fixup! feat(CU-869av0xyh): add kubernetes auto worker pool registration

Author: eliecharra

docs/concepts/worker-pools/kubernetes-workers.md

@@ -112,23 +112,24 @@ If you are using OpenShift, additional steps are required to allow the controlle
 
 ## Create a WorkerPool
 
-The recommended approach for deploying worker pools is to use auto-registration.
-
-With auto-registration, the controller automatically creates and manages worker pools in Spacelift without requiring manual setup steps in the UI. When you create a WorkerPool resource without token and privateKey credentials, the controller handles the complete lifecycle: it registers the pool with Spacelift, generates the required credentials, stores them securely in Kubernetes secrets, and manages ongoing operations.
-
-This approach enables true GitOps workflows where worker pools can be provisioned declaratively alongside other infrastructure.
-There's no need to coordinate between the Spacelift UI and your Kubernetes deployment, eliminating potential errors and simplifying automation.
+The recommended approach for deploying worker pools is to use [auto-registration](#auto-registration).
 
 With OIDC secret configuration, you can also avoid storing static Spacelift credentials in the cluster.
 
-You can also create the WorkerPool manually on Spacelift, and save its secrets on the cluster. That's still a perfectly valid approach if you do not want to use auto registration.
+You can also [create the WorkerPool manually](#manual-registration) on Spacelift, and save its secrets on the cluster. That's still a perfectly valid approach if you do not want to use auto registration.
 
 ### Auto-Registration
 
+With auto-registration, the controller automatically creates and manages worker pools in Spacelift without requiring manual setup steps in the UI. 
+When you create a WorkerPool resource without token and privateKey credentials, the controller handles the complete lifecycle: it registers the pool with Spacelift, generates the required credentials, stores them securely in Kubernetes secrets, and manages ongoing operations.
+
+This approach enables true GitOps workflows where worker pools can be provisioned declaratively alongside other infrastructure.
+There's no need to coordinate between the Spacelift UI and your Kubernetes deployment, eliminating potential errors and simplifying automation.
+
 !!! warning
     When using auto registration, it's impossible to update and reset the workerpool from the Spacelift UI. The reason for that is to make obvious that the pool is managed from the cluster, and avoid conflicts by forcing a single source of truth.
 
-#### Create a Secret
+#### Create an API Key
 
 For auto registration to work, you need to create a Spacelift API key to allow the controller to manage worker pools in Spacelift. This key should be granted the `Worker pool controller` role for the space that your worker pool will be created in, and needs to be stored in a secret called `spacelift-api-credentials` in the same namespace as the Kubernetes controller (by default `spacelift-worker-controller-system`).
 
@@ -142,8 +143,8 @@ For auto registration to work, you need to create a Spacelift API key to allow t
 
     ```shell
     kubectl create secret generic spacelift-api-credentials \
-      --from-literal=key-id=<your-api-key-id> \
-      --from-literal=key-secret=<your-api-key-secret> \
+      --from-literal=keyId=<your-api-key-id> \
+      --from-literal=keySecret=<your-api-key-secret> \
       --from-literal=endpoint=https://<your-account>.app.spacelift.io \
       --namespace spacelift-worker-controller-system
     ```
@@ -159,7 +160,7 @@ For auto registration to work, you need to create a Spacelift API key to allow t
 
     ```shell
     kubectl create secret generic spacelift-api-credentials \
-      --from-literal=key-id=<your-oidc-api-key-id> \
+      --from-literal=keyId=<your-oidc-api-key-id> \
       --from-literal=endpoint=https://<your-account>.app.spacelift.io \
       --namespace spacelift-worker-controller-system
     ```
@@ -180,7 +181,8 @@ When creating the Spacelift OIDC API key, use:
 
 - **Issuer**: The OIDC issuer URL from above
 - **Client ID (audience)**: `https://kubernetes.default.svc`
-- **Subject Expression**: `^system:serviceaccount:NAMESPACE:SERVICE_ACCOUNT_NAME$`
+- **Subject Expression**: `^system:serviceaccount:NAMESPACE:SERVICE_ACCOUNT_NAME$` (replace `NAMESPACE` and `SERVICE_ACCOUNT_NAME` with yours)
+
 
 The controller's service account token contains these claims, allowing it to authenticate with Spacelift without any static credentials.
 
@@ -196,23 +198,10 @@ metadata:
   name: auto-registered-pool
 spec:
   poolSize: 2
-
-  # You can also eventually configure the following optional Spacelift-related attributes
-
-  # Specify which Spacelift space to create the pool in
-  space: production
-
-  # Add a description for documentation purposes
-  description: Production worker pool for infrastructure deployments
-
-  # Configure drift detection limits
-  driftDetectionRunLimits:
-    # Set maximum number of concurrent drift detection runs
-    maxRuns: 5
 EOF
 ```
 
-You can refer to the `WorkerPool` CRD for more details.
+You can refer to the [`WorkerPool`](#configuration) CRD for all optional fields. There are fields specific for auto registration that configures how your pool is setup in Spacelift.
 
 ### Manual Registration
 
@@ -314,8 +303,11 @@ If you installed the controller using the Helm chart, the RBAC permissions are a
 The same applies if you installed using kubectl with raw manifests. The updated permissions are included in the manifests.
 
 No action is required for existing manually registered worker pools, they will continue to work exactly as before.
-The new auto-registration feature is opt-in and only activates when you create WorkerPool resources without token and privateKey credentials,
-and if a Spacelift credentials secret is configured.
+
+The new auto-registration feature is opt-in, and only activates when the following conditions are both true:
+
+- You create a WorkerPool resource without specifying the `token` and `privateKey`.
+- You provide a `spacelift-api-credentials` secret in the same namespace as your controller containing your API credentials.
 
 ### Upgrading to controller v0.0.17 - or Helm chart v0.33.0
 
@@ -537,7 +529,7 @@ spec:
   # space allows you to specify which Spacelift space to create the pool in.
   # Only applies to auto-registered pools.
   # Optional
-  space: production
+  space: production-01ARZ3NDEKTSV4RRFFQ69G5FAV
 
   # description sets a description for the worker pool.
   # Useful for documentation and organization in the Spacelift UI.