From b46b81e8a787524e2573cb6f70069299ff0387d4 Mon Sep 17 00:00:00 2001
From: Justin Ross <jross@apache.org>
Date: Mon, 23 Dec 2024 14:44:46 -0500
Subject: [PATCH] WIP

---
 config/resources/router-access.yaml |  9 +++++++++
 config/resources/site.yaml          | 12 +++++++-----
 input/resources/overview.md         | 10 ++++++++++
 input/resources/router-access.md    |  6 +++++-
 input/resources/site.md             | 11 ++++++-----
 5 files changed, 37 insertions(+), 11 deletions(-)

diff --git a/config/resources/router-access.yaml b/config/resources/router-access.yaml
index 6dae130..9d5c7ce 100644
--- a/config/resources/router-access.yaml
+++ b/config/resources/router-access.yaml
@@ -31,6 +31,15 @@ spec:
     - name: generateTlsCredentials
     - name: issuer
     - name: accessType
+      platforms: [Kubernetes]
+      default: |
+        _On OpenShift, the default is `route`.  For other
+        Kubernetes flavors, the default is `loadbalancer`._
+      choices:
+        - name: route
+          description: Use an OpenShift route.  _OpenShift only._
+        - name: loadbalancer
+          description: Use a Kubernetes load balancer.
     - name: bindHost
       default: 0.0.0.0
       platforms: [Docker, Podman, Linux]
diff --git a/config/resources/site.yaml b/config/resources/site.yaml
index 300b76c..1713be8 100644
--- a/config/resources/site.yaml
+++ b/config/resources/site.yaml
@@ -53,6 +53,7 @@ spec:
         - name: none
           description: No linking to this site is permitted.
         - name: default
+          platforms: [Kubernetes]
           description: |
             Use the default link access for the current platform.
             On OpenShift, the default is `route`.  For other
@@ -60,7 +61,7 @@ spec:
         - name: route
           description: Use an OpenShift route.  _OpenShift only._
         - name: loadbalancer
-          description: Use a Kubernetes load balancer.  _Kubernetes only._
+          description: Use a Kubernetes load balancer.
     - name: ha
       updatable: true
       platforms: [Kubernetes]
@@ -82,7 +83,7 @@ spec:
       description: |
         The name of a Kubernetes secret containing the signing CA
         used to generate a certificate from a token.  A secret is
-        generated if none is supplied.
+        generated if none is specified.
 
         This issuer is used by AccessGrant and RouterAccess if a
         specific issuer is not set.
@@ -105,12 +106,13 @@ spec:
         router infrastructure. -->
     - name: serviceAccount
       group: advanced
-      default: skupper-router
+      default: _Generated_
       platforms: [Kubernetes]
       links: [kubernetes/service_accounts]
       description: |
-        The name of the Kubernetes service account under which to
-        run the Skupper controller.
+        The name of the Kubernetes service account under which to run
+        the Skupper router.  A service account is generated if none is
+        specified.
     - name: settings
       description: |
         @description@
diff --git a/input/resources/overview.md b/input/resources/overview.md
index 545eba2..9396e2c 100644
--- a/input/resources/overview.md
+++ b/input/resources/overview.md
@@ -29,6 +29,8 @@ Creation, updates, deletion
 - Where do resources go in Kubernetes?
 - Where do they go in non-Kube?  FS location.  system apply.
 - You can use the CLI do these things.
+- On Kubernetes, use kubectl apply and delete.  On Docker, Podman, and
+  Linux, use skupper system apply and delete.
 
 #### Common properties
 
@@ -49,10 +51,18 @@ Creation, updates, deletion
 - **Listener:** {{lipsum(10)}}
 - **Connector:** {{lipsum(10)}}
 
+These are the main resources you interact with.  The others are for
+less common scenarios.
+
 Site is the heart of things.  The Site resource represents a location
 in a Skupper network.  It carries all the configuration for the site.
 The starting point.  The parent of other Skupper resources.
 
+Links....  The Link resource is usually not created directly.
+Instead, you use access tokens.
+
+Listener and connector are the key resources for service exposure.
+
 ## Site linking resources
 
 - **Link:** {{lipsum(10)}}
diff --git a/input/resources/router-access.md b/input/resources/router-access.md
index 3fe6727..03b79fc 100644
--- a/input/resources/router-access.md
+++ b/input/resources/router-access.md
@@ -145,7 +145,11 @@ directory under `input/certs/` in the current namespace.
 </div>
 <div class="attribute-body">
 
-<table class="fields"><tr><th>Platforms</th><td>Kubernetes, Docker, Podman, Linux</td></table>
+<table class="fields"><tr><th>Default</th><td><p><em>On OpenShift, the default is <code>route</code>.  For other
+Kubernetes flavors, the default is <code>loadbalancer</code>.</em></p>
+</td><tr><th>Choices</th><td><table class="choices"><tr><th><code>route</code></th><td><p>Use an OpenShift route.  <em>OpenShift only.</em></p>
+</td></tr><tr><th><code>loadbalancer</code></th><td><p>Use a Kubernetes load balancer.</p>
+</td></tr></table></td><tr><th>Platforms</th><td>Kubernetes</td></table>
 
 </div>
 </div>
diff --git a/input/resources/site.md b/input/resources/site.md
index 9f44662..eae00a9 100644
--- a/input/resources/site.md
+++ b/input/resources/site.md
@@ -132,7 +132,7 @@ the sites must have link access enabled.
 </td><tr><th>Choices</th><td><table class="choices"><tr><th><code>none</code></th><td><p>No linking to this site is permitted.</p>
 </td></tr><tr><th><code>default</code></th><td><p>Use the default link access for the current platform. On OpenShift, the default is <code>route</code>.  For other Kubernetes flavors, the default is <code>loadbalancer</code>.</p>
 </td></tr><tr><th><code>route</code></th><td><p>Use an OpenShift route.  <em>OpenShift only.</em></p>
-</td></tr><tr><th><code>loadbalancer</code></th><td><p>Use a Kubernetes load balancer.  <em>Kubernetes only.</em></p>
+</td></tr><tr><th><code>loadbalancer</code></th><td><p>Use a Kubernetes load balancer.</p>
 </td></tr></table></td><tr><th>Platforms</th><td>Kubernetes, Docker, Podman, Linux</td><tr><th>Updatable</th><td>True</td><tr><th>See also</th><td><a href="{{site_prefix}}/concepts/link.html">Link concept</a>, <a href="{{site_prefix}}/topics/site-linking.html">Site linking</a></td></table>
 
 </div>
@@ -168,7 +168,7 @@ window of downtime caused by restarts.
 
 The name of a Kubernetes secret containing the signing CA
 used to generate a certificate from a token.  A secret is
-generated if none is supplied.
+generated if none is specified.
 
 This issuer is used by AccessGrant and RouterAccess if a
 specific issuer is not set.
@@ -213,10 +213,11 @@ router infrastructure. -->
 </div>
 <div class="attribute-body">
 
-The name of the Kubernetes service account under which to
-run the Skupper controller.
+The name of the Kubernetes service account under which to run
+the Skupper router.  A service account is generated if none is
+specified.
 
-<table class="fields"><tr><th>Default</th><td><p><code>skupper-router</code></p>
+<table class="fields"><tr><th>Default</th><td><p><em>Generated</em></p>
 </td><tr><th>Platforms</th><td>Kubernetes</td><tr><th>See also</th><td><a href="https://kubernetes.io/docs/concepts/security/service-accounts/">Kubernetes service accounts</a></td></table>
 
 </div>