(DOCSP-34619) Updates workaround with POC steps. (#1527)

* (DOCSP-34619) Updates workaround with POC steps.

* Revises per tech review.

Author: erabil-mdb

source/multi-cluster-arch.txt

@@ -56,7 +56,7 @@ The following limitations exist for |multi-clusters|:
   :ref:`MongoDBOpsManager <k8s-om-specification>` and 
   :ref:`MongoDB <k8s-specification>` custom resources, 
   you must manually configure |kmip| backup encryption client settings in |onprem|. 
-  To learn more, see :ref:`kmip-workaround`.   
+  To learn more, see :ref:`kmip-manual-procedure`.   
 - Don't add a :github:`ServiceMonitor</prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/getting-started.md#related-resources>`
   to your |mongodb-multis|. The |k8s-op-short| doesn't support integration with Prometheus.
 

source/tutorial/configure-kmip-backup-encryption.txt

@@ -20,10 +20,10 @@ For deployments where the same |k8s-op-short| instance is not managing both the
 :ref:`MongoDB <k8s-specification>` custom resources, 
 you must manually configure |kmip| 
 backup encryption client settings in the 
-:ref:`MongoDBOpsManager <k8s-om-specification>` custom resource. 
+:ref:`MongoDBOpsManager <k8s-om-specification>` custom resource.
 This requirement involves including client certificates for each MongoDB database, 
 which you can achieve by overriding the |onprem| Pod's StatefulSet to mount 
-the certificates. To learn more, see :ref:`kmip-workaround`.
+the certificates. To learn more, see :ref:`kmip-manual-procedure`.
 
 Procedure
 ---------

source/tutorial/plan-om-resource.txt

@@ -6,6 +6,10 @@ Plan Your Ops Manager Resource
 
 .. default-domain:: mongodb
 
+.. facet::
+   :name: genre
+   :values: reference
+
 .. contents:: On this page
    :local:
    :backlinks: none
@@ -277,7 +281,7 @@ To disable backup after you enabled it:
    To learn about reclaiming |k8s-pvs|, see the
    :k8sdocs:`Kubernetes documentation </concepts/storage/persistent-volumes/#reclaiming>`.
 
-.. _kmip-workaround:
+.. _kmip-manual-procedure:
 
 Manually Configure KMIP Backup Encryption
 +++++++++++++++++++++++++++++++++++++++++
@@ -289,16 +293,43 @@ you must manually configure |kmip| backup encryption client settings in |onprem|
 using the following procedure. If the |k8s-op-short| *is* managing both resources, 
 see :ref:`configure-kmip-backup-encryption` instead.
 
-1. Get the absolute path to the |kmip| client certificate for each MongoDB 
-   :ref:`project <projects-page-admin-ui>` in your deployment. All deployments 
-   in the project use the same |kmip| client certificate file to authenticate 
-   to the |kmip| server.
+Prerequisites
+#############
+
+- A running |kmip| server.
+- A running |onprem| instance, `configured to use KMIP <https://www.mongodb.com/docs/kubernetes-operator/master/tutorial/configure-kmip-backup-encryption/#configure-the-onprem-custom-resource-to-use-kmip-backup-encryption>`__.
+- A |tls| secret that :ref:`concatenates the private key and the KMIP client certificate in PEM format <client-cert-kmip>`.
+
+Procedure
+#########
 
-2. Mount the |kmip| client certificates to |onprem| by overriding the 
-   |k8s-statefulset|.
+1. Mount the |tls| secret to the :ref:`MongoDBOpsManager <k8s-om-specification>` custom resource. For example:
+
+   .. code-block:: yaml
+ 
+      apiVersion: mongodb.com/v1
+      kind: MongoDBOpsManager
+      metadata:
+        name: ops-manager-pod-spec
+      spec:
+        < ... omitted ... >
+        statefulSet:
+          spec:
+            template:
+              spec:
+                volumes:
+                - name: kmip-client-test-prefix-mdb-latest-kmip-client
+                  secretName: test-prefix-mdb-latest-kmip-client
+                containers:
+                  - name: mongodb-ops-manager
+                    volumeMounts:
+                    - mountPath: /mongodb-ops-manager/kmip/client/test-prefix-mdb-latest-kmip-client
+                      name: kmip-client-test-prefix-mdb-latest-kmip-client
+                      readOnly: true
+        ...
 
-3. Configure the |kmip| settings for your project in |onprem|. To learn more, 
-   see :ref:`configure-group-kmip`.
+2. Configure the |kmip| settings for your project in |onprem| following the procedure 
+   in :ref:`configure-group-kmip`.
 
 .. _config-https: