docs(kubernetes-auth): add API documentation about vault permissions …

…for namespace label selection Relates-to: hashicorp/vault-plugin-auth-kubernetes#182
f4z3r · Feb 23, 2023 · 5a746e4 · 5a746e4
1 parent cc94c0b
commit 5a746e4
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/website/content/api-docs/auth/kubernetes.mdx b/website/content/api-docs/auth/kubernetes.mdx
@@ -134,7 +134,8 @@ entities attempting to login.
   namespaces allowed to acces this role. Accepts either a JSON or YAML object. The value
   should be of type
   [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
-  If set with `bound_service_account_namespaces`, the conditions are `OR`ed.
+  If this parameter is used, the Vault requires permissions to read namespaces on the Kubernetes
+  cluster. If set with `bound_service_account_namespaces`, the conditions are `OR`ed.
 - `audience` `(string: "")` - Optional Audience claim to verify in the JWT.
 - `alias_name_source` `(string: "serviceaccount_uid")` - Configures how identity aliases are generated.
   Valid choices are: `serviceaccount_uid`, `serviceaccount_name`