From a91777d44a94ca34ce9b28d31c889c2069b0868a Mon Sep 17 00:00:00 2001
From: Ashley Davis <ashley.davis@venafi.com>
Date: Thu, 24 Aug 2023 16:27:15 +0100
Subject: [PATCH] add docs for trust-manager v0.6.0

Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
---
 .spelling                                          |  2 ++
 content/docs/projects/trust-manager/README.md      | 14 ++++++++++++++
 .../docs/projects/trust-manager/api-reference.md   |  8 ++++----
 scripts/gendocs/generate-trust-manager             |  2 +-
 4 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/.spelling b/.spelling
index b9c342deae..a8e5948b8b 100644
--- a/.spelling
+++ b/.spelling
@@ -622,6 +622,8 @@ ssl
 cert.pem
 Rollout
 rollout
+JKS-formatted
+changeit
 
 # TEMPORARY
 # these are temporarily ignored because the spellchecker
diff --git a/content/docs/projects/trust-manager/README.md b/content/docs/projects/trust-manager/README.md
index bbb2d318fa..7507585c4b 100644
--- a/content/docs/projects/trust-manager/README.md
+++ b/content/docs/projects/trust-manager/README.md
@@ -132,6 +132,20 @@ helm upgrade -i -n cert-manager cert-manager jetstack/cert-manager --set install
 helm upgrade -i -n cert-manager trust-manager jetstack/trust-manager --wait
 ```
 
+### approver-policy Integration
+
+If you're running [approver-policy](../approver-policy/README.md) then cert-manager's default approver will be disabled which will mean that
+trust-manager's webhook certificate will - by default - block when you install the Helm chart until it's manually approved.
+
+As of trust-manager v0.6.0 you can choose to automatically add an approver-policy `CertificateRequestPolicy` which
+will approve the trust-manager webhook certificate:
+
+```bash
+helm upgrade -i -n cert-manager trust-manager jetstack/trust-manager --set app.webhook.tls.approverPolicy.enabled=true --set app.webhook.tls.approverPolicy.certManagerNamespace=cert-manager --wait
+```
+
+Note that if you've installed cert-manager to a different namespace, you'll need to pass that namespace in `app.webhook.tls.approverPolicy.certManagerNamespace`!
+
 ### Manual Installation
 
 We strongly recommend that you install trust-manager using Helm and we don't currently support manually installed
diff --git a/content/docs/projects/trust-manager/api-reference.md b/content/docs/projects/trust-manager/api-reference.md
index 44ea6f6d18..da09c7c039 100644
--- a/content/docs/projects/trust-manager/api-reference.md
+++ b/content/docs/projects/trust-manager/api-reference.md
@@ -268,7 +268,7 @@ AdditionalFormats specifies any additional formats to write to the target
         <td><b><a href="#bundlespectargetadditionalformatsjks">jks</a></b></td>
         <td>object</td>
         <td>
-          KeySelector is a reference to a key for some map data object.<br/>
+          JKS requests a JKS-formatted binary trust bundle to be written to the target. The bundle is created with the hardcoded password "changeit".<br/>
         </td>
         <td>false</td>
       </tr></tbody>
@@ -278,7 +278,7 @@ AdditionalFormats specifies any additional formats to write to the target
 ### `Bundle.spec.target.additionalFormats.jks`
 
 
-KeySelector is a reference to a key for some map data object.
+JKS requests a JKS-formatted binary trust bundle to be written to the target. The bundle is created with the hardcoded password "changeit".
 
 <table>
     <thead>
@@ -510,7 +510,7 @@ AdditionalFormats specifies any additional formats to write to the target
         <td><b><a href="#bundlestatustargetadditionalformatsjks">jks</a></b></td>
         <td>object</td>
         <td>
-          KeySelector is a reference to a key for some map data object.<br/>
+          JKS requests a JKS-formatted binary trust bundle to be written to the target. The bundle is created with the hardcoded password "changeit".<br/>
         </td>
         <td>false</td>
       </tr></tbody>
@@ -520,7 +520,7 @@ AdditionalFormats specifies any additional formats to write to the target
 ### `Bundle.status.target.additionalFormats.jks`
 
 
-KeySelector is a reference to a key for some map data object.
+JKS requests a JKS-formatted binary trust bundle to be written to the target. The bundle is created with the hardcoded password "changeit".
 
 <table>
     <thead>
diff --git a/scripts/gendocs/generate-trust-manager b/scripts/gendocs/generate-trust-manager
index b7168bcc96..3d6a6d6dfb 100755
--- a/scripts/gendocs/generate-trust-manager
+++ b/scripts/gendocs/generate-trust-manager
@@ -59,6 +59,6 @@ gendocs() {
 echo "+++ Cloning trust-manager repository..."
 git clone "https://github.com/cert-manager/trust-manager.git" "$tmpdir"
 
-checkout "v0.5.0"
+checkout "v0.6.0"
 
 gendocs "$REPO_ROOT/content/docs/projects/trust-manager/api-reference.md"