Updated secure way

ThatAmatoGuy · web-flow · commit b0af974f36ef · 2023-08-22T09:43:34.000-07:00
moved the kubernetes 1.24 secure way higher up to prevent confusion.
diff --git a/_docs/integrations/kubernetes.md b/_docs/integrations/kubernetes.md
@@ -274,10 +274,11 @@ echo $(kubectl get secret -o go-template='{{index .data "token" }}' $(kubectl ge
 
 Once the cluster been added successfully you can go to the `Kubernetes` tab to start working with the services of your cluster.
 
-#### The proper/secure way
+#### The proper/secure way for Kubernetes Cluster 1.24+
 
-For production environments you should create a service account and/or role for Codefresh access.
-The minimum permissions Codefresh needs to work with the cluster are the following:
+For production environments, create a service account and/or role for Codefresh access.  
+
+Codefresh needs these minimum permissions to work with the cluster:
 
 `codefresh-role.yml`
 {% highlight yaml %}
@@ -314,7 +315,7 @@ kind: ServiceAccount
 metadata:
   name: codefresh-user
   namespace: kube-system
----
+--- 
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@@ -327,29 +328,39 @@ subjects:
 - kind: ServiceAccount
   name: codefresh-user
   namespace: kube-system
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/service-account-token
+metadata:
+  name: codefresh-user-token
+  namespace: kube-system
+  annotations:
+    kubernetes.io/service-account.name: "codefresh-user"
 {% endraw %}
 {% endhighlight %}
 
-Select the appropriate cluster if you have more than one:
+<br />
 
+1. Select the appropriate cluster if you have more than one:
 `Choose cluster`
 {% highlight shell %}
 {% raw %}
 kubectl config use-context <my-cluster-name>
 {% endraw %}
 {% endhighlight %}
 
-Create the Codefresh user/role:
-
+{:start="2"}
+1. Create the Codefresh user/role:  
 `Apply Codefresh access rules`
 {% highlight shell %}
 {% raw %}
 kubectl apply -f codefresh-role-sa-bind.yml
 {% endraw %}
 {% endhighlight %}
 
-Finally run the following commands and copy-paste the result to each Codefresh field in the UI:
-
+{:start="3"}
+1. Finally run the following commands, and copy-paste the results to the respective Codefresh field in the UI:  
 `Host IP`
 {% highlight shell %}
 {% raw %}
@@ -360,22 +371,21 @@ export CURRENT_CONTEXT=$(kubectl config current-context) && export CURRENT_CLUST
 `Certificate`
 {% highlight shell %}
 {% raw %}
-echo $(kubectl get secret -n kube-system -o go-template='{{index .data "ca.crt" }}' $(kubectl get sa codefresh-user -n kube-system -o go-template="{{range .secrets}}{{.name}}{{end}}"))
+echo $(kubectl get secret -n kube-system -o go-template='{{index .data "ca.crt" }}' codefresh-user-token)
 {% endraw %}
 {% endhighlight %}
 
 `Token`
 {% highlight shell %}
 {% raw %}
-echo $(kubectl get secret -n kube-system -o go-template='{{index .data "token" }}' $(kubectl get sa codefresh-user -n kube-system -o go-template="{{range .secrets}}{{.name}}{{end}}"))
+echo $(kubectl get secret -n kube-system -o go-template='{{index .data "token" }}' codefresh-user-token)
 {% endraw %}
 {% endhighlight %}
 
-#### The proper/secure way for Kubernetes Cluster 1.24+
+#### The proper/secure way Kubernetes 1.23 and older
 
-For production environments, create a service account and/or role for Codefresh access.  
-
-Codefresh needs these minimum permissions to work with the cluster:
+For production environments you should create a service account and/or role for Codefresh access.
+The minimum permissions Codefresh needs to work with the cluster are the following:
 
 `codefresh-role.yml`
 {% highlight yaml %}
@@ -412,7 +422,7 @@ kind: ServiceAccount
 metadata:
   name: codefresh-user
   namespace: kube-system
---- 
+---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@@ -425,39 +435,29 @@ subjects:
 - kind: ServiceAccount
   name: codefresh-user
   namespace: kube-system
----
-apiVersion: v1
-kind: Secret
-type: kubernetes.io/service-account-token
-metadata:
-  name: codefresh-user-token
-  namespace: kube-system
-  annotations:
-    kubernetes.io/service-account.name: "codefresh-user"
 {% endraw %}
 {% endhighlight %}
 
-<br />
+Select the appropriate cluster if you have more than one:
 
-1. Select the appropriate cluster if you have more than one:
 `Choose cluster`
 {% highlight shell %}
 {% raw %}
 kubectl config use-context <my-cluster-name>
 {% endraw %}
 {% endhighlight %}
 
-{:start="2"}
-1. Create the Codefresh user/role:  
+Create the Codefresh user/role:
+
 `Apply Codefresh access rules`
 {% highlight shell %}
 {% raw %}
 kubectl apply -f codefresh-role-sa-bind.yml
 {% endraw %}
 {% endhighlight %}
 
-{:start="3"}
-1. Finally run the following commands, and copy-paste the results to the respective Codefresh field in the UI:  
+Finally run the following commands and copy-paste the result to each Codefresh field in the UI:
+
 `Host IP`
 {% highlight shell %}
 {% raw %}
@@ -468,17 +468,18 @@ export CURRENT_CONTEXT=$(kubectl config current-context) && export CURRENT_CLUST
 `Certificate`
 {% highlight shell %}
 {% raw %}
-echo $(kubectl get secret -n kube-system -o go-template='{{index .data "ca.crt" }}' codefresh-user-token)
+echo $(kubectl get secret -n kube-system -o go-template='{{index .data "ca.crt" }}' $(kubectl get sa codefresh-user -n kube-system -o go-template="{{range .secrets}}{{.name}}{{end}}"))
 {% endraw %}
 {% endhighlight %}
 
 `Token`
 {% highlight shell %}
 {% raw %}
-echo $(kubectl get secret -n kube-system -o go-template='{{index .data "token" }}' codefresh-user-token)
+echo $(kubectl get secret -n kube-system -o go-template='{{index .data "token" }}' $(kubectl get sa codefresh-user -n kube-system -o go-template="{{range .secrets}}{{.name}}{{end}}"))
 {% endraw %}
 {% endhighlight %}
 
+
 #### Restrict Codefresh access to a specific namespace
 
 In most cases, you want to allow Codefresh to access all namespaces inside the cluster. This is the most convenient option as it will make
