From ae921a6fd8e11f904f8378107b239cf809a7eb0b Mon Sep 17 00:00:00 2001
From: otterizebot <otterizebot@users.noreply.github.com>
Date: Tue, 25 Jun 2024 12:48:35 +0000
Subject: [PATCH] deploy: a156808b2878506180d4b9bf2a7f5b45e6806c59

---
 404.html                                                  | 4 ++--
 assets/js/87583c6c.6d8524a7.js                            | 1 +
 assets/js/87583c6c.d4b5f4ad.js                            | 1 -
 ...{runtime~main.a1c4a5b4.js => runtime~main.3f3f1c5f.js} | 2 +-
 faq.html                                                  | 4 ++--
 features.html                                             | 4 ++--
 features/aws-iam.html                                     | 4 ++--
 features/aws-iam/reference.html                           | 4 ++--
 features/aws-iam/tutorials/aws-iam-eks.html               | 4 ++--
 features/aws-iam/tutorials/aws-visibility.html            | 4 ++--
 features/azure-iam.html                                   | 4 ++--
 features/azure-iam/reference.html                         | 4 ++--
 features/azure-iam/tutorials/azure-iam-aks.html           | 4 ++--
 features/gcp-iam.html                                     | 4 ++--
 features/gcp-iam/reference.html                           | 4 ++--
 features/gcp-iam/tutorials/gcp-iam-gke.html               | 4 ++--
 features/github.html                                      | 4 ++--
 features/github/reference.html                            | 4 ++--
 features/github/tutorials/automated-pull-requests.html    | 4 ++--
 features/gitlab.html                                      | 4 ++--
 features/gitlab/reference.html                            | 4 ++--
 features/gitlab/tutorials/automated-merge-requests.html   | 4 ++--
 features/istio.html                                       | 4 ++--
 features/istio/reference.html                             | 4 ++--
 .../istio/tutorials/k8s-istio-authorization-policies.html | 4 ++--
 features/istio/tutorials/k8s-istio-watcher.html           | 4 ++--
 features/kafka.html                                       | 4 ++--
 features/kafka/reference.html                             | 4 ++--
 features/kafka/tutorials/k8s-kafka-mapping.html           | 4 ++--
 features/kafka/tutorials/k8s-kafka-mtls-cert-manager.html | 4 ++--
 features/kafka/tutorials/k8s-kafka-mtls.html              | 4 ++--
 features/mysql.html                                       | 4 ++--
 features/mysql/reference.html                             | 4 ++--
 features/mysql/tutorials/mysql.html                       | 4 ++--
 features/network-mapping-network-policies.html            | 4 ++--
 features/network-mapping-network-policies/reference.html  | 4 ++--
 .../reference/Network-Policies-Deep-Dive.html             | 4 ++--
 .../tutorials/aws-eks-cni-mini.html                       | 4 ++--
 .../tutorials/k8s-egress-access-control-tutorial.html     | 4 ++--
 .../tutorials/k8s-network-mapper.html                     | 4 ++--
 .../tutorials/k8s-network-policies.html                   | 4 ++--
 .../tutorials/protect-1-service-network-policies.html     | 4 ++--
 features/postgresql.html                                  | 4 ++--
 features/postgresql/reference.html                        | 4 ++--
 features/postgresql/tutorials/postgres-mapping.html       | 4 ++--
 features/postgresql/tutorials/postgres.html               | 4 ++--
 index.html                                                | 4 ++--
 overview.html                                             | 4 ++--
 overview/installation.html                                | 4 ++--
 overview/intent-based-access-control.html                 | 4 ++--
 overview/otterize-cloud.html                              | 4 ++--
 overview/otterize-oss.html                                | 4 ++--
 overview/otterize-oss/error-telemetry.html                | 4 ++--
 overview/otterize-oss/usage-telemetry.html                | 4 ++--
 reference/IBAC-Overview.html                              | 4 ++--
 reference/api.html                                        | 4 ++--
 reference/cli.html                                        | 4 ++--
 reference/configuration/credentials-operator.html         | 8 ++++----
 .../configuration/credentials-operator/helm-chart.html    | 4 ++--
 reference/configuration/intents-operator.html             | 4 ++--
 .../configuration/intents-operator/configuration.html     | 4 ++--
 reference/configuration/intents-operator/helm-chart.html  | 4 ++--
 reference/configuration/network-mapper.html               | 4 ++--
 reference/configuration/network-mapper/helm-chart.html    | 4 ++--
 reference/configuration/network-mapper/kafka-watcher.html | 4 ++--
 reference/configuration/otterize-chart.html               | 4 ++--
 reference/mtls.html                                       | 4 ++--
 reference/service-identities.html                         | 4 ++--
 reference/shadow-vs-active-enforcement.html               | 4 ++--
 reference/terminology.html                                | 4 ++--
 reference/troubleshooting.html                            | 4 ++--
 reference/validating-clientintents.html                   | 4 ++--
 search.html                                               | 4 ++--
 security.html                                             | 4 ++--
 74 files changed, 146 insertions(+), 146 deletions(-)
 create mode 100644 assets/js/87583c6c.6d8524a7.js
 delete mode 100644 assets/js/87583c6c.d4b5f4ad.js
 rename assets/js/{runtime~main.a1c4a5b4.js => runtime~main.3f3f1c5f.js} (99%)

diff --git a/404.html b/404.html
index 23b079fd9..45d0169d7 100644
--- a/404.html
+++ b/404.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -154,7 +154,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/assets/js/87583c6c.6d8524a7.js b/assets/js/87583c6c.6d8524a7.js
new file mode 100644
index 000000000..63504f90c
--- /dev/null
+++ b/assets/js/87583c6c.6d8524a7.js
@@ -0,0 +1 @@
+"use strict";(self.webpackChunkdocs=self.webpackChunkdocs||[]).push([[1836],{5680:(e,t,r)=>{r.d(t,{xA:()=>d,yg:()=>h});var a=r(6540);function n(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function i(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,a)}return r}function o(e){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{};t%2?i(Object(r),!0).forEach((function(t){n(e,t,r[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):i(Object(r)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(r,t))}))}return e}function s(e,t){if(null==e)return{};var r,a,n=function(e,t){if(null==e)return{};var r,a,n={},i=Object.keys(e);for(a=0;a<i.length;a++)r=i[a],t.indexOf(r)>=0||(n[r]=e[r]);return n}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a<i.length;a++)r=i[a],t.indexOf(r)>=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(n[r]=e[r])}return n}var l=a.createContext({}),p=function(e){var t=a.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},d=function(e){var t=p(e.components);return a.createElement(l.Provider,{value:t},e.children)},c="mdxType",g={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var r=e.components,n=e.mdxType,i=e.originalType,l=e.parentName,d=s(e,["components","mdxType","originalType","parentName"]),c=p(r),m=n,h=c["".concat(l,".").concat(m)]||c[m]||g[m]||i;return r?a.createElement(h,o(o({ref:t},d),{},{components:r})):a.createElement(h,o({ref:t},d))}));function h(e,t){var r=arguments,n=t&&t.mdxType;if("string"==typeof e||n){var i=r.length,o=new Array(i);o[0]=m;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s[c]="string"==typeof e?e:n,o[1]=s;for(var p=2;p<i;p++)o[p]=r[p];return a.createElement.apply(null,o)}return a.createElement.apply(null,r)}m.displayName="MDXCreateElement"},9074:(e,t,r)=>{r.r(t),r.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>g,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=r(8168),n=(r(6540),r(5680));const i={sidebar_position:3,title:"Credentials operator"},o=void 0,s={unversionedId:"reference/configuration/credentials-operator/README",id:"reference/configuration/credentials-operator/README",title:"Credentials operator",description:"The credentials operator provisions just-in-time credentials for workloads running on Kubernetes. These credentials come in the form of Kubernetes Secrets (mTLS certificates, database username + passwords), or AWS IAM roles.",source:"@site/docs/reference/configuration/credentials-operator/README.mdx",sourceDirName:"reference/configuration/credentials-operator",slug:"/reference/configuration/credentials-operator/",permalink:"/reference/configuration/credentials-operator/",draft:!1,editUrl:"https://github.com/otterize/docs/edit/main/docs/reference/configuration/credentials-operator/README.mdx",tags:[],version:"current",sidebarPosition:3,frontMatter:{sidebar_position:3,title:"Credentials operator"},sidebar:"docSidebar",previous:{title:"Configuring Kafka brokers",permalink:"/reference/configuration/intents-operator/configuration"},next:{title:"Helm chart",permalink:"/reference/configuration/credentials-operator/helm-chart"}},l={},p=[{value:"Deploying the credentials operator",id:"deploying-the-credentials-operator",level:2},{value:"Provisioning AWS IAM roles using the credentials operator",id:"provisioning-aws-iam-roles-using-the-credentials-operator",level:2},{value:"Provisioning mTLS certificates using the credentials operator",id:"provisioning-mtls-certificates-using-the-credentials-operator",level:2},{value:"Provisioning database username + password using the credentials operator",id:"provisioning-database-username--password-using-the-credentials-operator",level:2},{value:"How does the credentials operator provision certificates?",id:"how-does-the-credentials-operator-provision-certificates",level:3},{value:"Step 1: SPIRE entry registration",id:"step-1-spire-entry-registration",level:4},{value:"Step 2: Certificate generation",id:"step-2-certificate-generation",level:4},{value:"cert-manager",id:"cert-manager",level:5},{value:"Otterize Cloud",id:"otterize-cloud",level:5},{value:"SPIRE",id:"spire",level:5},{value:"SPIRE workload registrar",id:"spire-workload-registrar",level:2},{value:"Pod annotations",id:"pod-annotations",level:2}],d={toc:p},c="wrapper";function g(e){let{components:t,...r}=e;return(0,n.yg)(c,(0,a.A)({},d,r,{components:t,mdxType:"MDXLayout"}),(0,n.yg)("p",null,"The credentials operator provisions just-in-time credentials for workloads running on Kubernetes. These credentials come in the form of Kubernetes Secrets (mTLS certificates, database username + passwords), or AWS IAM roles."),(0,n.yg)("h2",{id:"deploying-the-credentials-operator"},"Deploying the credentials operator"),(0,n.yg)("p",null,"To deploy the operator, ",(0,n.yg)("a",{parentName:"p",href:"/reference/configuration/credentials-operator/helm-chart"},"use the Helm chart"),"."),(0,n.yg)("p",null,"To deploy with Otterize Cloud as the certificate provider, we recommend you ",(0,n.yg)("a",{parentName:"p",href:"https://app.otterize.com/"},"follow the instructions in Otterize Cloud"),".\nTo deploy with cert-manager as the certificate provider, you must also ",(0,n.yg)("a",{parentName:"p",href:"/reference/configuration/credentials-operator/helm-chart#cert-manager-parameters"},"configure the Issuer name and whether it should look for a ClusterIssuer or an Issuer (namespace-scoped)"),"."),(0,n.yg)("h2",{id:"provisioning-aws-iam-roles-using-the-credentials-operator"},"Provisioning AWS IAM roles using the credentials operator"),(0,n.yg)("p",null,"The credentials operator is controlled using annotations placed on pods. To have it provision an AWS IAM role, you must specify the pod annotation ",(0,n.yg)("inlineCode",{parentName:"p"},"credentials-operator.otterize.com/create-aws-role"),", with the value being ",(0,n.yg)("inlineCode",{parentName:"p"},"true"),". Once you do so, the credentials operator will provision an AWS IAM role, and automatically bind it with the Kubernetes ServiceAccount of the pod by setting the EKS role ARN annotation on the ServiceAccount and the appropriate Trust Relationship on the AWS IAM role."),(0,n.yg)("h2",{id:"provisioning-mtls-certificates-using-the-credentials-operator"},"Provisioning mTLS certificates using the credentials operator"),(0,n.yg)("p",null,"The credentials operator is controlled using annotations placed on pods. To have it provision certificates and place them in Secrets, you must specify the pod annotation ",(0,n.yg)("inlineCode",{parentName:"p"},"credentials-operator.otterize.com/tls-secret-name"),", with the value being the name of the secret. Once you do so, the credentials operator will provision a certificate for the pod, using Otterize Cloud, cert-manager or SPIRE, depending how you've deployed it."),(0,n.yg)("h2",{id:"provisioning-database-username--password-using-the-credentials-operator"},"Provisioning database username + password using the credentials operator"),(0,n.yg)("p",null,"The credentials operator is controlled using annotations placed on pods. To have it provision database username + password and place them in Secrets, you must specify the pod annotation ",(0,n.yg)("inlineCode",{parentName:"p"},"credentials-operator.otterize.com/user-password-secret-name"),", with the value being the name of the secret. Once you do so, the credentials operator will provision a username and password for the pod."),(0,n.yg)("p",null,"Secrets are automatically rotated (defaults to every 8 hours). This value can be controlled using the ",(0,n.yg)("inlineCode",{parentName:"p"},"databaseSecretRotationInterval")," key in the credentials operator ",(0,n.yg)("inlineCode",{parentName:"p"},"values.yaml"),"."),(0,n.yg)("p",null,"If you want pods to be restarted automatically after secret rotation, set the annotation ",(0,n.yg)("inlineCode",{parentName:"p"},"credentials-operator.otterize.com/restart-on-secret-rotation")," on the pod (no matter the value)."),(0,n.yg)("h3",{id:"how-does-the-credentials-operator-provision-certificates"},"How does the credentials operator provision certificates?"),(0,n.yg)("p",null,"The credentials operator performs two steps in order to issue certificates."),(0,n.yg)("h4",{id:"step-1-spire-entry-registration"},"Step 1: SPIRE entry registration"),(0,n.yg)("p",null,"This step only happens if the operator is configured to use SPIRE for certificate generation. Once the operator ",(0,n.yg)("a",{parentName:"p",href:"#service-name-resolution-and-automatic-pod-labeling"},"resolves the service name")," for a pod, it labels the pod so that SPIRE can find it, and registers an entry with the SPIRE server for that label."),(0,n.yg)("h4",{id:"step-2-certificate-generation"},"Step 2: Certificate generation"),(0,n.yg)("p",null,"The operator consults the annotation ",(0,n.yg)("inlineCode",{parentName:"p"},"credentials-operator.otterize.com/tls-secret-name"),". If that annotation exists, the operator creates a secret named after the value of the label. That secret contains X.509 credentials within, provided by cert-manager, Otterize Cloud or SPIRE, depending on how the credentials operator is configured."),(0,n.yg)("h5",{id:"cert-manager"},"cert-manager"),(0,n.yg)("p",null,"The operator creates a cert-manager ",(0,n.yg)("a",{parentName:"p",href:"https://cert-manager.io/docs/usage/certificate/"},(0,n.yg)("inlineCode",{parentName:"a"},"Certificate"))," resource, which will create a Kubernetes Secret with the name specified by the value of the annotation ",(0,n.yg)("inlineCode",{parentName:"p"},"credentials-operator.otterize.com/tls-secret-name"),". The common name and DNS names in the certificate are values that represent the identity of the service, as resolved by the ",(0,n.yg)("a",{parentName:"p",href:"#3-service-name-resolution-and-automatic-pod-labeling"},"service identity resolution algorithm"),", i.e. ",(0,n.yg)("inlineCode",{parentName:"p"},"servicename.namespace"),"."),(0,n.yg)("p",null,"The operator will use a ",(0,n.yg)("a",{parentName:"p",href:"https://cert-manager.io/docs/concepts/issuer/"},(0,n.yg)("inlineCode",{parentName:"a"},"ClusterIssuer"))," or an ",(0,n.yg)("a",{parentName:"p",href:"https://cert-manager.io/docs/concepts/issuer/"},(0,n.yg)("inlineCode",{parentName:"a"},"Issuer"))," to create the Certificate resource, which it expects to find in the same namespace as the ",(0,n.yg)("inlineCode",{parentName:"p"},"Pod")," with the annotation. The ",(0,n.yg)("inlineCode",{parentName:"p"},"Issuer")," is configured at deploy time, using the ",(0,n.yg)("a",{parentName:"p",href:"/reference/configuration/credentials-operator/helm-chart"},"Helm chart"),"."),(0,n.yg)("p",null,"In the event that the default approver controller in ",(0,n.yg)("inlineCode",{parentName:"p"},"cert-manager")," is ",(0,n.yg)("a",{parentName:"p",href:"https://cert-manager.io/docs/concepts/certificaterequest/#approver-controller"},"disabled"),", the credentials operator can auto-approve its own ",(0,n.yg)("a",{parentName:"p",href:"https://cert-manager.io/docs/concepts/certificaterequest/"},(0,n.yg)("inlineCode",{parentName:"a"},"CertificateRequests")),". Enable this capability by ",(0,n.yg)("a",{parentName:"p",href:"/reference/configuration/credentials-operator/helm-chart#cert-manager-parameters"},"configuring the Helm chart ",(0,n.yg)("inlineCode",{parentName:"a"},"autoApprove")," flag"),"."),(0,n.yg)("h5",{id:"otterize-cloud"},"Otterize Cloud"),(0,n.yg)("p",null,"The operator requests certificates from Otterize Cloud, which internally manages them in Hashicorp Vault. The certificates are then placed within a Kubernetes Secret named with the value of the annotation ",(0,n.yg)("inlineCode",{parentName:"p"},"credentials-operator.otterize.com/tls-secret-name"),"."),(0,n.yg)("h5",{id:"spire"},"SPIRE"),(0,n.yg)("p",null,"Once the operator has registered the pod with SPIRE, which happens automatically for a pod that has the ",(0,n.yg)("inlineCode",{parentName:"p"},"credentials-operator.otterize.com/tls-secret-name")," annotation upon pod startup. The credentials operator then acquires the SVID and certificates for the CA chain and places them within a Kubernetes Secret. The SVID and DNS names in the certificate is the identity of the service, as resolved by the ",(0,n.yg)("a",{parentName:"p",href:"#3-service-name-resolution-and-automatic-pod-labeling"},"service identity resolution algorithm"),", i.e. ",(0,n.yg)("inlineCode",{parentName:"p"},"servicename.namespace"),"."),(0,n.yg)("h2",{id:"spire-workload-registrar"},"SPIRE workload registrar"),(0,n.yg)("p",null,"When deployed with a SPIRE server, the operator registers every pod with the SPIRE server (even those without annotations).\nAlongside the credentials operator, you could use SPIRE agents and the SPIRE SDK to work with the same SPIRE server.\nTo learn more, check out the documentation for ",(0,n.yg)("a",{parentName:"p",href:"https://spiffe.io/docs/latest/spire-about/spire-concepts/"},"SPIRE"),". Note that to use the credentials operator, you do not need to work directly with SPIRE or SPIRE agents, and can do everything completely using annotations and Kubernetes Secrets."),(0,n.yg)("h2",{id:"pod-annotations"},"Pod annotations"),(0,n.yg)("table",null,(0,n.yg)("thead",{parentName:"table"},(0,n.yg)("tr",{parentName:"thead"},(0,n.yg)("th",{parentName:"tr",align:null},"Annotation"),(0,n.yg)("th",{parentName:"tr",align:null},"Description"),(0,n.yg)("th",{parentName:"tr",align:null},"Default"))),(0,n.yg)("tbody",{parentName:"table"},(0,n.yg)("tr",{parentName:"tbody"},(0,n.yg)("td",{parentName:"tr",align:null},(0,n.yg)("inlineCode",{parentName:"td"},"credentials-operator.otterize.com/tls-secret-name")),(0,n.yg)("td",{parentName:"tr",align:null},"If set, the operator will create a secret with this name with mTLS credentials for this pod."),(0,n.yg)("td",{parentName:"tr",align:null},"N/A")),(0,n.yg)("tr",{parentName:"tbody"},(0,n.yg)("td",{parentName:"tr",align:null},(0,n.yg)("inlineCode",{parentName:"td"},"credentials-operator.otterize.com/dns-names")),(0,n.yg)("td",{parentName:"tr",align:null},"If set, overrides the list of subject alternative names in the certificate. Should include the hostname of Kubernetes services that will be used to access this pod."),(0,n.yg)("td",{parentName:"tr",align:null},"N/A")),(0,n.yg)("tr",{parentName:"tbody"},(0,n.yg)("td",{parentName:"tr",align:null},(0,n.yg)("inlineCode",{parentName:"td"},"credentials-operator.otterize.com/cert-ttl")),(0,n.yg)("td",{parentName:"tr",align:null},"Override for the expiration time for the certificate in seconds."),(0,n.yg)("td",{parentName:"tr",align:null},"If deployed with the bundled SPIRE server, 1 day (86400).")),(0,n.yg)("tr",{parentName:"tbody"},(0,n.yg)("td",{parentName:"tr",align:null},(0,n.yg)("inlineCode",{parentName:"td"},"credentials-operator.otterize.com/cert-type")),(0,n.yg)("td",{parentName:"tr",align:null},"Type of the credential bundle - ",(0,n.yg)("inlineCode",{parentName:"td"},"pem")," or ",(0,n.yg)("inlineCode",{parentName:"td"},"jks"),"."),(0,n.yg)("td",{parentName:"tr",align:null},(0,n.yg)("inlineCode",{parentName:"td"},"pem"))),(0,n.yg)("tr",{parentName:"tbody"},(0,n.yg)("td",{parentName:"tr",align:null},(0,n.yg)("inlineCode",{parentName:"td"},"credentials-operator.otterize.com/cert-file-name")),(0,n.yg)("td",{parentName:"tr",align:null},"Certificate key name in the secret. When mounted, this is the filename for the certificate (when using SPIRE it's the SVID file). Only used when cert-type is ",(0,n.yg)("inlineCode",{parentName:"td"},"pem"),".  Not supported when ",(0,n.yg)("inlineCode",{parentName:"td"},"certificateProvider")," is ",(0,n.yg)("inlineCode",{parentName:"td"},"cert-manager"),"."),(0,n.yg)("td",{parentName:"tr",align:null},(0,n.yg)("inlineCode",{parentName:"td"},"cert.pem"))),(0,n.yg)("tr",{parentName:"tbody"},(0,n.yg)("td",{parentName:"tr",align:null},(0,n.yg)("inlineCode",{parentName:"td"},"credentials-operator.otterize.com/ca-file-name")),(0,n.yg)("td",{parentName:"tr",align:null},"Bundle (certificate chain bundle) key name in the secret. When mounted, this is the filename for the certificate chain. Only used when cert-type is ",(0,n.yg)("inlineCode",{parentName:"td"},"pem"),". Not supported when ",(0,n.yg)("inlineCode",{parentName:"td"},"certificateProvider")," is ",(0,n.yg)("inlineCode",{parentName:"td"},"cert-manager"),"."),(0,n.yg)("td",{parentName:"tr",align:null},(0,n.yg)("inlineCode",{parentName:"td"},"ca.pem"))),(0,n.yg)("tr",{parentName:"tbody"},(0,n.yg)("td",{parentName:"tr",align:null},(0,n.yg)("inlineCode",{parentName:"td"},"credentials-operator.otterize.com/key-file-name")),(0,n.yg)("td",{parentName:"tr",align:null},"Private key key name in the secret. When mounted, this is the filename for the private key. Only used when cert-type is ",(0,n.yg)("inlineCode",{parentName:"td"},"pem"),". Not supported when ",(0,n.yg)("inlineCode",{parentName:"td"},"certificateProvider")," is ",(0,n.yg)("inlineCode",{parentName:"td"},"cert-manager"),"."),(0,n.yg)("td",{parentName:"tr",align:null},(0,n.yg)("inlineCode",{parentName:"td"},"key.pem"))),(0,n.yg)("tr",{parentName:"tbody"},(0,n.yg)("td",{parentName:"tr",align:null},(0,n.yg)("inlineCode",{parentName:"td"},"credentials-operator.otterize.com/keystore-file-name")),(0,n.yg)("td",{parentName:"tr",align:null},"Keystore key name in the secret. When mounted, this is the filename for the keystore. Only used when cert-type is ",(0,n.yg)("inlineCode",{parentName:"td"},"jks"),". Not supported when ",(0,n.yg)("inlineCode",{parentName:"td"},"certificateProvider")," is ",(0,n.yg)("inlineCode",{parentName:"td"},"cert-manager"),"."),(0,n.yg)("td",{parentName:"tr",align:null},(0,n.yg)("inlineCode",{parentName:"td"},"keystore.jks"))),(0,n.yg)("tr",{parentName:"tbody"},(0,n.yg)("td",{parentName:"tr",align:null},(0,n.yg)("inlineCode",{parentName:"td"},"credentials-operator.otterize.com/truststore-file-name")),(0,n.yg)("td",{parentName:"tr",align:null},"Truststore key name in the secret. When mounted, this is the filename for the truststore. Only used when cert-type is ",(0,n.yg)("inlineCode",{parentName:"td"},"jks"),". Not supported when ",(0,n.yg)("inlineCode",{parentName:"td"},"certificateProvider")," is ",(0,n.yg)("inlineCode",{parentName:"td"},"cert-manager"),"."),(0,n.yg)("td",{parentName:"tr",align:null},(0,n.yg)("inlineCode",{parentName:"td"},"truststore.jks"))),(0,n.yg)("tr",{parentName:"tbody"},(0,n.yg)("td",{parentName:"tr",align:null},(0,n.yg)("inlineCode",{parentName:"td"},"credentials-operator.otterize.com/jks-password")),(0,n.yg)("td",{parentName:"tr",align:null},"Password for the JKS truststore and keystore. Only used when cert-type is ",(0,n.yg)("inlineCode",{parentName:"td"},"jks"),"."),(0,n.yg)("td",{parentName:"tr",align:null},(0,n.yg)("inlineCode",{parentName:"td"},"password"))),(0,n.yg)("tr",{parentName:"tbody"},(0,n.yg)("td",{parentName:"tr",align:null},(0,n.yg)("inlineCode",{parentName:"td"},"credentials-operator.otterize.com/restart-pod-on-certificate-renewal")),(0,n.yg)("td",{parentName:"tr",align:null},"A pod with this annotation (no matter the value) will be restarted after certificate renewal, along with any replicas. Should be ideally set through the pod owner's ",(0,n.yg)("inlineCode",{parentName:"td"},"template")," spec so it will persist between restarts."),(0,n.yg)("td",{parentName:"tr",align:null},"N/A")),(0,n.yg)("tr",{parentName:"tbody"},(0,n.yg)("td",{parentName:"tr",align:null},(0,n.yg)("inlineCode",{parentName:"td"},"credentials-operator.otterize.com/user-password-secret-name")),(0,n.yg)("td",{parentName:"tr",align:null},"If set, the operator will create a secret with this name containing user-password credentials for this pod."),(0,n.yg)("td",{parentName:"tr",align:null},"N/A")),(0,n.yg)("tr",{parentName:"tbody"},(0,n.yg)("td",{parentName:"tr",align:null},(0,n.yg)("inlineCode",{parentName:"td"},"credentials-operator.otterize.com/restart-on-secret-rotation")),(0,n.yg)("td",{parentName:"tr",align:null},"A pod with this annotation (no matter the value) will be restarted after user-password secret rotation, along with any replicas. Should be ideally set through the pod owner's ",(0,n.yg)("inlineCode",{parentName:"td"},"template")," spec so it will persist between restarts."),(0,n.yg)("td",{parentName:"tr",align:null})),(0,n.yg)("tr",{parentName:"tbody"},(0,n.yg)("td",{parentName:"tr",align:null},(0,n.yg)("inlineCode",{parentName:"td"},"intents.otterize.com/service-name")),(0,n.yg)("td",{parentName:"tr",align:null},"Used for ",(0,n.yg)("a",{parentName:"td",href:"/reference/service-identities#kubernetes-service-identity-resolution"},"service identity resolution"),"."),(0,n.yg)("td",{parentName:"tr",align:null})))))}g.isMDXComponent=!0}}]);
\ No newline at end of file
diff --git a/assets/js/87583c6c.d4b5f4ad.js b/assets/js/87583c6c.d4b5f4ad.js
deleted file mode 100644
index f43b16489..000000000
--- a/assets/js/87583c6c.d4b5f4ad.js
+++ /dev/null
@@ -1 +0,0 @@
-"use strict";(self.webpackChunkdocs=self.webpackChunkdocs||[]).push([[1836],{5680:(e,t,r)=>{r.d(t,{xA:()=>d,yg:()=>h});var n=r(6540);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function i(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{};t%2?i(Object(r),!0).forEach((function(t){a(e,t,r[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):i(Object(r)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(r,t))}))}return e}function s(e,t){if(null==e)return{};var r,n,a=function(e,t){if(null==e)return{};var r,n,a={},i=Object.keys(e);for(n=0;n<i.length;n++)r=i[n],t.indexOf(r)>=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n<i.length;n++)r=i[n],t.indexOf(r)>=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var l=n.createContext({}),p=function(e){var t=n.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},d=function(e){var t=p(e.components);return n.createElement(l.Provider,{value:t},e.children)},c="mdxType",g={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,i=e.originalType,l=e.parentName,d=s(e,["components","mdxType","originalType","parentName"]),c=p(r),m=a,h=c["".concat(l,".").concat(m)]||c[m]||g[m]||i;return r?n.createElement(h,o(o({ref:t},d),{},{components:r})):n.createElement(h,o({ref:t},d))}));function h(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=r.length,o=new Array(i);o[0]=m;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s[c]="string"==typeof e?e:a,o[1]=s;for(var p=2;p<i;p++)o[p]=r[p];return n.createElement.apply(null,o)}return n.createElement.apply(null,r)}m.displayName="MDXCreateElement"},9074:(e,t,r)=>{r.r(t),r.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>g,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var n=r(8168),a=(r(6540),r(5680));const i={sidebar_position:3,title:"Credentials operator"},o=void 0,s={unversionedId:"reference/configuration/credentials-operator/README",id:"reference/configuration/credentials-operator/README",title:"Credentials operator",description:"The credentials operator provisions just-in-time credentials for workloads running on Kubernetes. These credentials come in the form of Kubernetes Secrets (mTLS certificates, database username + passwords), or AWS IAM roles.",source:"@site/docs/reference/configuration/credentials-operator/README.mdx",sourceDirName:"reference/configuration/credentials-operator",slug:"/reference/configuration/credentials-operator/",permalink:"/reference/configuration/credentials-operator/",draft:!1,editUrl:"https://github.com/otterize/docs/edit/main/docs/reference/configuration/credentials-operator/README.mdx",tags:[],version:"current",sidebarPosition:3,frontMatter:{sidebar_position:3,title:"Credentials operator"},sidebar:"docSidebar",previous:{title:"Configuring Kafka brokers",permalink:"/reference/configuration/intents-operator/configuration"},next:{title:"Helm chart",permalink:"/reference/configuration/credentials-operator/helm-chart"}},l={},p=[{value:"Deploying the credentials operator",id:"deploying-the-credentials-operator",level:2},{value:"Provisioning AWS IAM roles using the credentials operator",id:"provisioning-aws-iam-roles-using-the-credentials-operator",level:2},{value:"Provisioning mTLS certificates using the credentials operator",id:"provisioning-mtls-certificates-using-the-credentials-operator",level:2},{value:"Provisioning database username + password using the credentials operator",id:"provisioning-database-username--password-using-the-credentials-operator",level:2},{value:"How does the credentials operator provision certificates?",id:"how-does-the-credentials-operator-provision-certificates",level:3},{value:"Step 1: SPIRE entry registration",id:"step-1-spire-entry-registration",level:4},{value:"Step 2: Certificate generation",id:"step-2-certificate-generation",level:4},{value:"cert-manager",id:"cert-manager",level:5},{value:"Otterize Cloud",id:"otterize-cloud",level:5},{value:"SPIRE",id:"spire",level:5},{value:"SPIRE workload registrar",id:"spire-workload-registrar",level:2},{value:"Pod annotations",id:"pod-annotations",level:2}],d={toc:p},c="wrapper";function g(e){let{components:t,...r}=e;return(0,a.yg)(c,(0,n.A)({},d,r,{components:t,mdxType:"MDXLayout"}),(0,a.yg)("p",null,"The credentials operator provisions just-in-time credentials for workloads running on Kubernetes. These credentials come in the form of Kubernetes Secrets (mTLS certificates, database username + passwords), or AWS IAM roles."),(0,a.yg)("h2",{id:"deploying-the-credentials-operator"},"Deploying the credentials operator"),(0,a.yg)("p",null,"To deploy the operator, ",(0,a.yg)("a",{parentName:"p",href:"/reference/configuration/credentials-operator/helm-chart"},"use the Helm chart"),"."),(0,a.yg)("p",null,"To deploy with Otterize Cloud as the certificate provider, we recommend you ",(0,a.yg)("a",{parentName:"p",href:"https://app.otterize.com/"},"follow the instructions in Otterize Cloud"),".\nTo deploy with cert-manager as the certificate provider, you must also ",(0,a.yg)("a",{parentName:"p",href:"/reference/configuration/credentials-operator/helm-chart#cert-manager-parameters"},"configure the Issuer name and whether it should look for a ClusterIssuer or an Issuer (namespace-scoped)"),"."),(0,a.yg)("h2",{id:"provisioning-aws-iam-roles-using-the-credentials-operator"},"Provisioning AWS IAM roles using the credentials operator"),(0,a.yg)("p",null,"The credentials operator is controlled using annotations placed on pods. To have it provision an AWS IAM role, you must specify the pod annotation ",(0,a.yg)("inlineCode",{parentName:"p"},"credentials-operator.otterize.com/create-aws-role"),", with the value being ",(0,a.yg)("inlineCode",{parentName:"p"},"true"),". Once you do so, the credentials operator will provision an AWS IAM role, and automatically bind it with the Kubernetes ServiceAccount of the pod by setting the EKS role ARN annotation on the ServiceAccount and the appropriate Trust Relationship on the AWS IAM role."),(0,a.yg)("h2",{id:"provisioning-mtls-certificates-using-the-credentials-operator"},"Provisioning mTLS certificates using the credentials operator"),(0,a.yg)("p",null,"The credentials operator is controlled using annotations placed on pods. To have it provision certificates and place them in Secrets, you must specify the pod annotation ",(0,a.yg)("inlineCode",{parentName:"p"},"credentials-operator.otterize.com/tls-secret-name"),", with the value being the name of the secret. Once you do so, the credentials operator will provision a certificate for the pod, using Otterize Cloud, cert-manager or SPIRE, depending how you've deployed it."),(0,a.yg)("h2",{id:"provisioning-database-username--password-using-the-credentials-operator"},"Provisioning database username + password using the credentials operator"),(0,a.yg)("p",null,"The credentials operator is controlled using annotations placed on pods. To have it provision database username + password and place them in Secrets, you must specify the pod annotation ",(0,a.yg)("inlineCode",{parentName:"p"},"credentials-operator.otterize.com/user-password-secret-name"),", with the value being the name of the secret. Once you do so, the credentials operator will provision a username and password for the pod."),(0,a.yg)("h3",{id:"how-does-the-credentials-operator-provision-certificates"},"How does the credentials operator provision certificates?"),(0,a.yg)("p",null,"The credentials operator performs two steps in order to issue certificates."),(0,a.yg)("h4",{id:"step-1-spire-entry-registration"},"Step 1: SPIRE entry registration"),(0,a.yg)("p",null,"This step only happens if the operator is configured to use SPIRE for certificate generation. Once the operator ",(0,a.yg)("a",{parentName:"p",href:"#service-name-resolution-and-automatic-pod-labeling"},"resolves the service name")," for a pod, it labels the pod so that SPIRE can find it, and registers an entry with the SPIRE server for that label."),(0,a.yg)("h4",{id:"step-2-certificate-generation"},"Step 2: Certificate generation"),(0,a.yg)("p",null,"The operator consults the annotation ",(0,a.yg)("inlineCode",{parentName:"p"},"credentials-operator.otterize.com/tls-secret-name"),". If that annotation exists, the operator creates a secret named after the value of the label. That secret contains X.509 credentials within, provided by cert-manager, Otterize Cloud or SPIRE, depending on how the credentials operator is configured."),(0,a.yg)("h5",{id:"cert-manager"},"cert-manager"),(0,a.yg)("p",null,"The operator creates a cert-manager ",(0,a.yg)("a",{parentName:"p",href:"https://cert-manager.io/docs/usage/certificate/"},(0,a.yg)("inlineCode",{parentName:"a"},"Certificate"))," resource, which will create a Kubernetes Secret with the name specified by the value of the annotation ",(0,a.yg)("inlineCode",{parentName:"p"},"credentials-operator.otterize.com/tls-secret-name"),". The common name and DNS names in the certificate are values that represent the identity of the service, as resolved by the ",(0,a.yg)("a",{parentName:"p",href:"#3-service-name-resolution-and-automatic-pod-labeling"},"service identity resolution algorithm"),", i.e. ",(0,a.yg)("inlineCode",{parentName:"p"},"servicename.namespace"),"."),(0,a.yg)("p",null,"The operator will use a ",(0,a.yg)("a",{parentName:"p",href:"https://cert-manager.io/docs/concepts/issuer/"},(0,a.yg)("inlineCode",{parentName:"a"},"ClusterIssuer"))," or an ",(0,a.yg)("a",{parentName:"p",href:"https://cert-manager.io/docs/concepts/issuer/"},(0,a.yg)("inlineCode",{parentName:"a"},"Issuer"))," to create the Certificate resource, which it expects to find in the same namespace as the ",(0,a.yg)("inlineCode",{parentName:"p"},"Pod")," with the annotation. The ",(0,a.yg)("inlineCode",{parentName:"p"},"Issuer")," is configured at deploy time, using the ",(0,a.yg)("a",{parentName:"p",href:"/reference/configuration/credentials-operator/helm-chart"},"Helm chart"),"."),(0,a.yg)("p",null,"In the event that the default approver controller in ",(0,a.yg)("inlineCode",{parentName:"p"},"cert-manager")," is ",(0,a.yg)("a",{parentName:"p",href:"https://cert-manager.io/docs/concepts/certificaterequest/#approver-controller"},"disabled"),", the credentials operator can auto-approve its own ",(0,a.yg)("a",{parentName:"p",href:"https://cert-manager.io/docs/concepts/certificaterequest/"},(0,a.yg)("inlineCode",{parentName:"a"},"CertificateRequests")),". Enable this capability by ",(0,a.yg)("a",{parentName:"p",href:"/reference/configuration/credentials-operator/helm-chart#cert-manager-parameters"},"configuring the Helm chart ",(0,a.yg)("inlineCode",{parentName:"a"},"autoApprove")," flag"),"."),(0,a.yg)("h5",{id:"otterize-cloud"},"Otterize Cloud"),(0,a.yg)("p",null,"The operator requests certificates from Otterize Cloud, which internally manages them in Hashicorp Vault. The certificates are then placed within a Kubernetes Secret named with the value of the annotation ",(0,a.yg)("inlineCode",{parentName:"p"},"credentials-operator.otterize.com/tls-secret-name"),"."),(0,a.yg)("h5",{id:"spire"},"SPIRE"),(0,a.yg)("p",null,"Once the operator has registered the pod with SPIRE, which happens automatically for a pod that has the ",(0,a.yg)("inlineCode",{parentName:"p"},"credentials-operator.otterize.com/tls-secret-name")," annotation upon pod startup. The credentials operator then acquires the SVID and certificates for the CA chain and places them within a Kubernetes Secret. The SVID and DNS names in the certificate is the identity of the service, as resolved by the ",(0,a.yg)("a",{parentName:"p",href:"#3-service-name-resolution-and-automatic-pod-labeling"},"service identity resolution algorithm"),", i.e. ",(0,a.yg)("inlineCode",{parentName:"p"},"servicename.namespace"),"."),(0,a.yg)("h2",{id:"spire-workload-registrar"},"SPIRE workload registrar"),(0,a.yg)("p",null,"When deployed with a SPIRE server, the operator registers every pod with the SPIRE server (even those without annotations).\nAlongside the credentials operator, you could use SPIRE agents and the SPIRE SDK to work with the same SPIRE server.\nTo learn more, check out the documentation for ",(0,a.yg)("a",{parentName:"p",href:"https://spiffe.io/docs/latest/spire-about/spire-concepts/"},"SPIRE"),". Note that to use the credentials operator, you do not need to work directly with SPIRE or SPIRE agents, and can do everything completely using annotations and Kubernetes Secrets."),(0,a.yg)("h2",{id:"pod-annotations"},"Pod annotations"),(0,a.yg)("table",null,(0,a.yg)("thead",{parentName:"table"},(0,a.yg)("tr",{parentName:"thead"},(0,a.yg)("th",{parentName:"tr",align:null},"Annotation"),(0,a.yg)("th",{parentName:"tr",align:null},"Description"),(0,a.yg)("th",{parentName:"tr",align:null},"Default"))),(0,a.yg)("tbody",{parentName:"table"},(0,a.yg)("tr",{parentName:"tbody"},(0,a.yg)("td",{parentName:"tr",align:null},(0,a.yg)("inlineCode",{parentName:"td"},"credentials-operator.otterize.com/tls-secret-name")),(0,a.yg)("td",{parentName:"tr",align:null},"If set, the operator will create a secret with this name with mTLS credentials for this pod."),(0,a.yg)("td",{parentName:"tr",align:null},"N/A")),(0,a.yg)("tr",{parentName:"tbody"},(0,a.yg)("td",{parentName:"tr",align:null},(0,a.yg)("inlineCode",{parentName:"td"},"credentials-operator.otterize.com/dns-names")),(0,a.yg)("td",{parentName:"tr",align:null},"If set, overrides the list of subject alternative names in the certificate. Should include the hostname of Kubernetes services that will be used to access this pod."),(0,a.yg)("td",{parentName:"tr",align:null},"N/A")),(0,a.yg)("tr",{parentName:"tbody"},(0,a.yg)("td",{parentName:"tr",align:null},(0,a.yg)("inlineCode",{parentName:"td"},"credentials-operator.otterize.com/cert-ttl")),(0,a.yg)("td",{parentName:"tr",align:null},"Override for the expiration time for the certificate in seconds."),(0,a.yg)("td",{parentName:"tr",align:null},"If deployed with the bundled SPIRE server, 1 day (86400).")),(0,a.yg)("tr",{parentName:"tbody"},(0,a.yg)("td",{parentName:"tr",align:null},(0,a.yg)("inlineCode",{parentName:"td"},"credentials-operator.otterize.com/cert-type")),(0,a.yg)("td",{parentName:"tr",align:null},"Type of the credential bundle - ",(0,a.yg)("inlineCode",{parentName:"td"},"pem")," or ",(0,a.yg)("inlineCode",{parentName:"td"},"jks"),"."),(0,a.yg)("td",{parentName:"tr",align:null},(0,a.yg)("inlineCode",{parentName:"td"},"pem"))),(0,a.yg)("tr",{parentName:"tbody"},(0,a.yg)("td",{parentName:"tr",align:null},(0,a.yg)("inlineCode",{parentName:"td"},"credentials-operator.otterize.com/cert-file-name")),(0,a.yg)("td",{parentName:"tr",align:null},"Certificate key name in the secret. When mounted, this is the filename for the certificate (when using SPIRE it's the SVID file). Only used when cert-type is ",(0,a.yg)("inlineCode",{parentName:"td"},"pem"),".  Not supported when ",(0,a.yg)("inlineCode",{parentName:"td"},"certificateProvider")," is ",(0,a.yg)("inlineCode",{parentName:"td"},"cert-manager"),"."),(0,a.yg)("td",{parentName:"tr",align:null},(0,a.yg)("inlineCode",{parentName:"td"},"cert.pem"))),(0,a.yg)("tr",{parentName:"tbody"},(0,a.yg)("td",{parentName:"tr",align:null},(0,a.yg)("inlineCode",{parentName:"td"},"credentials-operator.otterize.com/ca-file-name")),(0,a.yg)("td",{parentName:"tr",align:null},"Bundle (certificate chain bundle) key name in the secret. When mounted, this is the filename for the certificate chain. Only used when cert-type is ",(0,a.yg)("inlineCode",{parentName:"td"},"pem"),". Not supported when ",(0,a.yg)("inlineCode",{parentName:"td"},"certificateProvider")," is ",(0,a.yg)("inlineCode",{parentName:"td"},"cert-manager"),"."),(0,a.yg)("td",{parentName:"tr",align:null},(0,a.yg)("inlineCode",{parentName:"td"},"ca.pem"))),(0,a.yg)("tr",{parentName:"tbody"},(0,a.yg)("td",{parentName:"tr",align:null},(0,a.yg)("inlineCode",{parentName:"td"},"credentials-operator.otterize.com/key-file-name")),(0,a.yg)("td",{parentName:"tr",align:null},"Private key key name in the secret. When mounted, this is the filename for the private key. Only used when cert-type is ",(0,a.yg)("inlineCode",{parentName:"td"},"pem"),". Not supported when ",(0,a.yg)("inlineCode",{parentName:"td"},"certificateProvider")," is ",(0,a.yg)("inlineCode",{parentName:"td"},"cert-manager"),"."),(0,a.yg)("td",{parentName:"tr",align:null},(0,a.yg)("inlineCode",{parentName:"td"},"key.pem"))),(0,a.yg)("tr",{parentName:"tbody"},(0,a.yg)("td",{parentName:"tr",align:null},(0,a.yg)("inlineCode",{parentName:"td"},"credentials-operator.otterize.com/keystore-file-name")),(0,a.yg)("td",{parentName:"tr",align:null},"Keystore key name in the secret. When mounted, this is the filename for the keystore. Only used when cert-type is ",(0,a.yg)("inlineCode",{parentName:"td"},"jks"),". Not supported when ",(0,a.yg)("inlineCode",{parentName:"td"},"certificateProvider")," is ",(0,a.yg)("inlineCode",{parentName:"td"},"cert-manager"),"."),(0,a.yg)("td",{parentName:"tr",align:null},(0,a.yg)("inlineCode",{parentName:"td"},"keystore.jks"))),(0,a.yg)("tr",{parentName:"tbody"},(0,a.yg)("td",{parentName:"tr",align:null},(0,a.yg)("inlineCode",{parentName:"td"},"credentials-operator.otterize.com/truststore-file-name")),(0,a.yg)("td",{parentName:"tr",align:null},"Truststore key name in the secret. When mounted, this is the filename for the truststore. Only used when cert-type is ",(0,a.yg)("inlineCode",{parentName:"td"},"jks"),". Not supported when ",(0,a.yg)("inlineCode",{parentName:"td"},"certificateProvider")," is ",(0,a.yg)("inlineCode",{parentName:"td"},"cert-manager"),"."),(0,a.yg)("td",{parentName:"tr",align:null},(0,a.yg)("inlineCode",{parentName:"td"},"truststore.jks"))),(0,a.yg)("tr",{parentName:"tbody"},(0,a.yg)("td",{parentName:"tr",align:null},(0,a.yg)("inlineCode",{parentName:"td"},"credentials-operator.otterize.com/jks-password")),(0,a.yg)("td",{parentName:"tr",align:null},"Password for the JKS truststore and keystore. Only used when cert-type is ",(0,a.yg)("inlineCode",{parentName:"td"},"jks"),"."),(0,a.yg)("td",{parentName:"tr",align:null},(0,a.yg)("inlineCode",{parentName:"td"},"password"))),(0,a.yg)("tr",{parentName:"tbody"},(0,a.yg)("td",{parentName:"tr",align:null},(0,a.yg)("inlineCode",{parentName:"td"},"credentials-operator.otterize.com/restart-pod-on-certificate-renewal")),(0,a.yg)("td",{parentName:"tr",align:null},"A pod with this annotation (no matter the value) will be restarted after certificate renewal, along with any replicas. Should be ideally set through the pod owner's ",(0,a.yg)("inlineCode",{parentName:"td"},"template")," spec so it will persist between restarts."),(0,a.yg)("td",{parentName:"tr",align:null},"N/A")),(0,a.yg)("tr",{parentName:"tbody"},(0,a.yg)("td",{parentName:"tr",align:null},(0,a.yg)("inlineCode",{parentName:"td"},"intents.otterize.com/service-name")),(0,a.yg)("td",{parentName:"tr",align:null},"Used for ",(0,a.yg)("a",{parentName:"td",href:"/reference/service-identities#kubernetes-service-identity-resolution"},"service identity resolution"),"."),(0,a.yg)("td",{parentName:"tr",align:null})))))}g.isMDXComponent=!0}}]);
\ No newline at end of file
diff --git a/assets/js/runtime~main.a1c4a5b4.js b/assets/js/runtime~main.3f3f1c5f.js
similarity index 99%
rename from assets/js/runtime~main.a1c4a5b4.js
rename to assets/js/runtime~main.3f3f1c5f.js
index c371e2cb1..9655c9b53 100644
--- a/assets/js/runtime~main.a1c4a5b4.js
+++ b/assets/js/runtime~main.3f3f1c5f.js
@@ -1 +1 @@
-(()=>{"use strict";var e,a,f,b,c,d={},t={};function r(e){var a=t[e];if(void 0!==a)return a.exports;var f=t[e]={id:e,loaded:!1,exports:{}};return d[e].call(f.exports,f,f.exports,r),f.loaded=!0,f.exports}r.m=d,r.c=t,e=[],r.O=(a,f,b,c)=>{if(!f){var d=1/0;for(i=0;i<e.length;i++){f=e[i][0],b=e[i][1],c=e[i][2];for(var t=!0,o=0;o<f.length;o++)(!1&c||d>=c)&&Object.keys(r.O).every((e=>r.O[e](f[o])))?f.splice(o--,1):(t=!1,c<d&&(d=c));if(t){e.splice(i--,1);var n=b();void 0!==n&&(a=n)}}return a}c=c||0;for(var i=e.length;i>0&&e[i-1][2]>c;i--)e[i]=e[i-1];e[i]=[f,b,c]},r.n=e=>{var a=e&&e.__esModule?()=>e.default:()=>e;return r.d(a,{a:a}),a},f=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,r.t=function(e,b){if(1&b&&(e=this(e)),8&b)return e;if("object"==typeof e&&e){if(4&b&&e.__esModule)return e;if(16&b&&"function"==typeof e.then)return e}var c=Object.create(null);r.r(c);var d={};a=a||[null,f({}),f([]),f(f)];for(var t=2&b&&e;"object"==typeof t&&!~a.indexOf(t);t=f(t))Object.getOwnPropertyNames(t).forEach((a=>d[a]=()=>e[a]));return d.default=()=>e,r.d(c,d),c},r.d=(e,a)=>{for(var f in a)r.o(a,f)&&!r.o(e,f)&&Object.defineProperty(e,f,{enumerable:!0,get:a[f]})},r.f={},r.e=e=>Promise.all(Object.keys(r.f).reduce(((a,f)=>(r.f[f](e,a),a)),[])),r.u=e=>"assets/js/"+({760:"13f991ea",765:"6f40fd2f",801:"bb52994a",805:"b6b04eda",918:"01027e3c",1040:"f1151ea7",1205:"698135b2",1295:"97c2207d",1386:"a43681c9",1538:"40ccd1ee",1601:"013a04c2",1625:"f7d1f224",1709:"e93b0177",1733:"fab3c742",1836:"87583c6c",1886:"9a9c42f7",1907:"a630a6fc",1952:"5e4199df",2138:"1a4e3797",2148:"13e8e5b0",2194:"3fbbf99b",2229:"8e233326",2242:"96faae56",2324:"93fb3e94",2343:"be46e07c",2368:"2894b329",2653:"4a90ba61",2703:"6bd33d99",2706:"7b307392",2934:"751ef2b5",3024:"fef0a614",3381:"f8b70272",4194:"2c09ee5d",4312:"89d24bb8",4496:"dcc76ebc",4713:"44e49d37",4911:"a28f5f9a",4940:"f26efbc5",5066:"dff029d6",5106:"fba06901",5290:"ed63a978",5305:"797a5a6f",5548:"247783bb",5582:"da523844",5864:"671fd195",5878:"6303d649",5894:"f1a90138",6326:"42fb6e35",6587:"2e135cc6",6589:"efaf9258",6633:"c6ec7a52",6964:"6ee27f91",7199:"51639cf9",7202:"fec8a912",7255:"64420156",7317:"4d029c8d",8102:"96b2b7a2",8263:"fb8f3a82",8397:"62ac5b94",8401:"17896441",8502:"d05b304a",8581:"935f2afb",8595:"a3ff3870",8626:"944eab8f",8639:"9a6944ab",8714:"1be78505",8750:"ceba1265",8968:"59b068d1",9060:"4388075d",9184:"3ba2fa8f",9441:"c38cf504",9514:"4291f23d",9581:"f89eda61",9715:"b1654ad1",9990:"2bd353df"}[e]||e)+"."+{416:"5a82d981",760:"ff662baa",765:"21d36fb9",801:"4d9cd4d8",805:"68a50ecd",918:"1299f9a1",1040:"b6365de7",1205:"080f42cf",1295:"329b7ba8",1386:"8469fc27",1427:"db807010",1538:"58779a6e",1601:"fc45ce5e",1625:"354ae921",1709:"7754b93d",1733:"edf0efef",1774:"9ea8a3a2",1836:"d4b5f4ad",1886:"75113969",1907:"8904fcd8",1952:"89e69ac5",2138:"b3d3408a",2148:"5fc4ed15",2194:"0285d213",2229:"d3d2c4f4",2242:"feb3beba",2324:"bc45af9d",2343:"274b90ff",2368:"dc2b31bc",2653:"ef77e495",2703:"40cc61c9",2706:"36b34522",2934:"ed338caa",3024:"d0c7bb15",3381:"b387f121",4194:"cccc630c",4312:"25e48f8c",4496:"ec21e679",4713:"1717d835",4911:"09d958b2",4940:"57e7591b",5066:"5b15b888",5106:"baef74eb",5290:"9b969f70",5305:"604c0287",5548:"54c9fe51",5582:"051940bd",5864:"31425a69",5878:"c96fb342",5894:"8b6c041c",6140:"25b4571d",6326:"cdd85e86",6587:"4dc5ca9a",6589:"60ccc42b",6633:"360a7e79",6964:"31f4b69d",7199:"b2d2a9e0",7202:"9c52c13d",7255:"45a8e519",7317:"078ac474",8102:"bce72d60",8263:"8f9da060",8397:"f6ec7d8a",8401:"57dfb6c6",8502:"cf0eda4b",8581:"09c75987",8595:"2d74a1ff",8626:"b2a2d847",8639:"9f62fd9a",8714:"de56d63e",8750:"aca67551",8913:"64e5ee35",8968:"11ea3e06",9060:"e23af36f",9184:"d2ac052b",9441:"0b454f35",9462:"a16127cd",9514:"5c71d58e",9581:"bc4eba67",9715:"116e133d",9990:"cdf9b5f7"}[e]+".js",r.miniCssF=e=>{},r.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),r.o=(e,a)=>Object.prototype.hasOwnProperty.call(e,a),b={},c="docs:",r.l=(e,a,f,d)=>{if(b[e])b[e].push(a);else{var t,o;if(void 0!==f)for(var n=document.getElementsByTagName("script"),i=0;i<n.length;i++){var u=n[i];if(u.getAttribute("src")==e||u.getAttribute("data-webpack")==c+f){t=u;break}}t||(o=!0,(t=document.createElement("script")).charset="utf-8",t.timeout=120,r.nc&&t.setAttribute("nonce",r.nc),t.setAttribute("data-webpack",c+f),t.src=e),b[e]=[a];var l=(a,f)=>{t.onerror=t.onload=null,clearTimeout(s);var c=b[e];if(delete b[e],t.parentNode&&t.parentNode.removeChild(t),c&&c.forEach((e=>e(f))),a)return a(f)},s=setTimeout(l.bind(null,void 0,{type:"timeout",target:t}),12e4);t.onerror=l.bind(null,t.onerror),t.onload=l.bind(null,t.onload),o&&document.head.appendChild(t)}},r.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.p="/",r.gca=function(e){return e={17896441:"8401",64420156:"7255","13f991ea":"760","6f40fd2f":"765",bb52994a:"801",b6b04eda:"805","01027e3c":"918",f1151ea7:"1040","698135b2":"1205","97c2207d":"1295",a43681c9:"1386","40ccd1ee":"1538","013a04c2":"1601",f7d1f224:"1625",e93b0177:"1709",fab3c742:"1733","87583c6c":"1836","9a9c42f7":"1886",a630a6fc:"1907","5e4199df":"1952","1a4e3797":"2138","13e8e5b0":"2148","3fbbf99b":"2194","8e233326":"2229","96faae56":"2242","93fb3e94":"2324",be46e07c:"2343","2894b329":"2368","4a90ba61":"2653","6bd33d99":"2703","7b307392":"2706","751ef2b5":"2934",fef0a614:"3024",f8b70272:"3381","2c09ee5d":"4194","89d24bb8":"4312",dcc76ebc:"4496","44e49d37":"4713",a28f5f9a:"4911",f26efbc5:"4940",dff029d6:"5066",fba06901:"5106",ed63a978:"5290","797a5a6f":"5305","247783bb":"5548",da523844:"5582","671fd195":"5864","6303d649":"5878",f1a90138:"5894","42fb6e35":"6326","2e135cc6":"6587",efaf9258:"6589",c6ec7a52:"6633","6ee27f91":"6964","51639cf9":"7199",fec8a912:"7202","4d029c8d":"7317","96b2b7a2":"8102",fb8f3a82:"8263","62ac5b94":"8397",d05b304a:"8502","935f2afb":"8581",a3ff3870:"8595","944eab8f":"8626","9a6944ab":"8639","1be78505":"8714",ceba1265:"8750","59b068d1":"8968","4388075d":"9060","3ba2fa8f":"9184",c38cf504:"9441","4291f23d":"9514",f89eda61:"9581",b1654ad1:"9715","2bd353df":"9990"}[e]||e,r.p+r.u(e)},(()=>{var e={5354:0,1869:0};r.f.j=(a,f)=>{var b=r.o(e,a)?e[a]:void 0;if(0!==b)if(b)f.push(b[2]);else if(/^(1869|5354)$/.test(a))e[a]=0;else{var c=new Promise(((f,c)=>b=e[a]=[f,c]));f.push(b[2]=c);var d=r.p+r.u(a),t=new Error;r.l(d,(f=>{if(r.o(e,a)&&(0!==(b=e[a])&&(e[a]=void 0),b)){var c=f&&("load"===f.type?"missing":f.type),d=f&&f.target&&f.target.src;t.message="Loading chunk "+a+" failed.\n("+c+": "+d+")",t.name="ChunkLoadError",t.type=c,t.request=d,b[1](t)}}),"chunk-"+a,a)}},r.O.j=a=>0===e[a];var a=(a,f)=>{var b,c,d=f[0],t=f[1],o=f[2],n=0;if(d.some((a=>0!==e[a]))){for(b in t)r.o(t,b)&&(r.m[b]=t[b]);if(o)var i=o(r)}for(a&&a(f);n<d.length;n++)c=d[n],r.o(e,c)&&e[c]&&e[c][0](),e[c]=0;return r.O(i)},f=self.webpackChunkdocs=self.webpackChunkdocs||[];f.forEach(a.bind(null,0)),f.push=a.bind(null,f.push.bind(f))})()})();
\ No newline at end of file
+(()=>{"use strict";var e,a,f,b,c,d={},t={};function r(e){var a=t[e];if(void 0!==a)return a.exports;var f=t[e]={id:e,loaded:!1,exports:{}};return d[e].call(f.exports,f,f.exports,r),f.loaded=!0,f.exports}r.m=d,r.c=t,e=[],r.O=(a,f,b,c)=>{if(!f){var d=1/0;for(i=0;i<e.length;i++){f=e[i][0],b=e[i][1],c=e[i][2];for(var t=!0,o=0;o<f.length;o++)(!1&c||d>=c)&&Object.keys(r.O).every((e=>r.O[e](f[o])))?f.splice(o--,1):(t=!1,c<d&&(d=c));if(t){e.splice(i--,1);var n=b();void 0!==n&&(a=n)}}return a}c=c||0;for(var i=e.length;i>0&&e[i-1][2]>c;i--)e[i]=e[i-1];e[i]=[f,b,c]},r.n=e=>{var a=e&&e.__esModule?()=>e.default:()=>e;return r.d(a,{a:a}),a},f=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,r.t=function(e,b){if(1&b&&(e=this(e)),8&b)return e;if("object"==typeof e&&e){if(4&b&&e.__esModule)return e;if(16&b&&"function"==typeof e.then)return e}var c=Object.create(null);r.r(c);var d={};a=a||[null,f({}),f([]),f(f)];for(var t=2&b&&e;"object"==typeof t&&!~a.indexOf(t);t=f(t))Object.getOwnPropertyNames(t).forEach((a=>d[a]=()=>e[a]));return d.default=()=>e,r.d(c,d),c},r.d=(e,a)=>{for(var f in a)r.o(a,f)&&!r.o(e,f)&&Object.defineProperty(e,f,{enumerable:!0,get:a[f]})},r.f={},r.e=e=>Promise.all(Object.keys(r.f).reduce(((a,f)=>(r.f[f](e,a),a)),[])),r.u=e=>"assets/js/"+({760:"13f991ea",765:"6f40fd2f",801:"bb52994a",805:"b6b04eda",918:"01027e3c",1040:"f1151ea7",1205:"698135b2",1295:"97c2207d",1386:"a43681c9",1538:"40ccd1ee",1601:"013a04c2",1625:"f7d1f224",1709:"e93b0177",1733:"fab3c742",1836:"87583c6c",1886:"9a9c42f7",1907:"a630a6fc",1952:"5e4199df",2138:"1a4e3797",2148:"13e8e5b0",2194:"3fbbf99b",2229:"8e233326",2242:"96faae56",2324:"93fb3e94",2343:"be46e07c",2368:"2894b329",2653:"4a90ba61",2703:"6bd33d99",2706:"7b307392",2934:"751ef2b5",3024:"fef0a614",3381:"f8b70272",4194:"2c09ee5d",4312:"89d24bb8",4496:"dcc76ebc",4713:"44e49d37",4911:"a28f5f9a",4940:"f26efbc5",5066:"dff029d6",5106:"fba06901",5290:"ed63a978",5305:"797a5a6f",5548:"247783bb",5582:"da523844",5864:"671fd195",5878:"6303d649",5894:"f1a90138",6326:"42fb6e35",6587:"2e135cc6",6589:"efaf9258",6633:"c6ec7a52",6964:"6ee27f91",7199:"51639cf9",7202:"fec8a912",7255:"64420156",7317:"4d029c8d",8102:"96b2b7a2",8263:"fb8f3a82",8397:"62ac5b94",8401:"17896441",8502:"d05b304a",8581:"935f2afb",8595:"a3ff3870",8626:"944eab8f",8639:"9a6944ab",8714:"1be78505",8750:"ceba1265",8968:"59b068d1",9060:"4388075d",9184:"3ba2fa8f",9441:"c38cf504",9514:"4291f23d",9581:"f89eda61",9715:"b1654ad1",9990:"2bd353df"}[e]||e)+"."+{416:"5a82d981",760:"ff662baa",765:"21d36fb9",801:"4d9cd4d8",805:"68a50ecd",918:"1299f9a1",1040:"b6365de7",1205:"080f42cf",1295:"329b7ba8",1386:"8469fc27",1427:"db807010",1538:"58779a6e",1601:"fc45ce5e",1625:"354ae921",1709:"7754b93d",1733:"edf0efef",1774:"9ea8a3a2",1836:"6d8524a7",1886:"75113969",1907:"8904fcd8",1952:"89e69ac5",2138:"b3d3408a",2148:"5fc4ed15",2194:"0285d213",2229:"d3d2c4f4",2242:"feb3beba",2324:"bc45af9d",2343:"274b90ff",2368:"dc2b31bc",2653:"ef77e495",2703:"40cc61c9",2706:"36b34522",2934:"ed338caa",3024:"d0c7bb15",3381:"b387f121",4194:"cccc630c",4312:"25e48f8c",4496:"ec21e679",4713:"1717d835",4911:"09d958b2",4940:"57e7591b",5066:"5b15b888",5106:"baef74eb",5290:"9b969f70",5305:"604c0287",5548:"54c9fe51",5582:"051940bd",5864:"31425a69",5878:"c96fb342",5894:"8b6c041c",6140:"25b4571d",6326:"cdd85e86",6587:"4dc5ca9a",6589:"60ccc42b",6633:"360a7e79",6964:"31f4b69d",7199:"b2d2a9e0",7202:"9c52c13d",7255:"45a8e519",7317:"078ac474",8102:"bce72d60",8263:"8f9da060",8397:"f6ec7d8a",8401:"57dfb6c6",8502:"cf0eda4b",8581:"09c75987",8595:"2d74a1ff",8626:"b2a2d847",8639:"9f62fd9a",8714:"de56d63e",8750:"aca67551",8913:"64e5ee35",8968:"11ea3e06",9060:"e23af36f",9184:"d2ac052b",9441:"0b454f35",9462:"a16127cd",9514:"5c71d58e",9581:"bc4eba67",9715:"116e133d",9990:"cdf9b5f7"}[e]+".js",r.miniCssF=e=>{},r.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),r.o=(e,a)=>Object.prototype.hasOwnProperty.call(e,a),b={},c="docs:",r.l=(e,a,f,d)=>{if(b[e])b[e].push(a);else{var t,o;if(void 0!==f)for(var n=document.getElementsByTagName("script"),i=0;i<n.length;i++){var u=n[i];if(u.getAttribute("src")==e||u.getAttribute("data-webpack")==c+f){t=u;break}}t||(o=!0,(t=document.createElement("script")).charset="utf-8",t.timeout=120,r.nc&&t.setAttribute("nonce",r.nc),t.setAttribute("data-webpack",c+f),t.src=e),b[e]=[a];var l=(a,f)=>{t.onerror=t.onload=null,clearTimeout(s);var c=b[e];if(delete b[e],t.parentNode&&t.parentNode.removeChild(t),c&&c.forEach((e=>e(f))),a)return a(f)},s=setTimeout(l.bind(null,void 0,{type:"timeout",target:t}),12e4);t.onerror=l.bind(null,t.onerror),t.onload=l.bind(null,t.onload),o&&document.head.appendChild(t)}},r.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.p="/",r.gca=function(e){return e={17896441:"8401",64420156:"7255","13f991ea":"760","6f40fd2f":"765",bb52994a:"801",b6b04eda:"805","01027e3c":"918",f1151ea7:"1040","698135b2":"1205","97c2207d":"1295",a43681c9:"1386","40ccd1ee":"1538","013a04c2":"1601",f7d1f224:"1625",e93b0177:"1709",fab3c742:"1733","87583c6c":"1836","9a9c42f7":"1886",a630a6fc:"1907","5e4199df":"1952","1a4e3797":"2138","13e8e5b0":"2148","3fbbf99b":"2194","8e233326":"2229","96faae56":"2242","93fb3e94":"2324",be46e07c:"2343","2894b329":"2368","4a90ba61":"2653","6bd33d99":"2703","7b307392":"2706","751ef2b5":"2934",fef0a614:"3024",f8b70272:"3381","2c09ee5d":"4194","89d24bb8":"4312",dcc76ebc:"4496","44e49d37":"4713",a28f5f9a:"4911",f26efbc5:"4940",dff029d6:"5066",fba06901:"5106",ed63a978:"5290","797a5a6f":"5305","247783bb":"5548",da523844:"5582","671fd195":"5864","6303d649":"5878",f1a90138:"5894","42fb6e35":"6326","2e135cc6":"6587",efaf9258:"6589",c6ec7a52:"6633","6ee27f91":"6964","51639cf9":"7199",fec8a912:"7202","4d029c8d":"7317","96b2b7a2":"8102",fb8f3a82:"8263","62ac5b94":"8397",d05b304a:"8502","935f2afb":"8581",a3ff3870:"8595","944eab8f":"8626","9a6944ab":"8639","1be78505":"8714",ceba1265:"8750","59b068d1":"8968","4388075d":"9060","3ba2fa8f":"9184",c38cf504:"9441","4291f23d":"9514",f89eda61:"9581",b1654ad1:"9715","2bd353df":"9990"}[e]||e,r.p+r.u(e)},(()=>{var e={5354:0,1869:0};r.f.j=(a,f)=>{var b=r.o(e,a)?e[a]:void 0;if(0!==b)if(b)f.push(b[2]);else if(/^(1869|5354)$/.test(a))e[a]=0;else{var c=new Promise(((f,c)=>b=e[a]=[f,c]));f.push(b[2]=c);var d=r.p+r.u(a),t=new Error;r.l(d,(f=>{if(r.o(e,a)&&(0!==(b=e[a])&&(e[a]=void 0),b)){var c=f&&("load"===f.type?"missing":f.type),d=f&&f.target&&f.target.src;t.message="Loading chunk "+a+" failed.\n("+c+": "+d+")",t.name="ChunkLoadError",t.type=c,t.request=d,b[1](t)}}),"chunk-"+a,a)}},r.O.j=a=>0===e[a];var a=(a,f)=>{var b,c,d=f[0],t=f[1],o=f[2],n=0;if(d.some((a=>0!==e[a]))){for(b in t)r.o(t,b)&&(r.m[b]=t[b]);if(o)var i=o(r)}for(a&&a(f);n<d.length;n++)c=d[n],r.o(e,c)&&e[c]&&e[c][0](),e[c]=0;return r.O(i)},f=self.webpackChunkdocs=self.webpackChunkdocs||[];f.forEach(a.bind(null,0)),f.push=a.bind(null,f.push.bind(f))})()})();
\ No newline at end of file
diff --git a/faq.html b/faq.html
index aff39d2b9..b03d85c4c 100644
--- a/faq.html
+++ b/faq.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -197,7 +197,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features.html b/features.html
index 9a211e656..e8e325504 100644
--- a/features.html
+++ b/features.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -154,7 +154,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/aws-iam.html b/features/aws-iam.html
index 47e747a75..27efeaa81 100644
--- a/features/aws-iam.html
+++ b/features/aws-iam.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -154,7 +154,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/aws-iam/reference.html b/features/aws-iam/reference.html
index 0e35fca7d..cb3c4a425 100644
--- a/features/aws-iam/reference.html
+++ b/features/aws-iam/reference.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -155,7 +155,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/aws-iam/tutorials/aws-iam-eks.html b/features/aws-iam/tutorials/aws-iam-eks.html
index 7061e589d..e0bf6641f 100644
--- a/features/aws-iam/tutorials/aws-iam-eks.html
+++ b/features/aws-iam/tutorials/aws-iam-eks.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -159,7 +159,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/aws-iam/tutorials/aws-visibility.html b/features/aws-iam/tutorials/aws-visibility.html
index edffddd22..b9479be49 100644
--- a/features/aws-iam/tutorials/aws-visibility.html
+++ b/features/aws-iam/tutorials/aws-visibility.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -154,7 +154,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/azure-iam.html b/features/azure-iam.html
index d53b2f0eb..c0474f44e 100644
--- a/features/azure-iam.html
+++ b/features/azure-iam.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -157,7 +157,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/azure-iam/reference.html b/features/azure-iam/reference.html
index f147ef7f0..d74d922f3 100644
--- a/features/azure-iam/reference.html
+++ b/features/azure-iam/reference.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -155,7 +155,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/azure-iam/tutorials/azure-iam-aks.html b/features/azure-iam/tutorials/azure-iam-aks.html
index 60db3396e..6745fcde3 100644
--- a/features/azure-iam/tutorials/azure-iam-aks.html
+++ b/features/azure-iam/tutorials/azure-iam-aks.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -163,7 +163,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/gcp-iam.html b/features/gcp-iam.html
index 9d0f3c9fa..8aaf68370 100644
--- a/features/gcp-iam.html
+++ b/features/gcp-iam.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -154,7 +154,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/gcp-iam/reference.html b/features/gcp-iam/reference.html
index ff4ea22c0..f48422cb1 100644
--- a/features/gcp-iam/reference.html
+++ b/features/gcp-iam/reference.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -154,7 +154,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/gcp-iam/tutorials/gcp-iam-gke.html b/features/gcp-iam/tutorials/gcp-iam-gke.html
index 1f98b70b4..e4e1f34fa 100644
--- a/features/gcp-iam/tutorials/gcp-iam-gke.html
+++ b/features/gcp-iam/tutorials/gcp-iam-gke.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -163,7 +163,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/github.html b/features/github.html
index 82894fa1a..2bbf06958 100644
--- a/features/github.html
+++ b/features/github.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -154,7 +154,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/github/reference.html b/features/github/reference.html
index 786c5e0d5..7ff2e38ea 100644
--- a/features/github/reference.html
+++ b/features/github/reference.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -154,7 +154,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/github/tutorials/automated-pull-requests.html b/features/github/tutorials/automated-pull-requests.html
index 0ef610b9a..d3b15590d 100644
--- a/features/github/tutorials/automated-pull-requests.html
+++ b/features/github/tutorials/automated-pull-requests.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -154,7 +154,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/gitlab.html b/features/gitlab.html
index 1d1528e07..a61afa1dd 100644
--- a/features/gitlab.html
+++ b/features/gitlab.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -154,7 +154,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/gitlab/reference.html b/features/gitlab/reference.html
index 63d0fd45e..f594c7497 100644
--- a/features/gitlab/reference.html
+++ b/features/gitlab/reference.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -154,7 +154,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/gitlab/tutorials/automated-merge-requests.html b/features/gitlab/tutorials/automated-merge-requests.html
index 17dad5a89..a26de29d3 100644
--- a/features/gitlab/tutorials/automated-merge-requests.html
+++ b/features/gitlab/tutorials/automated-merge-requests.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -154,7 +154,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/istio.html b/features/istio.html
index 0c7f3ec68..d09ec6f0a 100644
--- a/features/istio.html
+++ b/features/istio.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -156,7 +156,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/istio/reference.html b/features/istio/reference.html
index e9637e778..d99568c45 100644
--- a/features/istio/reference.html
+++ b/features/istio/reference.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -154,7 +154,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/istio/tutorials/k8s-istio-authorization-policies.html b/features/istio/tutorials/k8s-istio-authorization-policies.html
index 9c8761f85..2008eaeff 100644
--- a/features/istio/tutorials/k8s-istio-authorization-policies.html
+++ b/features/istio/tutorials/k8s-istio-authorization-policies.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -171,7 +171,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/istio/tutorials/k8s-istio-watcher.html b/features/istio/tutorials/k8s-istio-watcher.html
index 8ca4bf88c..2a46ca82f 100644
--- a/features/istio/tutorials/k8s-istio-watcher.html
+++ b/features/istio/tutorials/k8s-istio-watcher.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -164,7 +164,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/kafka.html b/features/kafka.html
index 57ffa0a36..27346d103 100644
--- a/features/kafka.html
+++ b/features/kafka.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -155,7 +155,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/kafka/reference.html b/features/kafka/reference.html
index b2ad8bd69..5c2b6b07e 100644
--- a/features/kafka/reference.html
+++ b/features/kafka/reference.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -154,7 +154,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/kafka/tutorials/k8s-kafka-mapping.html b/features/kafka/tutorials/k8s-kafka-mapping.html
index d71b5fab8..edb3534fb 100644
--- a/features/kafka/tutorials/k8s-kafka-mapping.html
+++ b/features/kafka/tutorials/k8s-kafka-mapping.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -160,7 +160,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/kafka/tutorials/k8s-kafka-mtls-cert-manager.html b/features/kafka/tutorials/k8s-kafka-mtls-cert-manager.html
index 3190adf3a..b5f1d0ed6 100644
--- a/features/kafka/tutorials/k8s-kafka-mtls-cert-manager.html
+++ b/features/kafka/tutorials/k8s-kafka-mtls-cert-manager.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -164,7 +164,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/kafka/tutorials/k8s-kafka-mtls.html b/features/kafka/tutorials/k8s-kafka-mtls.html
index 8f4a2bcfb..f4da2651d 100644
--- a/features/kafka/tutorials/k8s-kafka-mtls.html
+++ b/features/kafka/tutorials/k8s-kafka-mtls.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -163,7 +163,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/mysql.html b/features/mysql.html
index 85295d5af..60f08e26e 100644
--- a/features/mysql.html
+++ b/features/mysql.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -154,7 +154,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/mysql/reference.html b/features/mysql/reference.html
index 93aca4880..7315fdce7 100644
--- a/features/mysql/reference.html
+++ b/features/mysql/reference.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -154,7 +154,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/mysql/tutorials/mysql.html b/features/mysql/tutorials/mysql.html
index 2bcd239c5..4d55a772f 100644
--- a/features/mysql/tutorials/mysql.html
+++ b/features/mysql/tutorials/mysql.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -159,7 +159,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/network-mapping-network-policies.html b/features/network-mapping-network-policies.html
index 6f00efd6d..6f5571169 100644
--- a/features/network-mapping-network-policies.html
+++ b/features/network-mapping-network-policies.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -157,7 +157,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/network-mapping-network-policies/reference.html b/features/network-mapping-network-policies/reference.html
index cadf23e8b..13f0a4877 100644
--- a/features/network-mapping-network-policies/reference.html
+++ b/features/network-mapping-network-policies/reference.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -161,7 +161,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/network-mapping-network-policies/reference/Network-Policies-Deep-Dive.html b/features/network-mapping-network-policies/reference/Network-Policies-Deep-Dive.html
index b6fae89af..32c7a5620 100644
--- a/features/network-mapping-network-policies/reference/Network-Policies-Deep-Dive.html
+++ b/features/network-mapping-network-policies/reference/Network-Policies-Deep-Dive.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -166,7 +166,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/network-mapping-network-policies/tutorials/aws-eks-cni-mini.html b/features/network-mapping-network-policies/tutorials/aws-eks-cni-mini.html
index 1bcd1a213..5ef30387e 100644
--- a/features/network-mapping-network-policies/tutorials/aws-eks-cni-mini.html
+++ b/features/network-mapping-network-policies/tutorials/aws-eks-cni-mini.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -154,7 +154,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/network-mapping-network-policies/tutorials/k8s-egress-access-control-tutorial.html b/features/network-mapping-network-policies/tutorials/k8s-egress-access-control-tutorial.html
index 53b93f8ef..65144c0ff 100644
--- a/features/network-mapping-network-policies/tutorials/k8s-egress-access-control-tutorial.html
+++ b/features/network-mapping-network-policies/tutorials/k8s-egress-access-control-tutorial.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -154,7 +154,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/network-mapping-network-policies/tutorials/k8s-network-mapper.html b/features/network-mapping-network-policies/tutorials/k8s-network-mapper.html
index 54b7cc726..bce9a3864 100644
--- a/features/network-mapping-network-policies/tutorials/k8s-network-mapper.html
+++ b/features/network-mapping-network-policies/tutorials/k8s-network-mapper.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -163,7 +163,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/network-mapping-network-policies/tutorials/k8s-network-policies.html b/features/network-mapping-network-policies/tutorials/k8s-network-policies.html
index 6314a952a..23eef29ff 100644
--- a/features/network-mapping-network-policies/tutorials/k8s-network-policies.html
+++ b/features/network-mapping-network-policies/tutorials/k8s-network-policies.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -173,7 +173,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/network-mapping-network-policies/tutorials/protect-1-service-network-policies.html b/features/network-mapping-network-policies/tutorials/protect-1-service-network-policies.html
index 670279a46..0003c6662 100644
--- a/features/network-mapping-network-policies/tutorials/protect-1-service-network-policies.html
+++ b/features/network-mapping-network-policies/tutorials/protect-1-service-network-policies.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -157,7 +157,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/postgresql.html b/features/postgresql.html
index 875cc4127..4624f648b 100644
--- a/features/postgresql.html
+++ b/features/postgresql.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -155,7 +155,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/postgresql/reference.html b/features/postgresql/reference.html
index 2e9e85c7b..c9c8a68f1 100644
--- a/features/postgresql/reference.html
+++ b/features/postgresql/reference.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -154,7 +154,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/postgresql/tutorials/postgres-mapping.html b/features/postgresql/tutorials/postgres-mapping.html
index 276d404b9..4d6496bbd 100644
--- a/features/postgresql/tutorials/postgres-mapping.html
+++ b/features/postgresql/tutorials/postgres-mapping.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -175,7 +175,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/features/postgresql/tutorials/postgres.html b/features/postgresql/tutorials/postgres.html
index bf4bf26c6..ae3f3666e 100644
--- a/features/postgresql/tutorials/postgres.html
+++ b/features/postgresql/tutorials/postgres.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -158,7 +158,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/index.html b/index.html
index 7f2e0639b..1e2ad3572 100644
--- a/index.html
+++ b/index.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -155,7 +155,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/overview.html b/overview.html
index 359d0af3f..770793760 100644
--- a/overview.html
+++ b/overview.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -155,7 +155,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/overview/installation.html b/overview/installation.html
index 147156c5e..cabd9be2b 100644
--- a/overview/installation.html
+++ b/overview/installation.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -161,7 +161,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/overview/intent-based-access-control.html b/overview/intent-based-access-control.html
index 4da3b673b..31baa4bc6 100644
--- a/overview/intent-based-access-control.html
+++ b/overview/intent-based-access-control.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -154,7 +154,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/overview/otterize-cloud.html b/overview/otterize-cloud.html
index 98815336e..959f181ab 100644
--- a/overview/otterize-cloud.html
+++ b/overview/otterize-cloud.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -169,7 +169,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/overview/otterize-oss.html b/overview/otterize-oss.html
index 661dceab4..ac7560f9c 100644
--- a/overview/otterize-oss.html
+++ b/overview/otterize-oss.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -159,7 +159,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/overview/otterize-oss/error-telemetry.html b/overview/otterize-oss/error-telemetry.html
index d8fdb9aaf..2347b6f81 100644
--- a/overview/otterize-oss/error-telemetry.html
+++ b/overview/otterize-oss/error-telemetry.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -154,7 +154,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/overview/otterize-oss/usage-telemetry.html b/overview/otterize-oss/usage-telemetry.html
index 10aa7c9eb..b4b799aff 100644
--- a/overview/otterize-oss/usage-telemetry.html
+++ b/overview/otterize-oss/usage-telemetry.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -154,7 +154,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/reference/IBAC-Overview.html b/reference/IBAC-Overview.html
index 35da692db..5451c9d71 100644
--- a/reference/IBAC-Overview.html
+++ b/reference/IBAC-Overview.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -182,7 +182,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/reference/api.html b/reference/api.html
index 9aab93f7d..56b139500 100644
--- a/reference/api.html
+++ b/reference/api.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -154,7 +154,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/reference/cli.html b/reference/cli.html
index 76a0a8452..ce0b2f212 100644
--- a/reference/cli.html
+++ b/reference/cli.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -172,7 +172,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/reference/configuration/credentials-operator.html b/reference/configuration/credentials-operator.html
index a91611ad6..aede1c69c 100644
--- a/reference/configuration/credentials-operator.html
+++ b/reference/configuration/credentials-operator.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -60,9 +60,9 @@
 </div>
 </div>
 </a></li></ul></div></div><div class="navbar__items navbar__items--right"><a href="https://app.otterize.com/" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link"><div id="login-link" classname="tw-inline-flex tw-h-11 tw-w-24 tw-items-center tw-justify-center tw-gap-2 tw-rounded-lg tw-px-4 tw-py-2.5 tw-text-sm lg:tw-text-base tw-font-semibold tw-leading-normal tw-text-gray-600 tw-no-underline -tw-mr-10">Log in</div></a><a href="https://otterize.com/signup" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link"><button class="tw-cursor-pointer tw-inline-flex tw-items-center tw-justify-center tw-gap-2 tw-rounded-xl tw-bg-gradient-to-b tw-px-3 tw-py-2.5 tw-text-sm lg:tw-text-base tw-font-semibold tw-leading-normal tw-no-underline tw-shadow tw-font-sans -tw-mr-2 tw-from-indigo-500 tw-bg-indigo-500 tw-to-indigo-600 tw-h-11 tw-border-none tw-text-white tw-w-full"><img src="/img/menu/cloud.svg">Signup <span id="sign-extended-text">for free<span></span></span></button></a><a href="https://otterize.com/book-demo" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link"><div class="tw-cursor-pointer tw-font-sans tw-flex tw-items-center tw-rounded-xl tw-h-11 tw-border tw-border-solid tw-border-gray-300 tw-bg-white tw-px-3 tw-text-gray-900 tw-shadow tw-font-medium tw-text-sm lg:tw-text-base tw-w-full tw-justify-center"><span id="request-demo-full-text">Request a demo</span><span id="request-demo-partial-text">Demo</span><img class="tw-ml-2" src="/img/menu/right-arrow.svg"></div></a><div class="searchBox_ZlJk"><button type="button" class="DocSearch DocSearch-Button" aria-label="Search"><span class="DocSearch-Button-Container"><svg width="20" height="20" class="DocSearch-Search-Icon" viewBox="0 0 20 20" aria-hidden="true"><path d="M14.386 14.386l4.0877 4.0877-4.0877-4.0877c-2.9418 2.9419-7.7115 2.9419-10.6533 0-2.9419-2.9418-2.9419-7.7115 0-10.6533 2.9418-2.9419 7.7115-2.9419 10.6533 0 2.9419 2.9418 2.9419 7.7115 0 10.6533z" stroke="currentColor" fill="none" fill-rule="evenodd" stroke-linecap="round" stroke-linejoin="round"></path></svg><span class="DocSearch-Button-Placeholder">Search</span></span><span class="DocSearch-Button-Keys"></span></button></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div id="__docusaurus_skipToContent_fallback" class="main-wrapper mainWrapper_z2l0 docsWrapper_BCFX"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docPage__5DB"><aside class="theme-doc-sidebar-container docSidebarContainer_b6E3"><div class="sidebarViewport_Xe31"><div class="sidebar_njMd"><nav aria-label="Docs sidebar" class="menu thin-scrollbar menu_SIkG"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/">Getting started</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" href="/overview">Overview</a><button aria-label="Toggle the collapsible sidebar category &#x27;Overview&#x27;" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="true" href="/features">Features</a><button aria-label="Toggle the collapsible sidebar category &#x27;Features&#x27;" type="button" class="clean-btn menu__caret"></button></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" tabindex="0" href="/features/network-mapping-network-policies">Network mapping &amp; network policies</a><button aria-label="Toggle the collapsible sidebar category &#x27;Network mapping &amp; network policies&#x27;" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" tabindex="0" href="/features/aws-iam">AWS IAM</a><button aria-label="Toggle the collapsible sidebar category &#x27;AWS IAM&#x27;" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" tabindex="0" href="/features/azure-iam">Microsoft Azure IAM</a><button aria-label="Toggle the collapsible sidebar category &#x27;Microsoft Azure IAM&#x27;" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" tabindex="0" href="/features/gcp-iam">Google Cloud IAM</a><button aria-label="Toggle the collapsible sidebar category &#x27;Google Cloud IAM&#x27;" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" tabindex="0" href="/features/kafka">Kafka</a><button aria-label="Toggle the collapsible sidebar category &#x27;Kafka&#x27;" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" tabindex="0" href="/features/istio">Istio</a><button aria-label="Toggle the collapsible sidebar category &#x27;Istio&#x27;" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" tabindex="0" href="/features/mysql">MySQL</a><button aria-label="Toggle the collapsible sidebar category &#x27;MySQL&#x27;" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" tabindex="0" href="/features/postgresql">PostgreSQL</a><button aria-label="Toggle the collapsible sidebar category &#x27;PostgreSQL&#x27;" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" tabindex="0" href="/features/github">GitHub</a><button aria-label="Toggle the collapsible sidebar category &#x27;GitHub&#x27;" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" tabindex="0" href="/features/gitlab">GitLab</a><button aria-label="Toggle the collapsible sidebar category &#x27;GitLab&#x27;" type="button" class="clean-btn menu__caret"></button></div></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret menu__link--active" aria-expanded="true" href="/reference/configuration/otterize-chart">Reference</a></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret menu__link--active" aria-expanded="true" tabindex="0" href="/reference/configuration/otterize-chart">Configuration</a></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/reference/configuration/otterize-chart">Otterize OSS Helm chart</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-3 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" tabindex="0" href="/reference/configuration/intents-operator">Intents operator</a><button aria-label="Toggle the collapsible sidebar category &#x27;Intents operator&#x27;" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-3 menu__list-item"><div class="menu__list-item-collapsible menu__list-item-collapsible--active"><a class="menu__link menu__link--sublist menu__link--active" aria-current="page" aria-expanded="true" tabindex="0" href="/reference/configuration/credentials-operator">Credentials operator</a><button aria-label="Toggle the collapsible sidebar category &#x27;Credentials operator&#x27;" type="button" class="clean-btn menu__caret"></button></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-4 menu__list-item"><a class="menu__link" tabindex="0" href="/reference/configuration/credentials-operator/helm-chart">Helm chart</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-3 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" tabindex="0" href="/reference/configuration/network-mapper">Network mapper</a><button aria-label="Toggle the collapsible sidebar category &#x27;Network mapper&#x27;" type="button" class="clean-btn menu__caret"></button></div></li></ul></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/reference/cli">CLI</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/reference/api">API</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/reference/service-identities">Service identities and resolution</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/reference/troubleshooting">Troubleshooting</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/reference/IBAC-Overview">IBAC: Intent-based access control</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/reference/terminology">Terminology</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/reference/mtls">Kubernetes mTLS</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/reference/shadow-vs-active-enforcement">Shadow vs active enforcement</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/reference/validating-clientintents">Validating ClientIntents</a></li></ul></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/security">Security</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/faq">FAQ</a></li></ul></nav></div></div></aside><main class="docMainContainer_gTbr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="docItemContainer_Djhp"><article><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs" itemscope="" itemtype="https://schema.org/BreadcrumbList"><li class="breadcrumbs__item"><a aria-label="Home page" class="breadcrumbs__link" href="/"><svg viewBox="0 0 24 24" class="breadcrumbHomeIcon_YNFT"><path d="M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z" fill="currentColor"></path></svg></a></li><li class="breadcrumbs__item"><span class="breadcrumbs__link">Reference</span><meta itemprop="position" content="1"></li><li class="breadcrumbs__item"><span class="breadcrumbs__link">Configuration</span><meta itemprop="position" content="2"></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link" itemprop="name">Credentials operator</span><meta itemprop="position" content="3"></li></ul></nav><div class="tocCollapsible_ETCw theme-doc-toc-mobile tocMobile_ITEo"><button type="button" class="clean-btn tocCollapsibleButton_TO0P">On this page</button></div><div class="theme-doc-markdown markdown"><header><h1>Credentials operator</h1></header><p>The credentials operator provisions just-in-time credentials for workloads running on Kubernetes. These credentials come in the form of Kubernetes Secrets (mTLS certificates, database username + passwords), or AWS IAM roles.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="deploying-the-credentials-operator">Deploying the credentials operator<a href="#deploying-the-credentials-operator" class="hash-link" aria-label="Direct link to Deploying the credentials operator" title="Direct link to Deploying the credentials operator">​</a></h2><p>To deploy the operator, <a href="/reference/configuration/credentials-operator/helm-chart">use the Helm chart</a>.</p><p>To deploy with Otterize Cloud as the certificate provider, we recommend you <a href="https://app.otterize.com/" target="_blank" rel="noopener noreferrer">follow the instructions in Otterize Cloud</a>.
-To deploy with cert-manager as the certificate provider, you must also <a href="/reference/configuration/credentials-operator/helm-chart#cert-manager-parameters">configure the Issuer name and whether it should look for a ClusterIssuer or an Issuer (namespace-scoped)</a>.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="provisioning-aws-iam-roles-using-the-credentials-operator">Provisioning AWS IAM roles using the credentials operator<a href="#provisioning-aws-iam-roles-using-the-credentials-operator" class="hash-link" aria-label="Direct link to Provisioning AWS IAM roles using the credentials operator" title="Direct link to Provisioning AWS IAM roles using the credentials operator">​</a></h2><p>The credentials operator is controlled using annotations placed on pods. To have it provision an AWS IAM role, you must specify the pod annotation <code>credentials-operator.otterize.com/create-aws-role</code>, with the value being <code>true</code>. Once you do so, the credentials operator will provision an AWS IAM role, and automatically bind it with the Kubernetes ServiceAccount of the pod by setting the EKS role ARN annotation on the ServiceAccount and the appropriate Trust Relationship on the AWS IAM role.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="provisioning-mtls-certificates-using-the-credentials-operator">Provisioning mTLS certificates using the credentials operator<a href="#provisioning-mtls-certificates-using-the-credentials-operator" class="hash-link" aria-label="Direct link to Provisioning mTLS certificates using the credentials operator" title="Direct link to Provisioning mTLS certificates using the credentials operator">​</a></h2><p>The credentials operator is controlled using annotations placed on pods. To have it provision certificates and place them in Secrets, you must specify the pod annotation <code>credentials-operator.otterize.com/tls-secret-name</code>, with the value being the name of the secret. Once you do so, the credentials operator will provision a certificate for the pod, using Otterize Cloud, cert-manager or SPIRE, depending how you&#x27;ve deployed it.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="provisioning-database-username--password-using-the-credentials-operator">Provisioning database username + password using the credentials operator<a href="#provisioning-database-username--password-using-the-credentials-operator" class="hash-link" aria-label="Direct link to Provisioning database username + password using the credentials operator" title="Direct link to Provisioning database username + password using the credentials operator">​</a></h2><p>The credentials operator is controlled using annotations placed on pods. To have it provision database username + password and place them in Secrets, you must specify the pod annotation <code>credentials-operator.otterize.com/user-password-secret-name</code>, with the value being the name of the secret. Once you do so, the credentials operator will provision a username and password for the pod.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="how-does-the-credentials-operator-provision-certificates">How does the credentials operator provision certificates?<a href="#how-does-the-credentials-operator-provision-certificates" class="hash-link" aria-label="Direct link to How does the credentials operator provision certificates?" title="Direct link to How does the credentials operator provision certificates?">​</a></h3><p>The credentials operator performs two steps in order to issue certificates.</p><h4 class="anchor anchorWithStickyNavbar_LWe7" id="step-1-spire-entry-registration">Step 1: SPIRE entry registration<a href="#step-1-spire-entry-registration" class="hash-link" aria-label="Direct link to Step 1: SPIRE entry registration" title="Direct link to Step 1: SPIRE entry registration">​</a></h4><p>This step only happens if the operator is configured to use SPIRE for certificate generation. Once the operator <a href="#service-name-resolution-and-automatic-pod-labeling">resolves the service name</a> for a pod, it labels the pod so that SPIRE can find it, and registers an entry with the SPIRE server for that label.</p><h4 class="anchor anchorWithStickyNavbar_LWe7" id="step-2-certificate-generation">Step 2: Certificate generation<a href="#step-2-certificate-generation" class="hash-link" aria-label="Direct link to Step 2: Certificate generation" title="Direct link to Step 2: Certificate generation">​</a></h4><p>The operator consults the annotation <code>credentials-operator.otterize.com/tls-secret-name</code>. If that annotation exists, the operator creates a secret named after the value of the label. That secret contains X.509 credentials within, provided by cert-manager, Otterize Cloud or SPIRE, depending on how the credentials operator is configured.</p><h5 class="anchor anchorWithStickyNavbar_LWe7" id="cert-manager">cert-manager<a href="#cert-manager" class="hash-link" aria-label="Direct link to cert-manager" title="Direct link to cert-manager">​</a></h5><p>The operator creates a cert-manager <a href="https://cert-manager.io/docs/usage/certificate/" target="_blank" rel="noopener noreferrer"><code>Certificate</code></a> resource, which will create a Kubernetes Secret with the name specified by the value of the annotation <code>credentials-operator.otterize.com/tls-secret-name</code>. The common name and DNS names in the certificate are values that represent the identity of the service, as resolved by the <a href="#3-service-name-resolution-and-automatic-pod-labeling">service identity resolution algorithm</a>, i.e. <code>servicename.namespace</code>.</p><p>The operator will use a <a href="https://cert-manager.io/docs/concepts/issuer/" target="_blank" rel="noopener noreferrer"><code>ClusterIssuer</code></a> or an <a href="https://cert-manager.io/docs/concepts/issuer/" target="_blank" rel="noopener noreferrer"><code>Issuer</code></a> to create the Certificate resource, which it expects to find in the same namespace as the <code>Pod</code> with the annotation. The <code>Issuer</code> is configured at deploy time, using the <a href="/reference/configuration/credentials-operator/helm-chart">Helm chart</a>.</p><p>In the event that the default approver controller in <code>cert-manager</code> is <a href="https://cert-manager.io/docs/concepts/certificaterequest/#approver-controller" target="_blank" rel="noopener noreferrer">disabled</a>, the credentials operator can auto-approve its own <a href="https://cert-manager.io/docs/concepts/certificaterequest/" target="_blank" rel="noopener noreferrer"><code>CertificateRequests</code></a>. Enable this capability by <a href="/reference/configuration/credentials-operator/helm-chart#cert-manager-parameters">configuring the Helm chart <code>autoApprove</code> flag</a>.</p><h5 class="anchor anchorWithStickyNavbar_LWe7" id="otterize-cloud">Otterize Cloud<a href="#otterize-cloud" class="hash-link" aria-label="Direct link to Otterize Cloud" title="Direct link to Otterize Cloud">​</a></h5><p>The operator requests certificates from Otterize Cloud, which internally manages them in Hashicorp Vault. The certificates are then placed within a Kubernetes Secret named with the value of the annotation <code>credentials-operator.otterize.com/tls-secret-name</code>.</p><h5 class="anchor anchorWithStickyNavbar_LWe7" id="spire">SPIRE<a href="#spire" class="hash-link" aria-label="Direct link to SPIRE" title="Direct link to SPIRE">​</a></h5><p>Once the operator has registered the pod with SPIRE, which happens automatically for a pod that has the <code>credentials-operator.otterize.com/tls-secret-name</code> annotation upon pod startup. The credentials operator then acquires the SVID and certificates for the CA chain and places them within a Kubernetes Secret. The SVID and DNS names in the certificate is the identity of the service, as resolved by the <a href="#3-service-name-resolution-and-automatic-pod-labeling">service identity resolution algorithm</a>, i.e. <code>servicename.namespace</code>.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="spire-workload-registrar">SPIRE workload registrar<a href="#spire-workload-registrar" class="hash-link" aria-label="Direct link to SPIRE workload registrar" title="Direct link to SPIRE workload registrar">​</a></h2><p>When deployed with a SPIRE server, the operator registers every pod with the SPIRE server (even those without annotations).
+To deploy with cert-manager as the certificate provider, you must also <a href="/reference/configuration/credentials-operator/helm-chart#cert-manager-parameters">configure the Issuer name and whether it should look for a ClusterIssuer or an Issuer (namespace-scoped)</a>.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="provisioning-aws-iam-roles-using-the-credentials-operator">Provisioning AWS IAM roles using the credentials operator<a href="#provisioning-aws-iam-roles-using-the-credentials-operator" class="hash-link" aria-label="Direct link to Provisioning AWS IAM roles using the credentials operator" title="Direct link to Provisioning AWS IAM roles using the credentials operator">​</a></h2><p>The credentials operator is controlled using annotations placed on pods. To have it provision an AWS IAM role, you must specify the pod annotation <code>credentials-operator.otterize.com/create-aws-role</code>, with the value being <code>true</code>. Once you do so, the credentials operator will provision an AWS IAM role, and automatically bind it with the Kubernetes ServiceAccount of the pod by setting the EKS role ARN annotation on the ServiceAccount and the appropriate Trust Relationship on the AWS IAM role.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="provisioning-mtls-certificates-using-the-credentials-operator">Provisioning mTLS certificates using the credentials operator<a href="#provisioning-mtls-certificates-using-the-credentials-operator" class="hash-link" aria-label="Direct link to Provisioning mTLS certificates using the credentials operator" title="Direct link to Provisioning mTLS certificates using the credentials operator">​</a></h2><p>The credentials operator is controlled using annotations placed on pods. To have it provision certificates and place them in Secrets, you must specify the pod annotation <code>credentials-operator.otterize.com/tls-secret-name</code>, with the value being the name of the secret. Once you do so, the credentials operator will provision a certificate for the pod, using Otterize Cloud, cert-manager or SPIRE, depending how you&#x27;ve deployed it.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="provisioning-database-username--password-using-the-credentials-operator">Provisioning database username + password using the credentials operator<a href="#provisioning-database-username--password-using-the-credentials-operator" class="hash-link" aria-label="Direct link to Provisioning database username + password using the credentials operator" title="Direct link to Provisioning database username + password using the credentials operator">​</a></h2><p>The credentials operator is controlled using annotations placed on pods. To have it provision database username + password and place them in Secrets, you must specify the pod annotation <code>credentials-operator.otterize.com/user-password-secret-name</code>, with the value being the name of the secret. Once you do so, the credentials operator will provision a username and password for the pod.</p><p>Secrets are automatically rotated (defaults to every 8 hours). This value can be controlled using the <code>databaseSecretRotationInterval</code> key in the credentials operator <code>values.yaml</code>.</p><p>If you want pods to be restarted automatically after secret rotation, set the annotation <code>credentials-operator.otterize.com/restart-on-secret-rotation</code> on the pod (no matter the value).</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="how-does-the-credentials-operator-provision-certificates">How does the credentials operator provision certificates?<a href="#how-does-the-credentials-operator-provision-certificates" class="hash-link" aria-label="Direct link to How does the credentials operator provision certificates?" title="Direct link to How does the credentials operator provision certificates?">​</a></h3><p>The credentials operator performs two steps in order to issue certificates.</p><h4 class="anchor anchorWithStickyNavbar_LWe7" id="step-1-spire-entry-registration">Step 1: SPIRE entry registration<a href="#step-1-spire-entry-registration" class="hash-link" aria-label="Direct link to Step 1: SPIRE entry registration" title="Direct link to Step 1: SPIRE entry registration">​</a></h4><p>This step only happens if the operator is configured to use SPIRE for certificate generation. Once the operator <a href="#service-name-resolution-and-automatic-pod-labeling">resolves the service name</a> for a pod, it labels the pod so that SPIRE can find it, and registers an entry with the SPIRE server for that label.</p><h4 class="anchor anchorWithStickyNavbar_LWe7" id="step-2-certificate-generation">Step 2: Certificate generation<a href="#step-2-certificate-generation" class="hash-link" aria-label="Direct link to Step 2: Certificate generation" title="Direct link to Step 2: Certificate generation">​</a></h4><p>The operator consults the annotation <code>credentials-operator.otterize.com/tls-secret-name</code>. If that annotation exists, the operator creates a secret named after the value of the label. That secret contains X.509 credentials within, provided by cert-manager, Otterize Cloud or SPIRE, depending on how the credentials operator is configured.</p><h5 class="anchor anchorWithStickyNavbar_LWe7" id="cert-manager">cert-manager<a href="#cert-manager" class="hash-link" aria-label="Direct link to cert-manager" title="Direct link to cert-manager">​</a></h5><p>The operator creates a cert-manager <a href="https://cert-manager.io/docs/usage/certificate/" target="_blank" rel="noopener noreferrer"><code>Certificate</code></a> resource, which will create a Kubernetes Secret with the name specified by the value of the annotation <code>credentials-operator.otterize.com/tls-secret-name</code>. The common name and DNS names in the certificate are values that represent the identity of the service, as resolved by the <a href="#3-service-name-resolution-and-automatic-pod-labeling">service identity resolution algorithm</a>, i.e. <code>servicename.namespace</code>.</p><p>The operator will use a <a href="https://cert-manager.io/docs/concepts/issuer/" target="_blank" rel="noopener noreferrer"><code>ClusterIssuer</code></a> or an <a href="https://cert-manager.io/docs/concepts/issuer/" target="_blank" rel="noopener noreferrer"><code>Issuer</code></a> to create the Certificate resource, which it expects to find in the same namespace as the <code>Pod</code> with the annotation. The <code>Issuer</code> is configured at deploy time, using the <a href="/reference/configuration/credentials-operator/helm-chart">Helm chart</a>.</p><p>In the event that the default approver controller in <code>cert-manager</code> is <a href="https://cert-manager.io/docs/concepts/certificaterequest/#approver-controller" target="_blank" rel="noopener noreferrer">disabled</a>, the credentials operator can auto-approve its own <a href="https://cert-manager.io/docs/concepts/certificaterequest/" target="_blank" rel="noopener noreferrer"><code>CertificateRequests</code></a>. Enable this capability by <a href="/reference/configuration/credentials-operator/helm-chart#cert-manager-parameters">configuring the Helm chart <code>autoApprove</code> flag</a>.</p><h5 class="anchor anchorWithStickyNavbar_LWe7" id="otterize-cloud">Otterize Cloud<a href="#otterize-cloud" class="hash-link" aria-label="Direct link to Otterize Cloud" title="Direct link to Otterize Cloud">​</a></h5><p>The operator requests certificates from Otterize Cloud, which internally manages them in Hashicorp Vault. The certificates are then placed within a Kubernetes Secret named with the value of the annotation <code>credentials-operator.otterize.com/tls-secret-name</code>.</p><h5 class="anchor anchorWithStickyNavbar_LWe7" id="spire">SPIRE<a href="#spire" class="hash-link" aria-label="Direct link to SPIRE" title="Direct link to SPIRE">​</a></h5><p>Once the operator has registered the pod with SPIRE, which happens automatically for a pod that has the <code>credentials-operator.otterize.com/tls-secret-name</code> annotation upon pod startup. The credentials operator then acquires the SVID and certificates for the CA chain and places them within a Kubernetes Secret. The SVID and DNS names in the certificate is the identity of the service, as resolved by the <a href="#3-service-name-resolution-and-automatic-pod-labeling">service identity resolution algorithm</a>, i.e. <code>servicename.namespace</code>.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="spire-workload-registrar">SPIRE workload registrar<a href="#spire-workload-registrar" class="hash-link" aria-label="Direct link to SPIRE workload registrar" title="Direct link to SPIRE workload registrar">​</a></h2><p>When deployed with a SPIRE server, the operator registers every pod with the SPIRE server (even those without annotations).
 Alongside the credentials operator, you could use SPIRE agents and the SPIRE SDK to work with the same SPIRE server.
-To learn more, check out the documentation for <a href="https://spiffe.io/docs/latest/spire-about/spire-concepts/" target="_blank" rel="noopener noreferrer">SPIRE</a>. Note that to use the credentials operator, you do not need to work directly with SPIRE or SPIRE agents, and can do everything completely using annotations and Kubernetes Secrets.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="pod-annotations">Pod annotations<a href="#pod-annotations" class="hash-link" aria-label="Direct link to Pod annotations" title="Direct link to Pod annotations">​</a></h2><table><thead><tr><th>Annotation</th><th>Description</th><th>Default</th></tr></thead><tbody><tr><td><code>credentials-operator.otterize.com/tls-secret-name</code></td><td>If set, the operator will create a secret with this name with mTLS credentials for this pod.</td><td>N/A</td></tr><tr><td><code>credentials-operator.otterize.com/dns-names</code></td><td>If set, overrides the list of subject alternative names in the certificate. Should include the hostname of Kubernetes services that will be used to access this pod.</td><td>N/A</td></tr><tr><td><code>credentials-operator.otterize.com/cert-ttl</code></td><td>Override for the expiration time for the certificate in seconds.</td><td>If deployed with the bundled SPIRE server, 1 day (86400).</td></tr><tr><td><code>credentials-operator.otterize.com/cert-type</code></td><td>Type of the credential bundle - <code>pem</code> or <code>jks</code>.</td><td><code>pem</code></td></tr><tr><td><code>credentials-operator.otterize.com/cert-file-name</code></td><td>Certificate key name in the secret. When mounted, this is the filename for the certificate (when using SPIRE it&#x27;s the SVID file). Only used when cert-type is <code>pem</code>.  Not supported when <code>certificateProvider</code> is <code>cert-manager</code>.</td><td><code>cert.pem</code></td></tr><tr><td><code>credentials-operator.otterize.com/ca-file-name</code></td><td>Bundle (certificate chain bundle) key name in the secret. When mounted, this is the filename for the certificate chain. Only used when cert-type is <code>pem</code>. Not supported when <code>certificateProvider</code> is <code>cert-manager</code>.</td><td><code>ca.pem</code></td></tr><tr><td><code>credentials-operator.otterize.com/key-file-name</code></td><td>Private key key name in the secret. When mounted, this is the filename for the private key. Only used when cert-type is <code>pem</code>. Not supported when <code>certificateProvider</code> is <code>cert-manager</code>.</td><td><code>key.pem</code></td></tr><tr><td><code>credentials-operator.otterize.com/keystore-file-name</code></td><td>Keystore key name in the secret. When mounted, this is the filename for the keystore. Only used when cert-type is <code>jks</code>. Not supported when <code>certificateProvider</code> is <code>cert-manager</code>.</td><td><code>keystore.jks</code></td></tr><tr><td><code>credentials-operator.otterize.com/truststore-file-name</code></td><td>Truststore key name in the secret. When mounted, this is the filename for the truststore. Only used when cert-type is <code>jks</code>. Not supported when <code>certificateProvider</code> is <code>cert-manager</code>.</td><td><code>truststore.jks</code></td></tr><tr><td><code>credentials-operator.otterize.com/jks-password</code></td><td>Password for the JKS truststore and keystore. Only used when cert-type is <code>jks</code>.</td><td><code>password</code></td></tr><tr><td><code>credentials-operator.otterize.com/restart-pod-on-certificate-renewal</code></td><td>A pod with this annotation (no matter the value) will be restarted after certificate renewal, along with any replicas. Should be ideally set through the pod owner&#x27;s <code>template</code> spec so it will persist between restarts.</td><td>N/A</td></tr><tr><td><code>intents.otterize.com/service-name</code></td><td>Used for <a href="/reference/service-identities#kubernetes-service-identity-resolution">service identity resolution</a>.</td><td></td></tr></tbody></table></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="theme-doc-footer-edit-meta-row row"><div class="col"><a href="https://github.com/otterize/docs/edit/main/docs/reference/configuration/credentials-operator/README.mdx" target="_blank" rel="noreferrer noopener" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_vwxv"></div></div></footer></article><nav class="pagination-nav docusaurus-mt-lg" aria-label="Docs pages"><a class="pagination-nav__link pagination-nav__link--prev" href="/reference/configuration/intents-operator/configuration"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Configuring Kafka brokers</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/reference/configuration/credentials-operator/helm-chart"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">Helm chart</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#deploying-the-credentials-operator" class="table-of-contents__link toc-highlight">Deploying the credentials operator</a></li><li><a href="#provisioning-aws-iam-roles-using-the-credentials-operator" class="table-of-contents__link toc-highlight">Provisioning AWS IAM roles using the credentials operator</a></li><li><a href="#provisioning-mtls-certificates-using-the-credentials-operator" class="table-of-contents__link toc-highlight">Provisioning mTLS certificates using the credentials operator</a></li><li><a href="#provisioning-database-username--password-using-the-credentials-operator" class="table-of-contents__link toc-highlight">Provisioning database username + password using the credentials operator</a><ul><li><a href="#how-does-the-credentials-operator-provision-certificates" class="table-of-contents__link toc-highlight">How does the credentials operator provision certificates?</a></li></ul></li><li><a href="#spire-workload-registrar" class="table-of-contents__link toc-highlight">SPIRE workload registrar</a></li><li><a href="#pod-annotations" class="table-of-contents__link toc-highlight">Pod annotations</a></li></ul></div></div></div></div></main></div></div><footer class="footer"><div class="container container-fluid"><div class="footer__links text--center"><div class="footer__links"><span class="footer__link-item">
+To learn more, check out the documentation for <a href="https://spiffe.io/docs/latest/spire-about/spire-concepts/" target="_blank" rel="noopener noreferrer">SPIRE</a>. Note that to use the credentials operator, you do not need to work directly with SPIRE or SPIRE agents, and can do everything completely using annotations and Kubernetes Secrets.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="pod-annotations">Pod annotations<a href="#pod-annotations" class="hash-link" aria-label="Direct link to Pod annotations" title="Direct link to Pod annotations">​</a></h2><table><thead><tr><th>Annotation</th><th>Description</th><th>Default</th></tr></thead><tbody><tr><td><code>credentials-operator.otterize.com/tls-secret-name</code></td><td>If set, the operator will create a secret with this name with mTLS credentials for this pod.</td><td>N/A</td></tr><tr><td><code>credentials-operator.otterize.com/dns-names</code></td><td>If set, overrides the list of subject alternative names in the certificate. Should include the hostname of Kubernetes services that will be used to access this pod.</td><td>N/A</td></tr><tr><td><code>credentials-operator.otterize.com/cert-ttl</code></td><td>Override for the expiration time for the certificate in seconds.</td><td>If deployed with the bundled SPIRE server, 1 day (86400).</td></tr><tr><td><code>credentials-operator.otterize.com/cert-type</code></td><td>Type of the credential bundle - <code>pem</code> or <code>jks</code>.</td><td><code>pem</code></td></tr><tr><td><code>credentials-operator.otterize.com/cert-file-name</code></td><td>Certificate key name in the secret. When mounted, this is the filename for the certificate (when using SPIRE it&#x27;s the SVID file). Only used when cert-type is <code>pem</code>.  Not supported when <code>certificateProvider</code> is <code>cert-manager</code>.</td><td><code>cert.pem</code></td></tr><tr><td><code>credentials-operator.otterize.com/ca-file-name</code></td><td>Bundle (certificate chain bundle) key name in the secret. When mounted, this is the filename for the certificate chain. Only used when cert-type is <code>pem</code>. Not supported when <code>certificateProvider</code> is <code>cert-manager</code>.</td><td><code>ca.pem</code></td></tr><tr><td><code>credentials-operator.otterize.com/key-file-name</code></td><td>Private key key name in the secret. When mounted, this is the filename for the private key. Only used when cert-type is <code>pem</code>. Not supported when <code>certificateProvider</code> is <code>cert-manager</code>.</td><td><code>key.pem</code></td></tr><tr><td><code>credentials-operator.otterize.com/keystore-file-name</code></td><td>Keystore key name in the secret. When mounted, this is the filename for the keystore. Only used when cert-type is <code>jks</code>. Not supported when <code>certificateProvider</code> is <code>cert-manager</code>.</td><td><code>keystore.jks</code></td></tr><tr><td><code>credentials-operator.otterize.com/truststore-file-name</code></td><td>Truststore key name in the secret. When mounted, this is the filename for the truststore. Only used when cert-type is <code>jks</code>. Not supported when <code>certificateProvider</code> is <code>cert-manager</code>.</td><td><code>truststore.jks</code></td></tr><tr><td><code>credentials-operator.otterize.com/jks-password</code></td><td>Password for the JKS truststore and keystore. Only used when cert-type is <code>jks</code>.</td><td><code>password</code></td></tr><tr><td><code>credentials-operator.otterize.com/restart-pod-on-certificate-renewal</code></td><td>A pod with this annotation (no matter the value) will be restarted after certificate renewal, along with any replicas. Should be ideally set through the pod owner&#x27;s <code>template</code> spec so it will persist between restarts.</td><td>N/A</td></tr><tr><td><code>credentials-operator.otterize.com/user-password-secret-name</code></td><td>If set, the operator will create a secret with this name containing user-password credentials for this pod.</td><td>N/A</td></tr><tr><td><code>credentials-operator.otterize.com/restart-on-secret-rotation</code></td><td>A pod with this annotation (no matter the value) will be restarted after user-password secret rotation, along with any replicas. Should be ideally set through the pod owner&#x27;s <code>template</code> spec so it will persist between restarts.</td><td></td></tr><tr><td><code>intents.otterize.com/service-name</code></td><td>Used for <a href="/reference/service-identities#kubernetes-service-identity-resolution">service identity resolution</a>.</td><td></td></tr></tbody></table></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="theme-doc-footer-edit-meta-row row"><div class="col"><a href="https://github.com/otterize/docs/edit/main/docs/reference/configuration/credentials-operator/README.mdx" target="_blank" rel="noreferrer noopener" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_vwxv"></div></div></footer></article><nav class="pagination-nav docusaurus-mt-lg" aria-label="Docs pages"><a class="pagination-nav__link pagination-nav__link--prev" href="/reference/configuration/intents-operator/configuration"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Configuring Kafka brokers</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/reference/configuration/credentials-operator/helm-chart"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">Helm chart</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#deploying-the-credentials-operator" class="table-of-contents__link toc-highlight">Deploying the credentials operator</a></li><li><a href="#provisioning-aws-iam-roles-using-the-credentials-operator" class="table-of-contents__link toc-highlight">Provisioning AWS IAM roles using the credentials operator</a></li><li><a href="#provisioning-mtls-certificates-using-the-credentials-operator" class="table-of-contents__link toc-highlight">Provisioning mTLS certificates using the credentials operator</a></li><li><a href="#provisioning-database-username--password-using-the-credentials-operator" class="table-of-contents__link toc-highlight">Provisioning database username + password using the credentials operator</a><ul><li><a href="#how-does-the-credentials-operator-provision-certificates" class="table-of-contents__link toc-highlight">How does the credentials operator provision certificates?</a></li></ul></li><li><a href="#spire-workload-registrar" class="table-of-contents__link toc-highlight">SPIRE workload registrar</a></li><li><a href="#pod-annotations" class="table-of-contents__link toc-highlight">Pod annotations</a></li></ul></div></div></div></div></main></div></div><footer class="footer"><div class="container container-fluid"><div class="footer__links text--center"><div class="footer__links"><span class="footer__link-item">
                 <div class="footer_left">
                   <div class="tw-w-96 tw-h-60 tw-flex-col tw-justify-start tw-items-start tw-gap-6 tw-inline-flex">
                     <div class="tw-w-36 tw-h-8 tw-justify-start tw-items-start tw-inline-flex">
@@ -157,7 +157,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/reference/configuration/credentials-operator/helm-chart.html b/reference/configuration/credentials-operator/helm-chart.html
index b0fd7505f..2015537b0 100644
--- a/reference/configuration/credentials-operator/helm-chart.html
+++ b/reference/configuration/credentials-operator/helm-chart.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -155,7 +155,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/reference/configuration/intents-operator.html b/reference/configuration/intents-operator.html
index c4979a418..ea240126a 100644
--- a/reference/configuration/intents-operator.html
+++ b/reference/configuration/intents-operator.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -172,7 +172,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/reference/configuration/intents-operator/configuration.html b/reference/configuration/intents-operator/configuration.html
index 4a39aabaa..9eff9efd8 100644
--- a/reference/configuration/intents-operator/configuration.html
+++ b/reference/configuration/intents-operator/configuration.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -157,7 +157,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/reference/configuration/intents-operator/helm-chart.html b/reference/configuration/intents-operator/helm-chart.html
index 272191cdb..360707d31 100644
--- a/reference/configuration/intents-operator/helm-chart.html
+++ b/reference/configuration/intents-operator/helm-chart.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -155,7 +155,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/reference/configuration/network-mapper.html b/reference/configuration/network-mapper.html
index c589c4828..003ecda1b 100644
--- a/reference/configuration/network-mapper.html
+++ b/reference/configuration/network-mapper.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -157,7 +157,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/reference/configuration/network-mapper/helm-chart.html b/reference/configuration/network-mapper/helm-chart.html
index 28ed3d17b..b7f50a521 100644
--- a/reference/configuration/network-mapper/helm-chart.html
+++ b/reference/configuration/network-mapper/helm-chart.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -154,7 +154,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/reference/configuration/network-mapper/kafka-watcher.html b/reference/configuration/network-mapper/kafka-watcher.html
index c0e5cb272..f9a41d5bf 100644
--- a/reference/configuration/network-mapper/kafka-watcher.html
+++ b/reference/configuration/network-mapper/kafka-watcher.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -161,7 +161,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/reference/configuration/otterize-chart.html b/reference/configuration/otterize-chart.html
index 19efc8b0e..3a5bc7e6e 100644
--- a/reference/configuration/otterize-chart.html
+++ b/reference/configuration/otterize-chart.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -159,7 +159,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/reference/mtls.html b/reference/mtls.html
index 08409701c..292b936f5 100644
--- a/reference/mtls.html
+++ b/reference/mtls.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -165,7 +165,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/reference/service-identities.html b/reference/service-identities.html
index 6a1418686..1172f2833 100644
--- a/reference/service-identities.html
+++ b/reference/service-identities.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -160,7 +160,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/reference/shadow-vs-active-enforcement.html b/reference/shadow-vs-active-enforcement.html
index 05bc67cce..2ef0fdec7 100644
--- a/reference/shadow-vs-active-enforcement.html
+++ b/reference/shadow-vs-active-enforcement.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -156,7 +156,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/reference/terminology.html b/reference/terminology.html
index 2b6bb14cc..5070d1f37 100644
--- a/reference/terminology.html
+++ b/reference/terminology.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -165,7 +165,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/reference/troubleshooting.html b/reference/troubleshooting.html
index 5164dd5f2..01400a5aa 100644
--- a/reference/troubleshooting.html
+++ b/reference/troubleshooting.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -156,7 +156,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/reference/validating-clientintents.html b/reference/validating-clientintents.html
index 10bb8d652..c1935b552 100644
--- a/reference/validating-clientintents.html
+++ b/reference/validating-clientintents.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -156,7 +156,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/search.html b/search.html
index da635db3c..43a7195f8 100644
--- a/search.html
+++ b/search.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -154,7 +154,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/security.html b/security.html
index 7e0e42bf2..18f82ab3b 100644
--- a/security.html
+++ b/security.html
@@ -14,7 +14,7 @@
 <script src="/newsLetterSubscription.js" async></script>
 <script src="/ui.js" async></script>
 <script src="/pixels.js" async></script><link rel="stylesheet" href="/assets/css/styles.f296393d.css">
-<link rel="preload" href="/assets/js/runtime~main.a1c4a5b4.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.3f3f1c5f.js" as="script">
 <link rel="preload" href="/assets/js/main.2067b156.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -155,7 +155,7 @@
                     </div>
                   </div>
                 </div></span></div></div></div></footer></div>
-<script src="/assets/js/runtime~main.a1c4a5b4.js"></script>
+<script src="/assets/js/runtime~main.3f3f1c5f.js"></script>
 <script src="/assets/js/main.2067b156.js"></script>
 </body>
 </html>
\ No newline at end of file