(DOCSP-32238) Name CA file ca-pem always (#1451)

JuliaMongo · web-flow · commit e66fbe782593 · 2023-09-15T15:56:33.000-04:00
* (DOCSP-32238) Name CA file ca-pem always * Made the necessary changes in all files that mention different tls.ca certs * Edits, capitalization, fixing minor inconsistencies
diff --git a/source/includes/options-k8s-shared.yaml b/source/includes/options-k8s-shared.yaml
@@ -23,7 +23,7 @@ type: string
 directive: setting
 optional: false
 description: |
-  Name of the |k8s-mdbrsc| you are creating.
+  Name of the |k8s-mdbrsc| that you create.
 
   .. include:: /includes/fact-resource-name-char-limit.rst
 
@@ -34,8 +34,8 @@ type: string
 directive: setting
 optional: true
 description: |
-  |k8s| |k8s-ns| where this |k8s-mdbrsc| and other
-  |k8s-objs| are created.
+  |k8s| |k8s-ns| where you create this |k8s-mdbrsc| and other
+  |k8s-objs|.
 
 ---
 program: _shared
@@ -57,7 +57,7 @@ type: string
 directive: setting
 optional: false
 description: |
-  Version of MongoDB that is installed on this |k8s-mdbrsc|.
+  Version of MongoDB that you installed on this |k8s-mdbrsc|.
 
   .. include:: /includes/admonitions/ubi-8-min-db-versions.rst
 
@@ -657,7 +657,15 @@ type: string
 directive: setting
 optional: true
 description: |
-  Provide the name of the |k8s-configmap| that stores the |certauth|.
+  Provide the name of the |k8s-configmap| that stores the |certauth| for the |k8s-mdbrsc|.
+
+  .. important::
+
+     If you use a custom |certauth| to sign your |tls| certificates for the |k8s-mdbrsc|,
+     you must specify this parameter.
+
+     The |k8s-op-short| requires that you name the
+     |k8s-mdbrsc| certificate ``ca-pem`` in the ConfigMap.
 
 ---
 program: _shared
@@ -730,13 +738,13 @@ description: |
   .. important::
 
      The |k8s-op-short| manages authentication for this MongoDB
-     resource if you include this setting, even if it is set to
+     resource if you include this setting, even if it's set to
      ``false``. You can't configure authentication for this
-     resource using the |com| user interface  or APIs while this
-     setting exists in the resource specification.
+     resource using the |com| UI  or APIs while this setting
+     exists in the resource specification.
 
      Omit this setting if you want to manage authentication using the
-     |com| user interface or APIs.
+     |com| UI or APIs.
 
 ---
 program: _shared
@@ -751,7 +759,7 @@ description: |
   |tls| certificate. Defaults to ``true`` if you enable |tls|
   authentication.
   
-  To enable |tls| authentication, provide a value 
+  To enable |tls| authentication, provide a value for the :setting:`spec.security.certsSecretPrefix` setting.
 
 ---
 program: _shared
diff --git a/source/includes/prereqs/custom-ca-prereqs-rs-tls-only.rst b/source/includes/prereqs/custom-ca-prereqs-rs-tls-only.rst
@@ -19,7 +19,7 @@
 
   .. include:: /includes/prereqs/mdbagent-reqs.rst
 
-- You must possess the |certauth| certificate and the key that you used to 
-  sign your |tls| certificates.
+- You must have the |certauth| certificate file and name it ``ca-pem``.
+- You must have the key that you used to sign your |tls| certificates.
 
 .. include:: /includes/prereqs/pem-format.rst
diff --git a/source/includes/steps-deploy-k8s-opsmgr-https.yaml b/source/includes/steps-deploy-k8s-opsmgr-https.yaml
@@ -39,11 +39,10 @@ ref: validate-tls-cert
 content: |
 
   If your |onprem| |tls| certificate or your application database 
-  |tls| certificate is signed by a Custom Certificate
-  Authority, you must provide a :abbr:`CA (Certificate Authority)`
-  certificate to validate the |tls| certificate(s). To validate the
-  |tls| certificate(s), create a |k8s-configmap| to hold the
-  :abbr:`CA (Certificate Authority)` certificate:
+  |tls| certificate is signed by a custom |certauth|, you must provide a
+  :abbr:`CA (Certificate Authority)` certificate to validate the |tls|
+  certificate(s). To validate the |tls| certificate(s), create a
+  |k8s-configmap| to hold the |certauth| certificate:
 
   .. warning::
 
@@ -211,13 +210,13 @@ content: |
         - string
         - Name of the |k8s-configmap| you created to verify your
           |onprem| |tls|
-          certificates signed using a Custom Certificate Authority.
+          certificates signed using a custom |certauth|.
 
           .. important::
 
              This field is required if you signed your 
              |onprem| |tls|
-             certificates using a Custom Certificate Authority.
+             certificates using a custom |certauth|.
 
         - ``om-http-cert-ca``
 
@@ -314,13 +313,13 @@ content: |
         - string
         - Name of the |k8s-configmap| you created to verify your
           application database |tls|
-          certificates signed using a Custom Certificate Authority.
+          certificates signed using a custom |certauth|.
 
           .. important::
 
              This field is required if you signed your 
              application database |tls|
-             certificates using a Custom Certificate Authority.
+             certificates using a custom |certauth|.
 
         - ``ca``
 
@@ -770,8 +769,8 @@ content: |
   - Set ``data.sslMMSCAConfigMap`` to the name of your
     |k8s-configmap| containing the root
     :abbr:`CA (Certificate Authority)` certificate used to sign the
-    |onprem| host's certificate. The |k8s-op-short| requires this name to be
-    ``mms-ca.crt``.
+    |onprem| host's certificate. The |k8s-op-short| requires that you name
+    this |onprem| resource's certificate ``mms-ca.crt`` in the ConfigMap.
 
 ---
 title: "Deploy MongoDB database resources to complete the backup configuration."
diff --git a/source/includes/steps-multi-cluster-source.yaml b/source/includes/steps-multi-cluster-source.yaml
@@ -400,13 +400,15 @@ ref: create-k8s-mc-tls-configmap
 title: "Create the ConfigMap to link your CA with your |mongodb-multi|."
 level: 4
 content: |
-   Run the ``kubectl`` command to link your |certauth| to your |mongodb-multi|:
+   Run the ``kubectl`` command to link your |certauth| to your |mongodb-multi|.
+   Specify the |certauth| certificate file that you must always name
+   ``ca-pem`` for the |mongodb-multi|:
 
    .. code-block:: sh
 
       kubectl --context $MDB_CENTRAL_CLUSTER_FULL_NAME \
         --namespace=<metadata.namespace> \
-        create configmap custom-ca -from-file=ca-pem
+        create configmap custom-ca -from-file=ca-pem=<your-custom-ca-file>
 
 ---
 stepnum: 0
diff --git a/source/includes/steps-source-configmap-secure.yaml b/source/includes/steps-source-configmap-secure.yaml
@@ -1,13 +1,13 @@
 ---
-title: "Create a ConfigMap for the Certificate Authority certificate."
+title: "Create a ConfigMap for the certificate authority (CA) certificate."
 stepnum: 1
 level: 4
 ref: create-configmap-ca
 content: |
   The |k8s-op-short| requires the root |certauth| certificate of the
-  Certificate Authority that issued the |mms| host's certificate. Run
-  the following command to create a |k8s-configmap| containing the root
-  CA certificate in the same namespace of your database pods:
+  |certauth| that issued the |mms| host's certificate. Run the following
+  command to create a |k8s-configmap| containing the root |certauth| in the
+  same namespace of your database Pods:
 
   .. code-block:: sh
 
@@ -16,8 +16,8 @@ content: |
 
   .. important::
 
-     The |k8s-op-short| requires that the certificate is named
-     ``mms-ca.crt`` in the ConfigMap.
+     The |k8s-op-short| requires that you name the |onprem| resource's
+     certificate ``mms-ca.crt`` in the ConfigMap.
 ---
 title: "Copy the following example ConfigMap."
 stepnum: 0
@@ -101,10 +101,10 @@ content: |
 
      kubectl describe configmaps <myconfigmap> -n <metadata.namespace>
 
-  .. admonition:: *Always include the namespace option with* ``kubectl``
-     :class: important
+  .. important::
 
-     |kubectl| defaults to an empty namespace if you do not specify the
+     Always include the namespace option with ``kubectl``.
+     |kubectl| defaults to an empty namespace if you don't specify the
      ``-n`` option, resulting in deployment failures. You must specify
      the value of the ``<metadata.namespace>`` field. The
      |k8s-op-short|, |k8s-secret|, and |k8s-mdbrsc|\s should run in the
@@ -129,11 +129,12 @@ content: |
 
      kubectl describe configmaps <my-configmap> -n <metadata.namespace>
 
-  .. admonition:: *Always include the namespace option with* ``kubectl``
-     :class: important
+  .. important::
 
-     |kubectl| defaults to an empty namespace if you do not specify the
-     ``-n`` option, resulting in deployment failures. The
+     Always include the namespace option with ``kubectl``.
+     |kubectl| defaults to an empty namespace if you don't specify the
+     ``-n`` option, resulting in deployment failures. You must specify
+     the value of the ``<metadata.namespace>`` field. The
      |k8s-op-short|, |k8s-secret|, and |k8s-mdbrsc|\s should run in the
      same unique namespace.
 
diff --git a/source/includes/steps-source-deploy-k8s-resource.yaml b/source/includes/steps-source-deploy-k8s-resource.yaml
@@ -1,13 +1,13 @@
 ---
-title: "Create a ConfigMap for the Certificate Authority certificate."
+title: "Create a ConfigMap for the certificate authority (CA) certificate."
 stepnum: 0
 level: 4
 ref: create-configmap-ca
 content: |
   The |k8s-op-short| requires the root |certauth| certificate of the
-  Certificate Authority that issued the |mms| host's certificate. Run
+  custom |certauth| that issued the |mms| host's certificate. Run
   the following command to create a |k8s-configmap| containing the root
-  CA certificate in the same namespace of your database pods:
+  |certauth| certificate in the same namespace of your database pods:
 
   .. code-block:: sh
 
@@ -16,8 +16,8 @@ content: |
 
   .. important::
 
-     The |k8s-op-short| requires that the certificate is named
-     ``mms-ca.crt`` in the ConfigMap.
+     The |k8s-op-short| requires that you name the |onprem| resource's
+     certificate ``mms-ca.crt`` in the ConfigMap.
 
 ---
 title: "Copy the following example ``ConfigMap``."
@@ -94,7 +94,7 @@ content: |
   .. include:: /includes/list-tables/rs-resource-base-options.rst
 
 ---
-title: "Configure the TLS settings for your {{k8sResource}} resource using a Custom Certificate Authority."
+title: "Configure the TLS settings for your {{k8sResource}} resource using a custom certificate authority (CA)."
 stepnum: 0
 level: 4
 ref: add-tls-settings-custom-ca
@@ -655,11 +655,16 @@ ref: create-rs-tls-configmap
 content: |
 
   Run this ``kubectl`` command to link your |certauth| to your replica
-  set:
+  set and specify the |certauth| certificate file.
+
+  .. important::
+
+     The |k8s-op-short| requires that the certificate for the |k8s-mdbrsc|
+     is named ``ca-pem`` in the ConfigMap.
 
   .. code-block:: sh
 
-     kubectl create configmap custom-ca --from-file=ca-pem
+     kubectl create configmap custom-ca --from-file=ca-pem=<your-custom-ca-file>
 
 ---
 title: "Create the secret for your Shards' TLS certificates."
@@ -906,11 +911,12 @@ ref: create-sc-tls-configmap
 content: |
 
   Run this ``kubectl`` command to link your |certauth| to your sharded
-  cluster:
+  cluster and specify the |certauth| certificate file that you must always
+  name ``ca-pem`` for the |k8s-mdbrsc|:
 
   .. code-block:: sh
 
-     kubectl create configmap custom-ca --from-file=ca-pem
+     kubectl create configmap custom-ca --from-file=ca-pem=<your-custom-ca-file>
 
 ---
 title: "Test the connection to the replica set."
diff --git a/source/includes/steps-source-deploy-om-resource.yaml b/source/includes/steps-source-deploy-om-resource.yaml
@@ -22,7 +22,7 @@ content: |
 stepnum: 0
 level: 4
 ref: create-om-appdb-configmap
-title: "Create a ConfigMap that contains the Certificate Authority."
+title: "Create a ConfigMap that contains the certificate authority (CA)."
 optional: true
 content: |
 
diff --git a/source/reference/k8s-operator-multi-cluster-specification.txt b/source/reference/k8s-operator-multi-cluster-specification.txt
@@ -1042,7 +1042,8 @@ Optional ``MongoDBMultiCluster`` Resource Settings
   |tls| certificate. Defaults to ``true`` if you enable |tls|
   authentication.
   
-  To enable |tls| authentication, provide a value. 
+  To enable |tls| authentication, provide a value for the
+  :ref:`spec.security.certsSecretPrefix  <multi-spec-security-certssecretprefix>` setting.
 
 .. _multi-spec-security-certssecretprefix:
 
@@ -1248,6 +1249,14 @@ Optional ``MongoDBMultiCluster`` Resource Settings
 
   Provide the name of the |k8s-configmap| that stores the |certauth|.
 
+  .. important::
+
+     If you use a custom |certauth| to sign your |tls| certificates for
+     the |mongodb-multi|, you must specify this parameter.
+
+     The |k8s-op-short| requires that you name the certificate for the
+     |mongodb-multi| ``ca-pem`` in the ConfigMap.
+
 .. _multi-spec-security-tls-enabled:
 
 ``spec.security.tls.enabled``
diff --git a/source/reference/k8s-operator-om-specification.txt b/source/reference/k8s-operator-om-specification.txt
@@ -265,11 +265,11 @@ Optional |onprem| Resource Settings
    .. important::
 
       :opsmgrkube:`spec.applicationDatabase.security.tls.ca` is required
-      if you use a Custom Certificate Authority to sign your application
-      database |tls| certificates.
+      if you use a custom |certauth| to sign your application database's
+      |tls| certificates.
 
-      The |k8s-op-short| requires that the certificate is named
-      ``ca-pem`` in the ConfigMap.
+      The |k8s-op-short| requires that you name the application database's
+      certificate ``ca-pem`` in the ConfigMap.
 
       The |certauth| specified in this section is also used for 
       configuring custom |tls| certificates for |s3| storage when either
@@ -956,11 +956,11 @@ Optional |onprem| Resource Settings
 
    .. important::
 
-      :opsmgrkube:`spec.security.tls.ca` is required if you use a Custom
-      Certificate Authority to sign your |onprem| |tls| certificates.
+      :opsmgrkube:`spec.security.tls.ca` is required if you use a custom
+      |certauth| to sign your |onprem| |tls| certificates.
 
-      The |k8s-op-short| requires that the certificate is named
-      ``mms-ca.crt`` in the ConfigMap.
+      The |k8s-op-short| requires that you name the certificate
+      for the |onprem| resource ``mms-ca.crt`` in the ConfigMap.
 
    This |certauth| signs the certificates that:
 
@@ -1507,7 +1507,7 @@ You can use |tls| for both |s3| and your application database, or for
    :opsmgrkube:`spec.backup.s3Stores.customCertificateSecretRefs`
    instead. 
    
-   Flag that indicates whether you use AppDB certificates
+   Flag that indicates whether you use Application Database's certificates
    (``appdb-ca``) as the custom |tls| certificate for your |s3| backups.
    The default is ``False``. 
 
@@ -1525,7 +1525,7 @@ You can use |tls| for both |s3| and your application database, or for
    also provide the :opsmgrkube:`spec.backup.s3Stores.customCertificate`
    setting, |k8s-op-short| uses the
    :opsmgrkube:`spec.applicationDatabase.security.tls.ca` as the
-   custom certificate for backups.    
+   custom certificate for backups.
    
    Each entry in the list specifies the
    :opsmgrkube:`~spec.backup.s3Stores.customCertificateSecretRefs.name`
