Could you rephrase the paragraph? I don't understand it.

I want to cover following:

The port-defined domains in dnsNames accessing rgw should be same as cephobjectstore.Spec. By default ingress loadbalancer or openshift routes uses same port as the service which they are exposing

If secureport is defined in cephobjectstoreSpec, then dnsNames contain domains which uses the secure port. And this domain need approved by the SSL certs which RGW is using

What is a "port-defined domain"? I thought the port was independent from the dns name.
I understand better now what you are saying. Can you update the doc paragraph now instead of just the comment?

Sorry, I meant port defined for domain. For example if create an openshift route for rgw service, I will specify which port the openshift route need to listen to in the service let it be 80. Even though I can access the rgw server via route endpoint direclty without any port http://route will work also the http://route:80 is valid but htttp://route:81(some other values than 80) will fail as the connection refused. Same with ingress loadbalancer.

If TLS port is defined for cephobjectstore then Rook always tries to communicate with RGW using the secure path. Now consider two routes one normal route listens to port 80 and there another routesecure listens to 443 of rgw service. In the DNS names both routes need to include. But Rook always pick secure port then valid DNS name for internal communication will be https://routesecure:443 . With current changes, there is chance that it can be https://route:443 which will fail. Secondly this domain routesecure needs to be verified by the rgw service. Or the user can set insecureSkipVerify in the TLS cert for RGW server

Perhaps a few separate notes would help clarify things better for users. I also don't think we need a note callout. This information seems critical enough that it should be in the main explanation for the feature. I like bulleted lists when doing technical writing for keeping information concise and readable, like

Important considerations:

• ports configured in the ingress path for an endpoint must match the port or securePort specified in the CephObjectStore spec
• if the CephObjectStore specifies both port and securePort the endpoint must use the securePort
• etc. etc.

This doesn't read clearly in multiple places, and I'm having trouble figuring out what users need to do.

Is this what is intended?

"If TLS is enabled, the TLS certificate must include the domains in dnsNames, or insecureSkipVerify must be set on the CephObjectStore."

I can't tell if this section is intended to be part of the paragraph that begins with the bullet * dnsNames above, or if it is intended to be a separate paragraph.

As it is, the text "Please consider..." immediately follows the dnsNames bullet, which implies it should be the same content, but it also is indented on the left, which implies it should be a separate paragraph.

The 3 bullets are indented, which implies there is intent to have this be part of the dnsNames bullet.

IMO, this section is short enough that this will be easier to read for users if it is a separate paragraph. To format it as such, please add an empty line above "Please consider..." and un-indent the 3 bullets.