made changes according to comments

content/for-administrators/how-to-guides/certificate-management/tls-certs.md

@@ -1,10 +1,12 @@
-# Configuring TLS Certificates and External DNS
+# Configuring Cert Manager Issuer and External DNS
 
-This document provides a step-by-step guide to configure TLS certificates and External DNS for different tenants.
+This document provides a step-by-step guide to configure Cert Manager Issuer and External DNS for different tenants.
 
 ## Step 1: Setup DNS creds in Vault
 
-Go to `common-shared-secret` path in Vault and create a secret `external-dns-creds`. This secret mainly have credentials for authenticating with DNS provider (in present case `Cloudflare`) and should contain following fields:
+Go to `common-shared-secret` path in Vault and create a secret `external-dns-creds`. This secret mainly have credentials for authenticating with DNS provider and should contain following fields:
+
+### Cloudflare
 
 - `api-token (required)`: API token generated from DNS provider being used. In case of Cloudflare, it should have `DNS:Edit` and `Zone:Read` access.
 - `domain-filter (optional)`: This field should contain base domain that becomes base for registering further subdomains. For example: `example.com`.
@@ -29,6 +31,8 @@ In this directory, create the following resources:
 
 The `Template` resource defines the underlying YAML files to be deployed to tenant namespaces. Below is an example template for setting up a TLS certificate:
 
+#### Cloudflare
+
 ```yaml
 apiVersion: tenantoperator.stakater.com/v1alpha1
 kind: Template
@@ -67,22 +71,11 @@ resources:
           privateKeySecretRef:
             name: letsencrypt-account-key
           solvers:
-            - http01:
+            - dns01:
                 cloudflare:
                   apiTokenSecretRef:
                     name: certificate-creds
                     key: api-token
-    - apiVersion: cert-manager.io/v1
-      kind: Certificate
-      metadata:
-        name: tls-certificate
-      spec:
-        secretName: tls-certificate-secret
-        dnsNames:
-          - <DNS for which we need to generate certificate for example:example.com>
-        issuerRef:
-          name: <Issuer name in present case:letsencrypt-cloudflare>
-          kind: Issuer
 ```
 
 #### Explanation of Resources
@@ -97,12 +90,6 @@ resources:
      - `.spec.acme.email`: Email address for certificate lifecycle updates.
      - `.spec.acme.solvers.dns01.cloudflare.apiTokenSecretRef`: Reference to the `ExternalSecret` created earlier.
 
-1. **`Certificate`**:
-   - Instruct Cert-Manager to generate TLS certificates for specific DNS entries.
-   - Requires:
-     - `.spec.dnsNames`: DNS name for which this certificate will be valid. It can also contain wildcard names like `*.example.com` or specific names like `api.example.com`.
-     - `.spec.issuerRef.name`: Name of the issuer that this certificate will reference. We have created this issuer in previous steps.
-
 ### TemplateGroupInstance
 
 The `TemplateGroupInstance` deploys resources by referencing the created templates and specifying target namespaces. Example:
@@ -133,12 +120,9 @@ Commit, push, and merge these changes to the `main` branch. ArgoCD will deploy t
 ### Verify Deployment
 
 1. In the cluster console, switch to `Administrator` view and navigate to `Home > Search`.
-1. Select the namespace and search for `Certificate` in the `Resources` dropdown.
-1. Inspect the deployed certificate. In the `Condition` section, confirm that the certificate is up-to-date.
+1. Select the namespace and search for `Issuer` in the `Resources` dropdown.
+1. Inspect the deployed issuer. In the `Condition` section, confirm that the issuer is up-to-date.
 
 ![OpenShift Console](images/console.png)
 
-![Certificate Details](images/certificate-details.png)
-
-!!! note
-    If the certificate status is not updated, wait a few minutes as Cert-Manager may take time to generate the certificate.
+![Issuer Details](images/issuer-status.png)

content/for-developers/how-to-guides/expose-applications-to-internet/expose-applications-to-internet.md

@@ -6,10 +6,40 @@ This guide provides a step-by-step process to configure an OpenShift `Route` res
 
 Before proceeding, ensure the following prerequisites are met:
 
-- **TLS Certificates**: Verify with your cluster administrator that TLS certificates are properly configured.
+- **Cert Manager Issuer**: Verify with your cluster administrator that cert manager `Issuer` is properly configured.
 - **External DNS**: Confirm that External DNS is set up and operational for managing DNS records.
 
-## Step 1: Deploy the Route
+## Step 1: Setup Cert Manager Certificate
+
+A [`Certificate`](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources) resource is used to automatically manage TLS certificates for your application by integrating with a certificate authority (e.g., Let’s Encrypt). It handles the issuance, renewal, and revocation of certificates, ensuring secure communication over HTTPS. Follow the steps below to configure the Certificate resource
+
+### Update `values.yaml`
+
+In your application's Helm chart, add the following snippet in `values.yaml`.
+
+```yaml
+application:
+  ...
+  certificate:
+    enabled: true
+    secretName: <secret name where tls creds will be stored>
+    dnsNames:
+      - <DNS for which we need to generate certificate for example:example.com>
+    issuerRef:
+      name: <cert manager's Issuer name. You can ask cluster admin for this>
+      kind: Issuer
+```
+
+#### Important Details
+
+- **Certificate**:
+   - Instruct Cert-Manager to generate TLS certificates for specific DNS entries.
+   - Requires:
+     - `.certificate.secretName`: This is the name of secret that `Certificate` will create. It will contain TLS credentials that will find its utilization in next steps.
+     - `.certificate.dnsNames`: DNS name for which this certificate will be valid. It can contain wildcard names like `*.example.com` or specific names like `api.example.com`.
+     - `.certificate.issuerRef.name`: Name of the issuer that this certificate will reference. We have created this issuer in previous steps.
+
+## Step 2: Deploy the Route
 
 A [`Route`](https://docs.openshift.com/container-platform/4.17/networking/routes/route-configuration.html) resource is used to expose your application to the internet using a specific DNS name. Follow the steps below to configure the Route.
 
@@ -19,7 +49,7 @@ Update the `values.yaml` file in your application’s Helm chart with the follow
 
 ```yaml
 application:
-  applicationName: <application name>
+  ...
   route:
     enabled: true
     annotations:
@@ -45,6 +75,21 @@ application:
 
 After updating the `values.yaml` file and applying the Helm chart, verify the deployment:
 
+#### Certificate
+
+1. In the cluster console, switch to `Administrator` view and navigate to `Home > Search`.
+1. Select the namespace and search for `Certificate` in the `Resources` dropdown.
+1. Inspect the deployed certificate. In the `Condition` section, confirm that the certificate is up-to-date.
+
+![OpenShift Console](images/console.png)
+
+![Certificate Details](images/certificate-details.png)
+
+!!! note
+    If the certificate status is not updated, wait a few minutes as Cert-Manager may take time to generate the certificate.
+
+#### Route
+
 1. Navigate to the OpenShift cluster console.
 1. Go to Networking > Routes and locate the Route resource for your application.
 1. Confirm that: