From 50e5294c8a4094898294a326dafb67a434fb01ff Mon Sep 17 00:00:00 2001
From: Lenny Chen <55669665+lennessyy@users.noreply.github.com>
Date: Fri, 17 Nov 2023 10:48:10 -0800
Subject: [PATCH] docs: add k3s pack doc (#1792)

* started k3s pack document

* added parameter section

* add terraform section

* docs: add instructions on how to configure OIDC

* add OIDC configuration instructions

* add logo and spectro proxy reference

* tweak intro paragraph

* address vale comments

* added another parameter table for virtual clusters

* fix punctuation

* address some review comments and refactor

* Apply suggestions from code review

Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com>
Co-authored-by: Karl Cardenas <karl@spectrocloud.com>

* Update docs/docs-content/integrations/k3s.md

Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com>

* add Okta to accepted terms

* add clarification about palette as IDP

* clarify how to identify a user as a subject when creating role bindings with palette IDP

* modify configurations

* update terms

* add older versions

* Apply suggestions from code review

Co-authored-by: Karl Cardenas <karl@spectrocloud.com>
Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com>

* add review comments to other versions

---------

Co-authored-by: Lenny Chen <lenny.chen@spectrocloud.com>
Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com>
Co-authored-by: Karl Cardenas <karl@spectrocloud.com>
(cherry picked from commit 7fcadb15e33a4213b94bb72d59ef6c14c710245f)
---
 .../cluster-management/cluster-rbac.md        |   2 +-
 docs/docs-content/integrations/k3s.md         | 368 ++++++++++++++++++
 .../integrations/kubernetes-edge.md           |  19 +-
 vale/styles/Vocab/Internal/accept.txt         |   3 +-
 4 files changed, 380 insertions(+), 12 deletions(-)
 create mode 100644 docs/docs-content/integrations/k3s.md

diff --git a/docs/docs-content/clusters/cluster-management/cluster-rbac.md b/docs/docs-content/clusters/cluster-management/cluster-rbac.md
index 7e0b911f1c..10fbba1e93 100644
--- a/docs/docs-content/clusters/cluster-management/cluster-rbac.md
+++ b/docs/docs-content/clusters/cluster-management/cluster-rbac.md
@@ -147,7 +147,7 @@ Select the tab for your specific role scope to learn how to create the appropria
 3. Fill out the following details:
 
   * Role Name: Define a custom role name to identify the cluster role.
-  * Subjects: Subjects are a group of users, services, or teams using the Kubernetes API. 
+  * Subjects: Subjects are a group of users, services, or teams using the Kubernetes API. If you are using Palette as your IDP, you can use the Palette user's registration email address to identify the user.
   * Subject Name: Custom name to identify a subject.
 
 
diff --git a/docs/docs-content/integrations/k3s.md b/docs/docs-content/integrations/k3s.md
new file mode 100644
index 0000000000..83303254eb
--- /dev/null
+++ b/docs/docs-content/integrations/k3s.md
@@ -0,0 +1,368 @@
+---
+sidebar_label: 'K3s'
+title: 'K3s'
+description: "Learn about the K3s pack in Palette Edge and how you can use it within your Kubernetes clusters."
+hide_table_of_contents: true
+type: "integration"
+category: ['kubernetes', 'amd64', 'fips']
+sidebar_class_name: "hide-from-sidebar"
+logoUrl: 'https://registry.spectrocloud.com/v1/edge-k3s/blobs/sha256:5b7f8a80330d6938056848905238efbbd085e2f0f86fd03d7be10ccdabf791c7?type=image/png'
+tags: ["packs", "kubernetes", "k3s", "edge"]
+---
+
+K3s is a lightweight distribution of Kubernetes that is specifically designed for resource-constrained environments and Internet of Things (IoT) applications. Unlike standard Kubernetes with multiple binaries for its various components, K3s is packaged as a single binary with a lightweight storage backend and minimal external dependencies. For more information about K3s, refer to [K3s documentation](https://docs.k3s.io/). 
+
+## Versions Supported
+
+<Tabs queryString="versions">
+<TabItem label="1.27.X" value="k3s_1.27">
+
+### Prerequisites
+
+- An edge device with AMD64(x86_64) processor architecture or a Palette Virtual Cluster. 
+- A minimum of 2 CPU cores and 1 GB memory. 
+
+### Parameters
+
+Since you can deploy both virtual clusters and Edge clusters using K3s, you have different configuration options depending on the cluster type.
+
+<Tabs queryString="cluster-types">
+
+<TabItem label="Edge" value="edge">
+
+|**Parameter**|**Description** |
+|-------------|----------------|
+| `cluster.config.cluster-cidr`| Specifies the CIDR range that can be used by pods in the cluster. | 
+| `cluster.config.service-cidr`| Specifies the CIDR range that can be used by services in the cluster.|
+| `kube-apiserver-arg`| This parameter contains extra arguments for the Kubernetes API server, such as enabling audit logging, enabling certain authorization modes, and setting profiling and secure-port.|
+|`kube-controller-manager-arg` | This parameter describes extra arguments for the Kubernetes Controller Manager, such as enabling certain feature gates and setting profiling. |
+| `kubelet-arg` |  This parameter contains extra arguments for Kubelet during node registration, such as setting feature gates, protecting kernel defaults, and disabling the read-only port. |
+| `pack.palette.config.oidc.identityProvider` | Dynamically enabled OpenID Connect (OIDC) Identity Provider (IDP) setting based on your UI selection when you add the K3s pack to your profile. This parameter appears in the YAML file after you make a selection. Refer to [Configure OIDC Identity Provider](#configure-custom-oidc). |
+
+You can add cloud-init stages, which allow you to customize your instances declaratively. The cloud-init stages are exposed by [Kairos](https://kairos.io/docs/architecture/cloud-init/), an open source project. For more information, check out the [Cloud Init Stages](../clusters/edge/edge-configuration/cloud-init.md) reference.
+</TabItem>
+
+<TabItem label="Palette Virtual Cluster" value="palette-virtual-cluster">
+
+Since you are setting up a virtual cluster inside another Kubernetes cluster, you can configure its pods and services differently than the host cluster. The default configuration file you get includes parameters that offer you a higher degree of customization. These configuration parameters are exposed in the cluster group settings page.  
+
+|**Parameter**|**Description** |
+|-------------|----------------|
+|`enableHA`| Determines whether the control plane is deployed in high availability mode. If you set this parameter to true, make sure to adjust the number of replicas and use an external datastore. |
+|`defaultImageRegistry` | Specifies the default registry from which images are pulled. The value of this parameter will be prepended to all deployed virtual cluster images. If an image has already been deployed as part of the virtual cluster, the deployed images within the virtual cluster will not be rewritten.|
+|`sync` | Specifies which Kubernetes resources are synced between the virtual and host clusters. |
+|`storage` | Specifies storage settings such as persistence and PVC size. By default, storage of the virtual cluster uses the same storage class as the host cluster, but you can also optionally specify a different storage class. |
+|`ingress` | Configures the ingress resource that allows you to access the virtual cluster. |
+</TabItem>
+</Tabs>
+
+
+### Usage
+
+K3s is available for Edge host deployments as well as virtual clusters that you can create from cluster groups. Refer to the [Create an Infrastructure Profile](../profiles/cluster-profiles/create-cluster-profiles/create-infrastructure-profile.md) guide and the [Create and Manage Cluster Groups](../clusters/cluster-groups/create-cluster-group.md) guide for more information. 
+
+:::info
+In order to use K3s as part of an Edge deployment, you need to go through the EdgeForge process and specify K3s as your intended Kubernetes distribution when you build your OS image. For more information, refer to the [EdgeForge Workflow](../clusters/edge/edgeforge-workflow/) guide. 
+:::
+
+#### Configure OIDC Identity Provider for Edge
+
+You can modify the configuration file to configure your Edge cluster to use an OpenID Connect (OIDC) Identity Provider (IDP) for authentication. 
+You can use a custom third-party IDP, such as Okta, or use Palette as your IDP. 
+
+When you add the K3s pack to a cluster profile, Palette displays the OIDC IDP options listed below:
+
+- **None**: This setting does not require OIDC configuration for the cluster. It displays in the YAML file as `noauth`. 
+
+- **Custom**: This is the default setting and does not require OIDC configuration. However, if desired, it allows you to specify a third-party OIDC provider by configuring OIDC statements in the YAML file as described in [Configure Custom OIDC](kubernetes-edge.md#configure-custom-oidc). This setting displays in the YAML file as `none`.
+
+- **Palette**: This setting makes Palette the IDP. Any user with a Palette account in the tenant and the proper permissions to view and access the project's resources is able to use kubectl CLI to access cluster. This setting displays in the YAML file as `palette`. When you select **Palette**, all you have to do to enable OIDC for your cluster is create role bindings to configure authorization. You do not need to provide extra parameters such as `oidc-issuer-url` as you need to when you configure a custom OIDC provider. 
+
+- **Inherit from Tenant**: This setting allows you to apply RBAC to multiple clusters and requires you to configure OpenID Connect (OIDC) in **Tenant Settings**. In Tenant Admin scope, navigate to **Tenant Settings** > **SSO**, choose **OIDC**, and provide your third-party IDP details. This setting displays in the YAML file as `tenant`. For more information, check out the [SSO Setup](../user-management/saml-sso/enable-saml.md) guide.
+
+All the options require you to map a set of users or groups to a Kubernetes RBAC role. To learn how to map a Kubernetes role to users and groups, refer to [Create Role Bindings](../clusters/cluster-management/cluster-rbac.md#create-role-bindings). 
+
+:::caution
+
+If your IDP uses Security Assertion Markup Language (SAML) authentication, then the **Inherit from Tenant** option will not work, and you will need to use the **Custom** option instead. This is because Kubernetes supports only OIDC authentication and not SAML authentication.
+
+:::
+
+To configure a custom OIDC IDP, choose **Custom** when adding the K3s pack to your profile, and then follow these steps:
+
+1. Add the following OIDC parameters to the `kube-apiserver-arg` section of your configuration file for your Kubernetes layer when creating a cluster profile.
+
+   ```yaml
+   cluster:
+    config: 
+       kube-apiserver-arg:
+        - oidc-issuer-url="provider URL"
+        - oidc-client-id="client-id"
+        - oidc-groups-claim="groups"
+        - oidc-username-claim="email"
+   ```
+2. Add the following `clientConfig` section that contains OIDC parameters to your Kubernetes YAML file and replace the placeholders with your third-party OIDC IDP details. The `clientConfig` section must be placed at the root level of the YAML file. 
+   ```yaml
+  clientConfig:
+    oidc-issuer-url: "<OIDC-ISSUER-URL>"
+    oidc-client-id: "<OIDC-CLIENT-ID>"
+    oidc-client-secret: "<OIDC-CLIENT-SECRET>"
+    oidc-extra-scope: profile,email,openid
+   ```
+
+After you have configured the IDP for authentication, you can proceed to create role bindings to configure authorization in your cluster. Refer to [Create Role Bindings](../clusters/cluster-management/cluster-rbac.md#create-role-bindings) for more guidance. 
+
+#### Configure OIDC Identity Provider for Palette Virtual Clusters
+
+If you are using K3s in a virtual cluster inside of a cluster group, you can also configure OIDC for your cluster. Refer to [Configure OIDC for a Virtual Cluster](../clusters/palette-virtual-clusters/configure-oidc-virtual-cluster.md) for more guidance.
+
+#### Add a Certificate for Reverse Proxy
+
+You can use a reverse proxy with a K3s Kubernetes cluster. The reverse proxy allows you to connect to the cluster API of a Palette-managed Kubernetes cluster in private networks or clusters configured with private API endpoints. For more information, refer to the [Spectro Proxy](frp.md) pack guide.
+
+</TabItem>
+
+<TabItem label="1.26.X" value="k3s_1.26">
+
+### Prerequisites
+
+- An edge device with AMD64(x86_64) processor architecture or a Palette Virtual Cluster. 
+- A minimum of 2 CPU cores and 1 GB memory. 
+
+### Parameters
+
+Since you can deploy both virtual clusters and Edge clusters using K3s, you have different configuration options depending on the cluster type.
+
+<Tabs queryString="cluster-types">
+
+<TabItem label="Edge" value="edge">
+
+|**Parameter**|**Description** |
+|-------------|----------------|
+| `cluster.config.cluster-cidr`| Specifies the CIDR range that can be used by pods in the cluster. | 
+| `cluster.config.service-cidr`| Specifies the CIDR range that can be used by services in the cluster.|
+| `kube-apiserver-arg`| This parameter contains extra arguments for the Kubernetes API server, such as enabling audit logging, enabling certain authorization modes, and setting profiling and secure-port.|
+|`kube-controller-manager-arg` | This parameter describes extra arguments for the Kubernetes Controller Manager, such as enabling certain feature gates and setting profiling. |
+| `kubelet-arg` |  This parameter contains extra arguments for Kubelet during node registration, such as setting feature gates, protecting kernel defaults, and disabling the read-only port. |
+| `pack.palette.config.oidc.identityProvider` | Dynamically enabled OpenID Connect (OIDC) Identity Provider (IDP) setting based on your UI selection when you add the K3s pack to your profile. This parameter appears in the YAML file after you make a selection. Refer to [Configure OIDC Identity Provider](#configure-custom-oidc). |
+
+You can add cloud-init stages, which allow you to customize your instances declaratively. The cloud-init stages are exposed by [Kairos](https://kairos.io/docs/architecture/cloud-init/), an open source project. For more information, check out the [Cloud Init Stages](../clusters/edge/edge-configuration/cloud-init.md) reference.
+</TabItem>
+
+<TabItem label="Palette Virtual Cluster" value="palette-virtual-cluster">
+
+Since you are setting up a virtual cluster inside another Kubernetes cluster, you can configure its pods and services differently than the host cluster. The default configuration file you get includes parameters that offer you a higher degree of customization. These configuration parameters are exposed in the cluster group settings page.
+
+|**Parameter**|**Description** |
+|-------------|----------------|
+|`enableHA`| Determines whether the control plane is deployed in high availability mode. If you set this parameter to true, make sure to adjust the number of replicas and use an external datastore. |
+|`defaultImageRegistry` | Specifies the default registry from which images are pulled. The value of this parameter will be prepended to all deployed virtual cluster images. If an image has already been deployed as part of the virtual cluster, the deployed images within the virtual cluster will not be rewritten.|
+|`sync` | Specifies which Kubernetes resources are synced between the virtual and host clusters. |
+|`storage` | Specifies storage settings such as persistence and PVC size. By default, storage of the virtual cluster uses the same storage class as the host cluster, but you can also optionally specify a different storage class. |
+|`ingress` | Configures the ingress resource that allows you to access the virtual cluster. |
+</TabItem>
+</Tabs>
+
+
+### Usage
+
+K3s is available for Edge host deployments as well as virtual clusters that you can create from cluster groups. Refer to the [Create an Infrastructure Profile](../profiles/cluster-profiles/create-cluster-profiles/create-infrastructure-profile.md) guide and the [Create and Manage Cluster Groups](../clusters/cluster-groups/create-cluster-group.md) guide for more information. 
+
+:::info
+In order to use K3s as part of an Edge deployment, you need to go through the EdgeForge process and specify K3s as your intended Kubernetes distribution when you build your OS image. For more information, refer to the [EdgeForge Workflow](../clusters/edge/edgeforge-workflow/) guide. 
+:::
+
+#### Configure OIDC Identity Provider for Edge
+
+You can modify the configuration file to configure your Edge cluster to use an OpenID Connect (OIDC) Identity Provider (IDP) for authentication. 
+You can use a custom third-party IDP, such as Okta, or use Palette as your IDP. 
+
+When you add the K3s pack to a cluster profile, Palette displays the OIDC IDP options listed below:
+
+- **None**: This setting does not require OIDC configuration for the cluster. It displays in the YAML file as `noauth`. 
+
+- **Custom**: This is the default setting and does not require OIDC configuration. However, if desired, it allows you to specify a third-party OIDC provider by configuring OIDC statements in the YAML file as described in [Configure Custom OIDC](kubernetes-edge.md#configure-custom-oidc). This setting displays in the YAML file as `none`.
+
+- **Palette**: This setting makes Palette the IDP. Any user with a Palette account in the tenant and the proper permissions to view and access the project's resources is able to use kubectl CLI to access cluster. This setting displays in the YAML file as `palette`. Selecting **Palette** in this setting and creating role bindings to configure authorization are all you need to do to enable OIDC for your cluster. You do not need to provide extra parameters such as `oidc-issuer-url` as you need to when you configure a custom OIDC provider. 
+
+- **Inherit from Tenant**: This setting allows you to apply RBAC to multiple clusters and requires you to configure OpenID Connect (OIDC) in **Tenant Settings**. In Tenant Admin scope, navigate to **Tenant Settings** > **SSO**, choose **OIDC**, and provide your third-party IDP details. This setting displays in the YAML file as `tenant`. For more information, check out the [SSO Setup](../user-management/saml-sso/enable-saml.md) guide.
+
+All the options require you to map a set of users or groups to a Kubernetes RBAC role. To learn how to map a Kubernetes role to users and groups, refer to [Create Role Bindings](../clusters/cluster-management/cluster-rbac.md#create-role-bindings). 
+
+:::caution
+
+If your IDP uses Security Assertion Markup Language (SAML) authentication, then the **Inherit from Tenant** option will not work, and you will need to use the **Custom** option instead. This is because Kubernetes supports only OIDC authentication and not SAML authentication.
+
+:::
+
+To configure a custom OIDC IDP, choose **Custom** when adding the K3s pack to your profile, and then follow these steps:
+
+1. Add the following OIDC parameters to the `kube-apiserver-arg` section of your configuration file for your Kubernetes layer when creating a cluster profile.
+
+   ```yaml
+   cluster:
+    config:  
+       kube-apiserver-arg:
+        - oidc-issuer-url="provider URL"
+        - oidc-client-id="client-id"
+        - oidc-groups-claim="groups"
+        - oidc-username-claim="email"
+   ```
+2. Add the following `clientConfig` section that contains OIDC parameters to your Kubernetes YAML file and replace the placeholders with your third-party OIDC IDP details. The `clientConfig` section must be placed at the root level of the YAML file. 
+   ```yaml
+  clientConfig:
+    oidc-issuer-url: "<OIDC-ISSUER-URL>"
+    oidc-client-id: "<OIDC-CLIENT-ID>"
+    oidc-client-secret: "<OIDC-CLIENT-SECRET>"
+    oidc-extra-scope: profile,email,openid
+   ```
+
+After you have configured the IDP for authentication, you can proceed to create role bindings to configure authorization in your cluster. Refer to [Create Role Bindings](../clusters/cluster-management/cluster-rbac.md#create-role-bindings) for more guidance. 
+
+#### Configure OIDC Identity Provider for Palette Virtual Clusters
+
+If you are using K3s in a virtual cluster inside of a cluster group, you can also configure OIDC for your cluster. Refer to [Configure OIDC for a Virtual Cluster](../clusters/palette-virtual-clusters/configure-oidc-virtual-cluster.md) for more guidance.
+
+#### Add a Certificate for Reverse Proxy
+
+You can use a reverse proxy with a K3s Kubernetes cluster. The reverse proxy allows you to connect to the cluster API of a Palette-managed Kubernetes cluster in private networks or clusters configured with private API endpoints. For more information, refer to the [Spectro Proxy](frp.md) pack guide.
+
+</TabItem>
+
+<TabItem label="1.25.X" value="k3s_1.25">
+
+### Prerequisites
+
+- An edge device with AMD64(x86_64) processor architecture or a virtual cluster. 
+- A minimum of 2 CPU cores and 1 GB memory. 
+
+### Parameters
+
+Since you can deploy both virtual clusters and Edge clusters using K3s, you have different configuration options depending on the cluster type.
+
+<Tabs queryString="cluster-types">
+
+<TabItem label="Edge" value="edge">
+
+|**Parameter**|**Description** |
+|-------------|----------------|
+| `cluster.config.cluster-cidr`| Specifies the CIDR range that can be used by pods in the cluster. | 
+| `cluster.config.service-cidr`| Specifies the CIDR range that can be used by services in the cluster.|
+| `kube-apiserver-arg`| This parameter contains extra arguments for the Kubernetes API server, such as enabling audit logging, enabling certain authorization modes, and setting profiling and secure-port.|
+|`kube-controller-manager-arg` | This parameter describes extra arguments for the Kubernetes Controller Manager, such as enabling certain feature gates and setting profiling. |
+| `kubelet-arg` |  This parameter contains extra arguments for Kubelet during node registration, such as setting feature gates, protecting kernel defaults, and disabling the read-only port. |
+| `pack.palette.config.oidc.identityProvider` | Dynamically enabled OpenID Connect (OIDC) Identity Provider (IDP) setting based on your UI selection when you add the K3s pack to your profile. This parameter appears in the YAML file after you make a selection. Refer to [Configure OIDC Identity Provider](#configure-custom-oidc). |
+
+You can add cloud-init stages, which allow you to customize your instances declaratively. The cloud-init stages are exposed by [Kairos](https://kairos.io/docs/architecture/cloud-init/), an open source project. For more information, check out the [Cloud Init Stages](../clusters/edge/edge-configuration/cloud-init.md) reference.
+</TabItem>
+
+<TabItem label="Palette Virtual Cluster" value="palette-virtual-cluster">
+
+Since you are setting up a virtual cluster inside another Kubernetes cluster, you can configure its pods and services differently than the host cluster. The default configuration file you get includes parameters that offer you a higher degree of customization. These configuration parameters are exposed in the cluster group settings page.
+
+|**Parameter**|**Description** |
+|-------------|----------------|
+|`enableHA`| Determines whether the control plane is deployed in high availability mode. If you set this parameter to true, make sure to adjust the number of replicas and use an external datastore. |
+|`defaultImageRegistry` | Specifies the default registry from which images are pulled. The value of this parameter will be prepended to all deployed virtual cluster images. If an image has already been deployed as part of the virtual cluster, the deployed images within the virtual cluster will not be rewritten.|
+|`sync` | Specifies which Kubernetes resources are synced between the virtual and host clusters. |
+|`storage` | Specifies storage settings such as persistence and PVC size. By default, storage of the virtual cluster uses the same storage class as the host cluster, but you can also optionally specify a different storage class. |
+|`ingress` | Configures the ingress resource that allows you to access the virtual cluster. |
+</TabItem>
+</Tabs>
+
+
+### Usage
+
+K3s is available for Edge host deployments as well as virtual clusters that you can create from cluster groups. Refer to the [Create an Infrastructure Profile](../profiles/cluster-profiles/create-cluster-profiles/create-infrastructure-profile.md) guide and the [Create and Manage Cluster Groups](../clusters/cluster-groups/create-cluster-group.md) guide for more information. 
+
+:::info
+In order to use K3s as part of an Edge deployment, you need to go through the EdgeForge process and specify K3s as your intended Kubernetes distribution when you build your OS image. For more information, refer to the [EdgeForge Workflow](../clusters/edge/edgeforge-workflow/) guide. 
+:::
+
+#### Configure OIDC Identity Provider for Edge
+
+You can modify the configuration file to configure your Edge cluster to use an OpenID Connect (OIDC) Identity Provider (IDP) for authentication. 
+You can use a custom third-party IDP, such as Okta, or use Palette as your IDP. 
+
+When you add the K3s pack to a cluster profile, Palette displays the OIDC IDP options listed below:
+
+- **None**: This setting does not require OIDC configuration for the cluster. It displays in the YAML file as `noauth`. 
+
+- **Custom**: This is the default setting and does not require OIDC configuration. However, if desired, it allows you to specify a third-party OIDC provider by configuring OIDC statements in the YAML file as described in [Configure Custom OIDC](kubernetes-edge.md#configure-custom-oidc). This setting displays in the YAML file as `none`.
+
+- **Palette**: This setting makes Palette the IDP. Any user with a Palette account in the tenant and the proper permissions to view and access the project's resources is able to use kubectl CLI to access cluster. This setting displays in the YAML file as `palette`. Selecting **Palette** in this setting and creating role bindings to configure authorization are all you need to do to enable OIDC for your cluster. You do not need to provide extra parameters such as `oidc-issuer-url` as you need to when you configure a custom OIDC provider. 
+
+- **Inherit from Tenant**: This setting allows you to apply RBAC to multiple clusters and requires you to configure OpenID Connect (OIDC) in **Tenant Settings**. In Tenant Admin scope, navigate to **Tenant Settings** > **SSO**, choose **OIDC**, and provide your third-party IDP details. This setting displays in the YAML file as `tenant`. For more information, check out the [SSO Setup](../user-management/saml-sso/enable-saml.md) guide.
+
+All the options require you to map a set of users or groups to a Kubernetes RBAC role. To learn how to map a Kubernetes role to users and groups, refer to [Create Role Bindings](../clusters/cluster-management/cluster-rbac.md#create-role-bindings). 
+
+:::caution
+
+If your IDP uses Security Assertion Markup Language (SAML) authentication, then the **Inherit from Tenant** option will not work, and you will need to use the **Custom** option instead. This is because Kubernetes supports only OIDC authentication and not SAML authentication.
+
+:::
+
+To configure a custom OIDC IDP, choose **Custom** when adding the K3s pack to your profile, and then follow these steps:
+
+1. Add the following OIDC parameters to the `kube-apiserver-arg` section of your configuration file for your Kubernetes layer when creating a cluster profile.
+
+   ```yaml
+   cluster:
+    config:  
+       kube-apiserver-arg:
+        - oidc-issuer-url="provider URL"
+        - oidc-client-id="client-id"
+        - oidc-groups-claim="groups"
+        - oidc-username-claim="email"
+   ```
+2. Add the following `clientConfig` section that contains OIDC parameters to your Kubernetes YAML file and replace the placeholders with your third-party OIDC IDP details. The `clientConfig` section must be placed at the root level of the YAML file. 
+   ```yaml
+  clientConfig:
+    oidc-issuer-url: "<OIDC-ISSUER-URL>"
+    oidc-client-id: "<OIDC-CLIENT-ID>"
+    oidc-client-secret: "<OIDC-CLIENT-SECRET>"
+    oidc-extra-scope: profile,email,openid
+   ```
+
+After you have configured the IDP for authentication, you can proceed to create role bindings to configure authorization in your cluster. Refer to [Create Role Bindings](../clusters/cluster-management/cluster-rbac.md#create-role-bindings) for more guidance. 
+
+#### Configure OIDC Identity Provider for Palette Virtual Clusters
+
+If you are using K3s in a virtual clusters inside of a cluster group, you can also configure OIDC for your cluster. Refer to [Configure OIDC for a Virtual Cluster](../clusters/palette-virtual-clusters/configure-oidc-virtual-cluster.md) for more guidance.
+
+#### Add a Certificate for Reverse Proxy
+
+You can use a reverse proxy with a K3s Kubernetes cluster. The reverse proxy allows you to connect to the cluster API of a Palette-managed Kubernetes cluster in private networks or clusters configured with private API endpoints. For more information, refer to the [Spectro Proxy](frp.md) pack guide.
+
+</TabItem>
+
+<TabItem label="Deprecated" value="deprecated">
+
+:::caution
+All versions less than v1.25.x are considered deprecated. Upgrade to a newer version to take advantage of new features.
+:::
+
+</TabItem>
+
+</Tabs>
+
+### Terraform
+
+You can retrieve details about the K3s pack by using the following Terraform code.
+
+```hcl
+data "spectrocloud_registry" "public_registry" {
+  name = "Public Repo"
+}
+
+data "spectrocloud_pack_simple" "k8s" {
+  name    = "edge-k3s"
+  version = "1.27.5"
+  type = "helm"
+  registry_uid = data.spectrocloud_registry.public_registry.id
+}
+```
+
+
+
+
diff --git a/docs/docs-content/integrations/kubernetes-edge.md b/docs/docs-content/integrations/kubernetes-edge.md
index 5ea0fdfa74..063e808812 100644
--- a/docs/docs-content/integrations/kubernetes-edge.md
+++ b/docs/docs-content/integrations/kubernetes-edge.md
@@ -71,7 +71,7 @@ You can also use pack settings described in the [Palette eXtended Kubernetes](ku
 
 ## Usage 
   
-The Kubeadm configuration file is where you can do the following:
+The Kubernetes configuration file is where you can do the following:
 
 - Manually configure a third-party OIDC IDP. For more information, check out [Configure Custom OIDC](kubernetes-edge.md#configure-custom-oidc).
 
@@ -91,7 +91,7 @@ pack:
 ```
 
 
-#### Example Kubeadm Configuration File 
+#### Example Kubernetes Configuration File 
 
 ```yaml
 cluster:
@@ -373,7 +373,7 @@ Follow these steps to configure a third-party OIDC IDP.
 
 ```yaml
 cluster:
-  config:
+  config: |
     clusterConfiguration:
       apiServer:
         extraArgs:
@@ -383,16 +383,15 @@ cluster:
           oidc-username-claim: "email"
 ```
  
-2. Add the following `kubeadmconfig.clientConfig` section that contains OIDC parameters to your Kubernetes YAML file. 
+2. Add the following `clientConfig` section that contains OIDC parameters to your Kubernetes configuration file. 
 
 
 ```yaml
-kubeadmconfig:
-  clientConfig:
-    oidc-issuer-url: "<OIDC-ISSUER-URL>"
-    oidc-client-id: "<OIDC-CLIENT-ID>"
-    oidc-client-secret: "<OIDC-CLIENT-SECRET>"
-    oidc-extra-scope: profile,email,openid
+clientConfig:
+  oidc-issuer-url: "<OIDC-ISSUER-URL>"
+  oidc-client-id: "<OIDC-CLIENT-ID>"
+  oidc-client-secret: "<OIDC-CLIENT-SECRET>"
+  oidc-extra-scope: profile,email,openid
 ```
 
 3. Provide third-party OIDC IDP details.
diff --git a/vale/styles/Vocab/Internal/accept.txt b/vale/styles/Vocab/Internal/accept.txt
index 6260291f4c..b5245e8e64 100644
--- a/vale/styles/Vocab/Internal/accept.txt
+++ b/vale/styles/Vocab/Internal/accept.txt
@@ -159,4 +159,5 @@ Astra Trident
 Astra
 FSx
 liveness
-Autosupport
\ No newline at end of file
+Autosupport
+Okta
\ No newline at end of file