From cc4b72b221e7ca90ae1c4446634847743dd004ef Mon Sep 17 00:00:00 2001
From: Dixita Narang <ndixita@google.com>
Date: Mon, 21 Nov 2022 23:28:16 +0000
Subject: [PATCH] Update doc references for KubeletCredentialProviders

---
 content/en/docs/concepts/containers/images.md     | 15 +++++++++++++++
 .../command-line-tools-reference/feature-gates.md |  5 +++--
 .../kubelet-credential-provider.md                |  5 ++---
 3 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/content/en/docs/concepts/containers/images.md b/content/en/docs/concepts/containers/images.md
index c696fbb3ea33d..3944afaf2a479 100644
--- a/content/en/docs/concepts/containers/images.md
+++ b/content/en/docs/concepts/containers/images.md
@@ -160,6 +160,9 @@ Credentials can be provided in several ways:
   - Configuring Nodes to Authenticate to a Private Registry
     - all pods can read any configured private registries
     - requires node configuration by cluster administrator
+  - Kubelet Credential Provider to dynamically fetch credentials for private registries
+    - kubelet can be configured to use credential provider exec plugin 
+      for the respective private registry.
   - Pre-pulled Images
     - all pods can use any images cached on a node
     - requires root access to all nodes to set up
@@ -180,6 +183,18 @@ For an example of configuring a private container image registry, see the
 [Pull an Image from a Private Registry](/docs/tasks/configure-pod-container/pull-image-private-registry)
 task. That example uses a private registry in Docker Hub.
 
+### Kubelet Credential Provider
+
+{{< note >}}
+This approach is suitable when kubelet needs to fetch registry credentials dynamically.
+Most commonly used for registries provided by cloud providers where auth tokens are short-lived. 
+{{< /note >}}
+
+The Kubelet can be configured to invoke a plugin binary to dynamically fetch registry credentials for a container image.
+This is the most robust and versatile way to fetch credentials for private registries, but also requires kubelet-level configuration to enable.
+
+See the [Kubelet Credential Provider](/docs/tasks/kubelet-credential-provider/kubelet-credential-provider/) docs for more details.      
+
 ### Interpretation of config.json {#config-json}
 
 The interpretation of `config.json` varies between the original Docker
diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates.md b/content/en/docs/reference/command-line-tools-reference/feature-gates.md
index f790a1fb7b423..6d2689bf9ca78 100644
--- a/content/en/docs/reference/command-line-tools-reference/feature-gates.md
+++ b/content/en/docs/reference/command-line-tools-reference/feature-gates.md
@@ -117,8 +117,6 @@ For a reference to old feature gates that are removed, please refer to
 | `JobPodFailurePolicy` | `true` | Beta | 1.26 | |
 | `JobReadyPods` | `false` | Alpha | 1.23 | 1.23 |
 | `JobReadyPods` | `true` | Beta | 1.24 | |
-| `KubeletCredentialProviders` | `false` | Alpha | 1.20 | 1.23 |
-| `KubeletCredentialProviders` | `true` | Beta | 1.24 | |
 | `KubeletInUserNamespace` | `false` | Alpha | 1.22 | |
 | `KubeletPodResources` | `false` | Alpha | 1.13 | 1.14 |
 | `KubeletPodResources` | `true` | Beta | 1.15 | |
@@ -296,6 +294,9 @@ For a reference to old feature gates that are removed, please refer to
 | `JobTrackingWithFinalizers` | `false` | Beta | 1.23 | 1.24 |
 | `JobTrackingWithFinalizers` | `true` | Beta | 1.25 | 1.25 |
 | `JobTrackingWithFinalizers` | `true` | GA | 1.26 | - |
+| `KubeletCredentialProviders` | `false` | Alpha | 1.20 | 1.23 |
+| `KubeletCredentialProviders` | `true` | Beta | 1.24 | 1.25 |
+| `KubeletCredentialProviders` | `true` | GA | 1.26 | - |
 | `LegacyServiceAccountTokenNoAutoGeneration` | `true` | Beta | 1.24 | 1.25 |
 | `LegacyServiceAccountTokenNoAutoGeneration` | `true` | GA | 1.26 | - |
 | `LocalStorageCapacityIsolation` | `false` | Alpha | 1.7 | 1.9 |
diff --git a/content/en/docs/tasks/kubelet-credential-provider/kubelet-credential-provider.md b/content/en/docs/tasks/kubelet-credential-provider/kubelet-credential-provider.md
index 16547f0bf4507..6a6669d8b2262 100644
--- a/content/en/docs/tasks/kubelet-credential-provider/kubelet-credential-provider.md
+++ b/content/en/docs/tasks/kubelet-credential-provider/kubelet-credential-provider.md
@@ -7,7 +7,7 @@ description: Configure the kubelet's image credential provider plugin
 content_type: task
 ---
 
-{{< feature-state for_k8s_version="v1.24" state="beta" >}}
+{{< feature-state for_k8s_version="v1.26" state="stable" >}}
 
 <!-- overview -->
 
@@ -27,8 +27,7 @@ This guide demonstrates how to configure the kubelet's image credential provider
 
 ## {{% heading "prerequisites" %}}
 
-* The kubelet image credential provider is introduced in v1.20 as an alpha feature. As with other alpha features,
-  a feature gate `KubeletCredentialProviders` must be enabled on only the kubelet for the feature to work.
+* The kubelet image credential provider has been a beta feature since v1.24.0 and is enabled by default. With v1.26, the feature has reached General Availability (GA).
 * A working implementation of a credential provider exec plugin. You can build your own plugin or use one provided by cloud providers.
 
 <!-- steps -->