Add doc info on certPath for Service Principal with Certificate

Author: bryan-cox

api/v1beta1/azureclusteridentity_types.go

@@ -59,7 +59,7 @@ type AzureClusterIdentitySpec struct {
 	// ClientSecret is a secret reference which should contain either a Service Principal password or certificate secret.
 	// +optional
 	ClientSecret corev1.SecretReference `json:"clientSecret,omitempty"`
-	// certPath is the path where certicates exist. When set, it takes precedence over ClientSecret for types that uses certs like ServicePrincipalCertificate.
+	// certPath is the path where certificates exist. When set, it takes precedence over ClientSecret for types that uses certs like ServicePrincipalCertificate.
 	// +optional
 	CertPath string `json:"certPath,omitempty"`
 	// TenantID is the service principal primary tenant id.

config/crd/bases/infrastructure.cluster.x-k8s.io_azureclusteridentities.yaml

@@ -124,7 +124,7 @@ spec:
                     x-kubernetes-map-type: atomic
                 type: object
               certPath:
-                description: certPath is the path where certicates exist. When set,
+                description: certPath is the path where certificates exist. When set,
                   it takes precedence over ClientSecret for types that uses certs
                   like ServicePrincipalCertificate.
                 type: string

docs/book/src/topics/identities.md

@@ -125,6 +125,24 @@ data:
   password: PASSWORD
 ```
 
+Alternatively, the path to a certificate can be specified instead of the k8s secret:
+
+```yaml
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+kind: AzureClusterIdentity
+metadata:
+  name: example-identity
+  namespace: default
+spec:
+  type: ServicePrincipalCertificate
+  tenantID: <azure-tenant-id>
+  clientID: <client-id-of-SP-identity>
+  certPath: <path-to-the-cert>
+  allowedNamespaces:
+    list:
+    - <cluster-namespace>
+```
+
 ## User-Assigned Managed Identity
 
 <aside class="note">