From 1d01045e859e7836d08a846ecbcd84bdc3fb71ca Mon Sep 17 00:00:00 2001
From: Kyle Schochenmaier <kschoche@gmail.com>
Date: Tue, 1 Aug 2023 10:14:36 -0500
Subject: [PATCH] Docs/add imagepullsecrets example vso (#22136)

* Adds an example for imagepullsecrets to vso docs
---
 .../docs/platform/k8s/vso/examples.mdx        | 46 +++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/website/content/docs/platform/k8s/vso/examples.mdx b/website/content/docs/platform/k8s/vso/examples.mdx
index 51c8cefe76..746914bf86 100644
--- a/website/content/docs/platform/k8s/vso/examples.mdx
+++ b/website/content/docs/platform/k8s/vso/examples.mdx
@@ -10,3 +10,49 @@ description: >-
 The Operator project provides the following examples:
 - Sample use-cases are documented [here](https://github.com/hashicorp/vault-secrets-operator#samples)
 - A Terraform based demo can be found [here](https://github.com/hashicorp/vault-secrets-operator/tree/main/demo)
+
+## Using VaultStaticSecrets for imagePullSecrets
+
+Vault Secret Operator supports Kubernetes' templating of Secrets based on their
+Secret [Type](https://kubernetes.io/docs/concepts/configuration/secret/#secret-types) by setting the
+`Destination.Type` field of the VaultStaticSecret. Users who have configured private container registries
+can use the `kubernetes.io/dockerconfigjson` or `kubernetes.io/dockerconfig` types to appropriately format
+a Kubernetes secret with the contents of their Vault KV Secret.
+
+```shell
+# Write the secret to Vault:
+$ vault kv put kvv2/docker/config .dockerconfigjson=`cat ~/.docker/config.json`
+```
+
+```yaml
+# Apply a VaultStaticSecret which populates the k8s secret named 'myregistryKey' in the applications namespace
+# Note: this Secret uses the `default` VaultAuthMethod.
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultStaticSecret
+metadata:
+  namespace: awesomeapps
+  name: vault-kv-app
+spec:
+  type: kv-v2
+  mount: kvv2
+  path: docker/config
+  # dest k8s secret
+  destination:
+    name: myregistryKey
+    create: true
+    type: "kubernetes.io/dockerconfigjson"
+---
+# Example pod from
+# https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
+apiVersion: v1
+kind: Pod
+metadata:
+  name: foo
+  namespace: awesomeapps
+spec:
+  containers:
+    - name: foo
+      image: janedoe/awesomeapp:v1
+  imagePullSecrets:
+   - name: myregistrykey
+```