namespace: default
-data:
-  username: "dXNlcm5hbWU=" <1>
-  password: "cGFzc3dvcmQ="
+  name: my-secret
+  namespace: my-namespace
+data: 
+  ca-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0... <1>
+  client-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0... <2>
+  client-key.pem: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0t...
 ----
-<1> User name and password to supply to the trigger authentication. The values in the `data` stanza must be base-64 encoded.
+<1> Specifies the TLS CA Certificate for authentication of the metrics endpoint. The value must be base-64 encoded.
+<2> Specifies the TLS certificates and key for TLS client authentication. The values must be base-64 encoded.
 
-.Example trigger authentication that uses a secret for CA details
+.Example trigger authentication using a secret for CA details
 [source,yaml]
 ----
 kind: TriggerAuthentication
@@ -108,10 +113,10 @@ spec:
 <4> Specifies the name of the secret to use.
 <5> Specifies the key in the secret to use with the specified parameter.
 <6> Specifies the authentication parameter for a custom CA when connecting to the metrics endpoint.
-<7> Specifies the name of the secret to use. See the following example secret with certificate authority (CA) details.
+<7> Specifies the name of the secret to use.
 <8> Specifies the key in the secret to use with the specified parameter.
 
-.Example secret with certificate authority (CA) details
+.Example secret with a bearer token
 [source,yaml]
 ----
 apiVersion: v1
@@ -120,14 +125,11 @@ metadata:
   name: my-secret
   namespace: my-namespace
 data: 
-  ca-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0... <1>
-  client-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0... <2>
-  client-key.pem: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0t...
+  bearerToken: "dG9rZW4=..." <1>
 ----
-<1> Specifies the TLS CA Certificate for authentication of the metrics endpoint. The value must be base-64 encoded.
-<2> Specifies the TLS certificates and key for TLS client authentication. The values must be base-64 encoded.
+<1> Specifies a bearer token to use with bearer authentication. The value in a `data` stanza must be base-64 encoded.
 
-.Example trigger authentication that uses a bearer token
+.Example trigger authentication with a bearer token
 [source,yaml]
 ----
 kind: TriggerAuthentication
@@ -144,23 +146,10 @@ spec:
 <1> Specifies the namespace of the object you want to scale.
 <2> Specifies that this trigger authentication uses a secret for authorization when connecting to the metrics endpoint.
 <3> Specifies the type of authentication to use.
-<4> Specifies the name of the secret to use. See the following example secret for a bearer token.
+<4> Specifies the name of the secret to use.
 <5> Specifies the key in the token to use with the specified parameter.
 
-.Example secret for a bearer token
-[source,yaml]
-----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: my-secret
-  namespace: my-namespace
-data: 
-  bearerToken: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV" <1>
-----
-<1> Specifies a bearer token to use with bearer authentication. The value must be base-64 encoded.
-
-.Example trigger authentication that uses an environment variable
+.Example trigger authentication with an environment variable
 [source,yaml]
 ----
 kind: TriggerAuthentication
@@ -180,7 +169,7 @@ spec:
 <4> Specify the name of the environment variable.
 <5> Optional: Specify a container that requires authentication. The container must be in the same resource as referenced by `scaleTargetRef` in the scaled object.
 
-.Example trigger authentication that uses pod authentication providers
+.Example trigger authentication with pod authentication providers
 [source,yaml]
 ----
 kind: TriggerAuthentication
@@ -200,8 +189,7 @@ spec:
 // ifndef::openshift-rosa,openshift-dedicated[]
 .Additional resources
 
-* xref:../../authentication/understanding-and-creating-service-accounts.adoc#understanding-service-accounts[Understanding and creating service accounts]
-* xref:../../nodes/pods/nodes-pods-secrets.adoc#nodes-pods-secrets[Providing sensitive data to pods].
+* For information about {product-title} secrets, see xref:../../nodes/pods/nodes-pods-secrets.adoc#nodes-pods-secrets[Providing sensitive data to pods].
 // endif::openshift-rosa,openshift-dedicated[]
 
 include::modules/nodes-cma-autoscaling-custom-trigger-auth-using.adoc[leveloffset=+1]