From 0b15e1df9c8c7e2008a87b3c3073b0015312b1e4 Mon Sep 17 00:00:00 2001
From: Ali <ibrahimaeali@gmail.com>
Date: Sat, 10 Nov 2018 13:19:58 -0500
Subject: [PATCH] Updated documentation for the k8s module

---
 .../utils/module_docs_fragments/k8s_auth_options.py        | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/ansible/utils/module_docs_fragments/k8s_auth_options.py b/lib/ansible/utils/module_docs_fragments/k8s_auth_options.py
index c41d816909f..b24cbfaab9b 100644
--- a/lib/ansible/utils/module_docs_fragments/k8s_auth_options.py
+++ b/lib/ansible/utils/module_docs_fragments/k8s_auth_options.py
@@ -56,8 +56,8 @@ options:
       variable.
   ssl_ca_cert:
     description:
-    - Path to a CA certificate used to authenticate with the API. Can also be specified via K8S_AUTH_SSL_CA_CERT
-      environment variable.
+    - Path to a CA certificate used to authenticate with the API. The full certificate chain must be provided to
+      avoid certificate validation errors. Can also be specified via K8S_AUTH_SSL_CA_CERT environment variable.
   verify_ssl:
     description:
     - "Whether or not to verify the API server's SSL certificates. Can also be specified via K8S_AUTH_VERIFY_SSL
@@ -68,4 +68,7 @@ notes:
   - "The OpenShift Python client wraps the K8s Python client, providing full access to
     all of the APIS and models available on both platforms. For API version details and
     additional information visit https://github.com/openshift/openshift-restclient-python"
+  - "To avoid SSL certificate validation errors when C(verify_ssl) is I(True), the full
+    certificate chain for the API server must be provided via C(ssl_ca_cert) or in the
+    kubeconfig file."
 '''