(DOCSP-32525) Fixes types and adds refs to cert-manager doc. (#1428)

erabil-mdb · jwilliams-mongo · commit e664d1b4334c · 2025-04-14T17:11:22.000-05:00
diff --git a/source/includes/steps-configure-cert-manager-integration.yaml b/source/includes/steps-configure-cert-manager-integration.yaml
@@ -71,12 +71,14 @@ content: |
 
   Create a ConfigMap containing your |certauth|. It must have two 
   fields, ``ca-pem`` and ``mms-ca.crt``, both pointing to your
+  |certauth| certificate. Replace ``<CA-certificate>`` with the path to your 
   |certauth| certificate.
 
+
   .. code-block:: sh
 
-     kubectl create cm ca-issuer --from-literal=ca-pem=<CA-certificate> \
-     --from-literal=mms-ca.crt=<CA-certificate>
+     kubectl create cm ca-issuer --from-file=ca-pem=<CA-certificate> \
+     --from-file=mms-ca.crt=<CA-certificate>
 
 ---
 
@@ -114,7 +116,7 @@ content: |
           issuerRef:
             name: ca-issuer
           renewBefore: 120h0m0s
-          secretName: mdb-my-replica-set-agent-certs
+          secretName: mdb-my-replica-set-cert
           usages:
           - server auth
           - client auth
@@ -142,7 +144,11 @@ content: |
           issuerRef:
             name: ca-issuer
           renewBefore: 120h0m0s
-          secretName: agent-certs
+          secretName: mdb-my-replica-set-agent-certs
+          usages:
+          - digital signature
+          - key encipherment
+          - client auth          
           subject:
             countries:
             - US
@@ -154,10 +160,6 @@ content: |
             - cluster.local-agent
             provinces:
             - NY
-            usages:
-            - digital signature
-            - key encipherment
-            - client auth
 
   #. Create the MongoDB resource:
 
diff --git a/source/includes/use-cert-manager.rst b/source/includes/use-cert-manager.rst
@@ -0,0 +1,3 @@
+.. note::
+
+   To automate certificate renewal for |onprem| deployments, consider setting up the :ref:`cert-manager integration <cert-manager-integration>`.
diff --git a/source/tutorial/create-x509-client-certs.txt b/source/tutorial/create-x509-client-certs.txt
@@ -25,6 +25,8 @@ to connect to your X.509-enabled MongoDB deployment.
 
 .. include:: /includes/facts/fact-if-use-vault.rst
 
+.. include:: /includes/use-cert-manager.rst
+
 Prerequisites
 -------------
 
diff --git a/source/tutorial/secure-x509-auth.txt b/source/tutorial/secure-x509-auth.txt
@@ -52,6 +52,8 @@ Renew X.509 Certificates for a Replica Set
 If you have already created certificates, we recommend that you renew
 them periodically using the following procedure.
 
+.. include:: /includes/use-cert-manager.rst
+
 .. include:: /includes/steps/deploy-k8s-rs-x509-custom-renew.rst
 
 
@@ -75,5 +77,7 @@ Renew X.509 Certificates for a Sharded Cluster
 If you have already created certificates, we recommend that you renew
 them periodically using the following procedure.
 
+.. include:: /includes/use-cert-manager.rst
+
 .. include:: /includes/steps/deploy-k8s-sc-x509-custom-renew.rst
 

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+.. note::`
	`2`	`+`
	`3`	+ To automate certificate renewal for \|onprem\| deployments, consider setting up the :ref:`cert-manager integration <cert-manager-integration>`.