From 6cbfde95ecba32d09eaff38a3a0b0fb878771599 Mon Sep 17 00:00:00 2001
From: Smeet nagda <81572407+smeet07@users.noreply.github.com>
Date: Tue, 30 May 2023 23:24:05 +0530
Subject: [PATCH 1/2] command line option.

---
 site/content/docs/reference/supported-clusters.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/site/content/docs/reference/supported-clusters.md b/site/content/docs/reference/supported-clusters.md
index e9838166..2811c093 100644
--- a/site/content/docs/reference/supported-clusters.md
+++ b/site/content/docs/reference/supported-clusters.md
@@ -37,3 +37,6 @@ token credential request API strategy by default.
 
 To choose the strategy to use with the concierge, use the `--concierge-mode` flag with `pinniped get kubeconfig`.
 Possible values are `ImpersonationProxy` and `TokenCredentialRequestAPI`.
+
+Do not use the command line option `--anonymous-auth=false` in the `kube-apiserver` CLI for a cluster that does not use `impersonation proxy`. This is because the `kube-apiserver` blocks unauthenticated access to `TokenCredentialRequest` API of the Concierge. 
+This does not matter while using `impersonation proxy`, which will allow these TokenCredentialRequests requests anyway.

From c9d54de91af73ba2455feb7ac59bbf76ed25427f Mon Sep 17 00:00:00 2001
From: Smeet nagda <81572407+smeet07@users.noreply.github.com>
Date: Thu, 1 Jun 2023 22:25:24 +0530
Subject: [PATCH 2/2] backtick changes

Co-authored-by: Ryan Richard <richardry@vmware.com>
---
 site/content/docs/reference/supported-clusters.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/site/content/docs/reference/supported-clusters.md b/site/content/docs/reference/supported-clusters.md
index 2811c093..1eff4385 100644
--- a/site/content/docs/reference/supported-clusters.md
+++ b/site/content/docs/reference/supported-clusters.md
@@ -38,5 +38,5 @@ token credential request API strategy by default.
 To choose the strategy to use with the concierge, use the `--concierge-mode` flag with `pinniped get kubeconfig`.
 Possible values are `ImpersonationProxy` and `TokenCredentialRequestAPI`.
 
-Do not use the command line option `--anonymous-auth=false` in the `kube-apiserver` CLI for a cluster that does not use `impersonation proxy`. This is because the `kube-apiserver` blocks unauthenticated access to `TokenCredentialRequest` API of the Concierge. 
-This does not matter while using `impersonation proxy`, which will allow these TokenCredentialRequests requests anyway.
+Do not use the command line option `--anonymous-auth=false` in the `kube-apiserver` CLI for a cluster that does not use the impersonation proxy strategy. This is because the `kube-apiserver` blocks unauthenticated access to the TokenCredentialRequest API of the Concierge, which will prevent users from being able to authenticate. 
+This does not matter while using the impersonation proxy strategy, which will allow these TokenCredentialRequests requests anyway.