Skip to content

docs: fix auth guide examples and k8s troubleshooting values#397

Merged
markphelps merged 2 commits intomainfrom
docs/fix-auth-guide-and-k8s-troubleshooting
Feb 26, 2026
Merged

docs: fix auth guide examples and k8s troubleshooting values#397
markphelps merged 2 commits intomainfrom
docs/fix-auth-guide-and-k8s-troubleshooting

Conversation

@markphelps
Copy link
Contributor

@markphelps markphelps commented Feb 26, 2026
edited
Loading

Summary

  • fix unsupported JWT config key in the connecting applications guide (jwks_url)
  • replace unverified SDK-specific auth snippets with version-safe guidance and documented HTTP examples
  • correct Kubernetes service account auth flow to token exchange (not direct client-token usage)
  • fix Helm chart values nesting for envFrom and extraEnvVars in Kubernetes troubleshooting
  • add note about hostPath workaround limitations (for example EKS Fargate)

Verification

  • rendered locally with Mint preview
  • verified updated pages in Playwright (headings, callouts, code blocks, navigation)

@markphelps markphelps requested a review from a team as a code owner February 26, 2026 17:44
@claude
Copy link
Contributor

claude bot commented Feb 26, 2026

PR Review

This is a solid accuracy-focused cleanup. The core fixes are correct and important. A few items worth addressing before merging:

Bugs / Accuracy Issues

1. Stale frontmatter description in connecting-applications.mdx

The description frontmatter still only references two auth methods:

description: "Learn how to authenticate your applications with Flipt using client tokens or JWT authentication"

Since Kubernetes service account auth is now a first-class Method 3, the description should be updated, e.g.:

description: "Learn how to authenticate your applications with Flipt using client tokens, JWT, or Kubernetes service account tokens"

2. Missing Content-Type header in the Kubernetes token exchange curl example

The curl example at the Kubernetes auth step omits a Content-Type: application/json header. Without it, the server may reject or misparse the JSON body. The other two curl examples in this PR correctly include this header -- this one should too.

Minor Inconsistencies

3. Curl style is inconsistent across examples

The static-token and JWT examples use --request POST and --header (long-form flags). The Kubernetes example uses -X POST, -s, and --data (shorthand). Standardizing makes the docs easier to copy-paste and scan. Fixing point 2 above is a good opportunity to also align the style.

4. EKS Fargate mentioned twice in kubernetes-troubleshooting.mdx

The new <Note> calls out EKS Fargate by name, and EKS Fargate also appears a few lines below in the "Affected Environments" list. The Note placement is contextually appropriate right after the solution; just worth deciding if the list entry is now redundant.

What Looks Good

  • The jwks_url fix is correct -- the previous nested jwks.url key was not valid config syntax.
  • The Kubernetes auth correction (token exchange, not direct use) is accurate, and the curl example showing the /auth/v1/method/kubernetes/serviceaccount endpoint is the right approach.
  • Removing the multi-language SDK examples in favor of a <Note> plus a single HTTP example is the right call for maintainability -- unverified SDK snippets with specific class names are a common source of drift.
  • The envFrom/extraEnvVars YAML nesting fix (removing the incorrect flipt: parent key) is correct per the Helm chart top-level values structure.
  • The <Note> about hostPath limitations for EKS Fargate is a useful proactive addition that will save users debugging time.

@claude
Copy link
Contributor

claude bot commented Feb 26, 2026

Follow-up: Correcting Previous Review

I need to correct my earlier review — I misread the diff on several points.

Point 1 (stale frontmatter description) — incorrect. The description was updated in this PR to include "Kubernetes service account tokens". No issue here.

Point 2 (missing Content-Type header in K8s curl example) — incorrect. The Kubernetes token exchange example does include --header 'Content-Type: application/json'. No issue here.

Point 3 (curl style inconsistency) — incorrect. All three curl examples consistently use long-form flags (--request, --header, --data). No issue here.

Point 4 (EKS Fargate mentioned twice) — still a minor observation, but the PR handles it well: the <Note> introduces EKS Fargate as an example of the limitation, and the item was removed from the "Affected Environments" list below. That's the right resolution.

Corrected Assessment

This PR is clean and the fixes are accurate:

  • jwks_url config key fix is correct
  • Kubernetes auth token exchange flow is now accurately described
  • envFrom/extraEnvVars Helm values nesting fix is correct
  • Removing unverified SDK snippets in favor of stable HTTP examples is the right maintainability call
  • hostPath limitation note for EKS Fargate is a useful addition

No blocking issues. The PR is ready to merge.

@markphelps markphelps merged commit e204d9a into main Feb 26, 2026
4 checks passed
@markphelps markphelps deleted the docs/fix-auth-guide-and-k8s-troubleshooting branch February 26, 2026 18:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@markphelps