Docs: oidc targets (#1251)

gardener · Oct 21, 2024 · 7817686 · 7817686
1 parent 62a7d07
commit 7817686
Showing 1 changed file with 10 additions and 10 deletions.
diff --git a/docs/usage/Targets.md b/docs/usage/Targets.md
@@ -221,7 +221,6 @@ On the resource cluster you define a Service Account like the following:
 
 ```yaml
 apiVersion: v1
-
 kind: ServiceAccount
 metadata:
   name: <someName> # e.g. test-service-account
@@ -232,6 +231,7 @@ On the target cluster (not the resource cluster!) you define the cluster role bi
 service account on the resource cluster, e.g. as follows:
 
 ```yaml
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: <someName>
@@ -253,22 +253,22 @@ And now it is time to define an OIDC Target on the resource cluster:
 
 ```yaml
 apiVersion: landscaper.gardener.cloud/v1alpha1
-
 kind: Target
 metadata:
   name: <targetName>
   namespace: <targetNamespace>
 
 spec:
   config:
-    audience:
-    - <clientID of OpenIDConnect on the target cluster>
-    caData: LS... # ca data of the target cluster
-    server: <ApiServerUrl of the target cluster> # https://api.<clusterName>...
-    serviceAccount: 
-      name: <name of Service Account>
-      namespace: <namespace of Service Account> # might be different from the Target namespace
-    expirationSeconds: <some integer> # optional, defaults to 86400 = 60 * 60 * 24
+    oidcConfig:
+      audience:
+        - <clientID of OpenIDConnect on the target cluster>
+      caData: LS... # ca data of the target cluster
+      server: <ApiServerUrl of the target cluster> # https://api.<clusterName>...
+      serviceAccount: 
+        name: <name of Service Account>
+        namespace: <namespace of Service Account> # might be different from the Target namespace
+      expirationSeconds: <some integer> # optional, defaults to 86400 = 60 * 60 * 24
   type: landscaper.gardener.cloud/kubernetes-cluster
 ```