From b132163ec57cb05994786a38eaeb555c709e7cff Mon Sep 17 00:00:00 2001
From: David Espejo <82604841+davidmirror-ops@users.noreply.github.com>
Date: Fri, 9 Feb 2024 13:54:01 -0500
Subject: [PATCH] Add notes to selfAuth with Azure docs (#4835)

* Add notes from recent Azure deployments

Signed-off-by: davidmirror-ops <david espejo@union.ai>

* Rephrase multicluster auth

Signed-off-by: davidmirror-ops <david espejo@union.ai>

* Rephrase multicluster auth v2

Signed-off-by: davidmirror-ops <david espejo@union.ai>

---------

Signed-off-by: davidmirror-ops <david espejo@union.ai>
Co-authored-by: davidmirror-ops <david espejo@union.ai>
---
 docs/deployment/configuration/auth_setup.rst | 24 ++++++++++----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/docs/deployment/configuration/auth_setup.rst b/docs/deployment/configuration/auth_setup.rst
index 61a6b4c0aef..41c10f03b13 100644
--- a/docs/deployment/configuration/auth_setup.rst
+++ b/docs/deployment/configuration/auth_setup.rst
@@ -120,7 +120,7 @@ browser.
        
           - ``http://localhost:30081/callback`` for sandbox or ``https://<your deployment url>/callback`` for other Flyte deployment types.
    
-   .. group-tab:: Microsoft Azure AD
+   .. group-tab:: Microsoft Entra ID (Azure AD)
    
        1. From the Azure homepage go to **Azure Active Directory**
        2. From the **Ovierview** page, take note of the **Tenant ID**
@@ -330,7 +330,7 @@ Apply OIDC Configuration
                userAuth:
                  openId:
                 # baseUrl: https://accounts.google.com # Uncomment for Google
-                # baseUrl: https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize # Uncomment for Azure AD
+                # baseUrl: https://login.microsoftonline.com/<tenant-id>/v2.0 # Uncomment for Azure AD
                   # For Okta, use the Issuer URI of the default auth server
                   baseUrl: https://dev-<org-id>.okta.com/oauth2/default
                   # Use the client ID generated by your IdP
@@ -351,28 +351,28 @@ Apply OIDC Configuration
            # Use the non-encoded version of the random password 
              clientSecret: "<your-random-password>" 
              clientId: flytepropeller
-         
-      8. Save and exit your editor.
 
-      9. Restart ``flyteadmin`` for the changes to take effect:
+.. note::
 
-      .. prompt:: bash $
+   For `multi-cluster deployments <https://docs.flyte.org/en/latest/deployment/deployment/multicluster.html>`__, 
+   you must add this Secret definition block to the `values-dataplane.yaml` file.
+   If you are not running `flytepropeller` in the control plane cluster, you do not need to create this secret there.
 
-         kubectl rollout restart deployment/flyteadmin -n flyte
+      8. Save and exit your editor.
 
-      10. Restart ``flytepropeller`` to start using authenticated requests:
+      9. Upgrade your Helm release with the new configuration:
 
       .. prompt:: bash $
 
-          kubectl rollout restart deployment/flytepropeller -n flyte
+         helm upgrade <release-name> flyteorg/flyte-binary -n <your-namespace> --values <your-values-file>.yaml
 
-      11. Restart ``flytescheduler``` to start using authenticated requests:
+      10. Verify that the `flytepropeller`, `flytescheduler` and `flyteadmin` Pods are restarted and running: 
 
       .. prompt:: bash $
 
-         kubectl rollout restart deployment/flytescheduler -n flyte
+          kubectl get pods -n flyte
 
-      12. For flytectl/pyflyte, make sure that your local config file (``$HOME/.flyte/config.yaml``) includes the following option:
+      11. For flytectl/pyflyte, make sure that your local config file (``$HOME/.flyte/config.yaml``) includes the following option:
 
       .. code-block:: yaml