Document Credential distribution system

Closes: Mirantis/hmc#719

docs/credential/distribution.md

@@ -0,0 +1,43 @@
+# Credential Distribution System
+
+The 2A system provides a mechanism to distribute `Credential` objects across namespaces using the
+`AccessManagement` object. This object defines a set of `accessRules` that determine how credentials are distributed.
+
+Each access rule specifies:
+
+1. The target namespaces where credentials should be delivered.
+2. A list of `Credential` names to distribute to those namespaces.
+
+The HMC controller will copy the specified `Credential` objects from the **system** namespace to the target
+namespaces based on the `accessRules` in the `AccessManagement` spec.
+
+> INFO:
+> Access rules can also include `Cluster` and `Service` TemplateChains (`clusterTemplateChains` and
+> `serviceTemplateChains`) to distribute templates to target namespaces.
+> For more details, read: [Template Life Cycle Management](../template/main.md#template-life-cycle-management).
+
+## How to Configure Credential Distribution
+
+To configure the distribution of `Credential` objects:
+
+1. Edit the `AccessManagement` object.
+2. Populate the `.spec.accessRules` field with the list of `Credential` names and the target namespaces.
+
+Here’s an example configuration:
+
+```yaml
+spec:
+  accessRules:
+  - targetNamespaces:
+      list:
+        - dev
+        - test
+    credentials:
+      - aws-demo
+      - azure-demo
+```
+
+In this example, the `aws-demo` and `azure-demo` `Credential` objects will be distributed to the `dev` and `test`
+namespaces.
+
+

docs/template/main.md

@@ -14,8 +14,8 @@ templates shipped with 2A.
 
 ## Template Life Cycle Management
 
-Cluster and Service Templates can be delivered to target namespaces using the `TemplateManagement`,
-`ClusterTemplateChain` and `ServiceTemplateChain` objects. `TemplateManagement` object contains the list of
+Cluster and Service Templates can be delivered to target namespaces using the `AccessManagement`,
+`ClusterTemplateChain` and `ServiceTemplateChain` objects. `AccessManagement` object contains the list of
 access rules to apply. Each access rule contains the namespaces' definition to deliver templates into and
 the template chains. Each `ClusterTemplateChain` and `ServiceTemplateChain` contains the supported templates
 and the upgrade sequences for them.
@@ -39,7 +39,7 @@ spec:
     - name: aws-standalone-cp-0-0-2
 ```
 
-2. Edit `TemplateManagement` object and configure the `.spec.accessRules`.
+2. Edit `AccessManagement` object and configure the `.spec.accessRules`.
    For example, to apply all templates and upgrade sequences defined in the `aws` `ClusterTemplateChain` to the
    `default` namespace, the following `accessRule` should be added:
 

docs/usage/cluster-update.md

@@ -24,7 +24,7 @@ check the `.status.conditions`.
 > NOTE:
 > The `ManagedCluster` is allowed to be updated to specific templates only.
 > The templates available for the update are defined in the
-> `ClusterTemplateChain` objects. Also, the `TemplateManagement` object should
+> `ClusterTemplateChain` objects. Also, the `AccessManagement` object should
 > contain properly configured `spec.accessRules` with the list of
 > `ClusterTemplateChain` object names and the namespaces where the supported
 > templates from the chain spec will be delivered. For details, see:

mkdocs.yml

@@ -95,6 +95,7 @@ nav:
         - Hosted Control Plane: clustertemplates/vsphere/hosted-control-plane.md
   - Credentials:
       - Overview: credential/main.md
+      - Distribution: credential/distribution.md
   - RBAC:
       - Overview: rbac/roles.md
   - Architecture: architecture.md