diff --git a/content/for-administrators/plan-your-environment/sizing.md b/content/for-administrators/plan-your-environment/sizing.md index 6482a527..54a13b73 100644 --- a/content/for-administrators/plan-your-environment/sizing.md +++ b/content/for-administrators/plan-your-environment/sizing.md @@ -27,7 +27,7 @@ Resource requirements for a single SAAP cluster is as follows: The overall minimum resource requirements are: -| Machine pool role | Minimum size (vCPU x Memory x Storage) | Minimum pool size | Total vCPUs | Total Memory (GiB) | Total Storage (GiB) +| Machine pool role | Minimum size (vCPU x Memory x Storage) | Minimum pool size | Total vCPUs | Total Memory (GiB) | Total Storage (GiB) | |:---|:---|---:|---:|---:|---:| | Control plane | 8 x 32 x 350 | 3 | 24 | 96 | 1050 (Provisioned IOPS 1000) | | Infra | 8 x 32 x 300 | 3 | 24 | 96 | 900 (General Purpose SSD) | diff --git a/content/for-administrators/secure-your-cluster/azure-gso.md b/content/for-administrators/secure-your-cluster/azure-gso.md index 39790ad4..959a2958 100644 --- a/content/for-administrators/secure-your-cluster/azure-gso.md +++ b/content/for-administrators/secure-your-cluster/azure-gso.md @@ -1,26 +1,33 @@ # Configuring Azure AD Group Sync Application -1. To enable sync groups from Azure AD (Microsoft's) account to Stakater Cloud you first have to register an application on Azure. Go to the -1. Open `Azure Active Directory` service -1. On the left tab under the Manage section, click `App Registrations` -1. Click on `New Registration`. Use `group-sync` under Name and click `Register` +For Azure AD, two applications are needed, one for group synchronization, and one for the identity provider. Only users in target groups are synchronized. These are the steps to enable group sync: + +1. To enable sync groups from the Microsoft Azure AD account to Stakater Cloud you first have to register an application on Azure. Go to the [Azure Portal](https://portal.azure.com). +1. Open the `Azure Active Directory` service +1. On the left tab under the Manage section, click `App registrations` +1. Click on `New registration`. Enter `group-sync` as name and click `Register`: ![Azure AD](images/azure-ad.png) -1. The GroupSync job requires additional permissions on the Azure AD tenant. To set these up, add the `Group.Read.All`, `GroupMember.Read.All`,`User.Read.All` entries under the `API Permissions` +1. The `GroupSync` job requires additional permissions on the Azure AD tenant. To set these up, add these permissions under `API permissions` > `Configured permissions`: + * `Group.Read.All` + * `GroupMember.Read.All` + * `User.Read.All` ![Azure App API Permissions](images/azure-permissions-group-sync.png) -1. Click on the newly created app `group-sync`. Click `Certificates & secrets` from the left tab. Click `New Client Secret`. Under `Expires` pick any option. Under `Description` enter *saap-group-sync*, and click `Add` +1. Click on the newly created app `group-sync`. Click `Certificates & secrets` from the left tab. Click `New client secret`. Under `Expires` pick any option. Under `Description` enter `saap-group-sync`, and click `Add`: ![Certificates and Secrets](images/azure-ad-certificates-secrets.png) -1. Copy the value of the newly created client secret and note the `Application (client) ID` and `Directory (tenant) ID` of the `group-sync` app registration from the `Overview` tab. **Send this to Stakater Support** +1. Copy the value of the newly created client secret and note the `Application (client) ID` and `Directory (tenant) ID` of the `group-sync` app registration from the `Overview` tab, and **send them to Stakater Support**: ![Client-Tenant-ID](images/azure-ad-clientid-tenantid.png) ## Items to be provided to Stakater Support -- `Application (client) ID` -- `Directory (tenant) ID` -- `client Secret` +Please provide the secrets via password manager: + +* `Application (client) ID` +* `Directory (tenant) ID` +* `Client Secret` diff --git a/content/for-administrators/secure-your-cluster/azure-idp.md b/content/for-administrators/secure-your-cluster/azure-idp.md index f82d43fb..302a225b 100644 --- a/content/for-administrators/secure-your-cluster/azure-idp.md +++ b/content/for-administrators/secure-your-cluster/azure-idp.md @@ -1,27 +1,35 @@ # Configuring Azure AD identity provider -1. To enable login with Azure AD (Microsoft's) account you first have to register an OAuth application on Azure. Go to the +For Azure AD, two applications are needed, one for group synchronization, and one for the identity provider. These are the steps for identity provider: + +1. To enable login with a Microsoft Azure AD account you first have to register an OAuth application on Azure. Login to [Azure Portal](https://portal.azure.com). 1. Open `Azure Active Directory` service 1. On the left tab under the Manage section, click `App Registrations` -1. Click on `New Registration`. Use `saap` under Name. Under Redirect URI section Choose `Web` and enter the Redirect URI (**This will be provided by Stakater Support**) and click `Register` +1. Click on `New registration`. Enter `saap` as the name. Under the `Redirect URI` section, choose `Web` and enter the Redirect URI that **will be provided by Stakater Support** and click `Register`: ![Azure AD](images/azure-ad.png) -1. Go to "API permissions" and add the required Microsoft Graph API permissions. Typically, you need `User.Read` and `openid`, `profile`, and `email` permissions. -1. lick on the newly created app `saap`. Click `Certificates & secrets` from the left tab. Click `New Client Secret`. Under `Expires` pick any option. Under `Description` put *saap oidc* and click `Add` +1. Go to `API permissions` and add the required Microsoft Graph API permissions. Typically, you need these permissions: + * `User.Read` + * `openid` + * `profile` + * `email` +1. Click on the newly created app `saap`. Click `Certificates & secrets` from the left tab. Click `New client secret`. Under `Expires` pick any option. Under `Description` enter `saap oidc` and click `Add`: ![Certificates and Secrets](images/azure-ad-certificates-secrets.png) -1. Copy the value of the newly created client secret and note the `Application (client) ID` and `Directory (tenant) ID` of the `saap` app registration from the `Overview` tab. **Send this to Stakater Support** +1. Copy the value of the newly created client secret and note the `Application (client) ID` and `Directory (tenant) ID` of the `saap` app registration from the `Overview` tab. **Send this to Stakater Support**: ![Client-Tenant-ID](images/azure-ad-clientid-tenantid.png) ## Items provided by Stakater Support -- `Redirect URIs` +* `Redirect URIs` ## Items to be provided to Stakater Support -- `Application (client) ID` -- `Directory (tenant) ID` -- `client Secret` +Please provide the secrets via password manager: + +* `Application (client) ID` +* `Directory (tenant) ID` +* `client Secret` diff --git a/content/for-administrators/secure-your-cluster/google-idp.md b/content/for-administrators/secure-your-cluster/google-idp.md index 8c13dd48..0a6c3fd7 100644 --- a/content/for-administrators/secure-your-cluster/google-idp.md +++ b/content/for-administrators/secure-your-cluster/google-idp.md @@ -2,24 +2,25 @@ To enable login with Google you first have to create a project and a client in the [Google Developer Console](https://console.cloud.google.com/project). -1. Log in to the Google [Developer Console](https://console.cloud.google.com/project) +1. Log in to the Google [Developer Console](https://console.cloud.google.com/project): ![Developer console](images/google-developer-console.png) -1. Click the `Create Project` button. Use any value for `Project name` and `Project ID` you want, then click the `Create` button. Wait for the project to be created (this may take a while). Once created you will be brought to the project's dashboard. +1. Click the `Create Project` button. Use any value for `Project name` and `Project ID` you want, then click the `Create` button. Wait for the project to be created - this may take a while. Once created you will be brought to the project's dashboard: ![Project Dashboard](images/google-dashboard.png) -1. Google requires some basic information about the product before creating any secrets for it. For a new project, you have first to configure `OAuth consent screen`. Fill in `OAuth consent screen` details. Keep the **Application Type** `Internal`. Add the `email`, `profile` and `openid` in the allowed **Scopes**. Under **Authorized domains** add `kubeapp.cloud` along with any hosted domain(s) which you want to allow. e.g if Authorized domain is `xyz.com` then `bob@xyz.com` will be allowed -![Google OAuth consent screen](images/google-oauth-consent-screen.png) +1. Google requires some basic information about the product before creating any secrets for it. For a new project, you have first to configure `OAuth consent screen`. Fill in `OAuth consent screen` details. Keep the **Application type** `Internal`. Add the `email`, `profile` and `openid` in the allowed **Scopes**. Under **Authorized domains** add `kubeapp.cloud` along with any hosted domains which you want to allow. For example, if Authorized domain is `xyz.com` then `bob@xyz.com` will be allowed: -1. Then navigate to the `APIs & Services` section in the Google Developer Console. On that screen, navigate to `Credentials` administration. select `OAuth client ID` under the `Create credentials` button. + ![Google OAuth consent screen](images/google-oauth-consent-screen.png) -1. You will then be brought to the `Create OAuth client ID` page. Select `Web application` as the application type. Specify the name you want for your client. In `Redirect URI` (**This will be provided by Stakater Support**) click the Create button. +1. Then navigate to the `APIs & Services` section in the Google Developer Console. On that screen, navigate to `Credentials` administration. Select `OAuth client ID` under the `Create credentials` button. + +1. You will then be brought to the `Create OAuth client ID` page. Select `Web application` as the application type. Specify the name you want for your client. Enter the `Authorized redirect URIs` that **Stakater Support provides**, then click the `Create` button: ![Google OAuth screen](images/google-create-oauth-id.png) -1. After you click Create you will be brought to the `Credentials` page. Click on your new OAuth 2.0 Client ID to view the settings of your new Google Client. You will need to obtain the `client ID` and `secret` **Send these to Stakater Support**. +1. After you click `Create` you will be brought to the `Credentials` page. Click on your new `OAuth 2.0 Client ID` to view the settings of your new Google Client. You will need to provide the `Client ID` and `Client secret` to Stakater, **send these to Stakater Support**: ![client-id-scret](images/google-client-id-secret.png) diff --git a/content/for-developers/how-to-guides/build-and-push-your-image/build-and-push-your-image.md b/content/for-developers/how-to-guides/build-and-push-your-image/build-and-push-your-image.md index c508f015..220e6274 100644 --- a/content/for-developers/how-to-guides/build-and-push-your-image/build-and-push-your-image.md +++ b/content/for-developers/how-to-guides/build-and-push-your-image/build-and-push-your-image.md @@ -58,12 +58,12 @@ 1. Open Nexus UI from Forecastle. Upon opening the link, you'll be redirected to Nexus home page. - ![`nexus-Forecastle`](../images/nexus-forecastle.png) - ![`nexus-homepage`](../images/nexus-homepage.png) + ![`nexus-Forecastle`](../images/nexus-forecastle.png) + ![`nexus-homepage`](../images/nexus-homepage.png) 1. Select `Browse` from the left sidebar, Click on `docker` to view your Container Image Registry. - ![`nexus-browse-docker`](../images/nexus-browse-docker.png) + ![`nexus-browse-docker`](../images/nexus-browse-docker.png) 1. Verify that the image you pushed is present in the list. diff --git a/content/for-developers/how-to-guides/package-and-push-your-chart/package-and-push-your-chart.md b/content/for-developers/how-to-guides/package-and-push-your-chart/package-and-push-your-chart.md index 61d0fe6b..31c1b0b8 100644 --- a/content/for-developers/how-to-guides/package-and-push-your-chart/package-and-push-your-chart.md +++ b/content/for-developers/how-to-guides/package-and-push-your-chart/package-and-push-your-chart.md @@ -22,7 +22,7 @@ Alternatively, Navigate to the cluster Forecastle, search `nexus` using the sear - `nexus-helm-reg-url` : Add `-helm` in URL after `nexus` and append `/repository/helm-charts/`. This URL points to Helm Registry referred as `nexus-helm-reg-url` in this tutorial for example `https://nexus-helm-stakater-nexus.apps.clustername.random123string.kubeapp.cloud/repository/helm-charts/` - ![nexus-Forecastle](../images/nexus-forecastle.png) + ![nexus-Forecastle](../images/nexus-forecastle.png) ### Package and Upload the chart to Nexus @@ -45,12 +45,12 @@ Alternatively, Navigate to the cluster Forecastle, search `nexus` using the sear 1. Open Nexus UI from Forecastle. Upon opening the link, you'll be redirected to Nexus home page. - ![`nexus-Forecastle`](../images/nexus-forecastle.png) - ![`nexus-homepage`](../images/nexus-homepage.png) + ![`nexus-Forecastle`](../images/nexus-forecastle.png) + ![`nexus-homepage`](../images/nexus-homepage.png) 1. Select `Browse` from the left sidebar, Click on `Helm Charts` to view your Helm Registry Charts. - ![`nexus-browse-helm`](../images/nexus-browse-helm.png) + ![`nexus-browse-helm`](../images/nexus-browse-helm.png) 1. Verify that the chart you uploaded is present in the list. diff --git a/content/for-developers/tutorials/inner-loop/about-application/about-application.md b/content/for-developers/tutorials/inner-loop/about-application/about-application.md index ebc2dbca..b5de5b52 100644 --- a/content/for-developers/tutorials/inner-loop/about-application/about-application.md +++ b/content/for-developers/tutorials/inner-loop/about-application/about-application.md @@ -6,7 +6,7 @@ Welcome to the Nordmart Review 101 guide! In this section, we'll explore the arc The Nordmart Review is designed with a modular architecture that consists of three crucial components, each playing a unique role in delivering an exceptional user experience: -
+![Nordmart architecture](images/nordmart-architecture.png) ### Review UI diff --git a/content/for-developers/tutorials/inner-loop/scale-app/scale-app.md b/content/for-developers/tutorials/inner-loop/scale-app/scale-app.md index aa352c17..79a2f502 100644 --- a/content/for-developers/tutorials/inner-loop/scale-app/scale-app.md +++ b/content/for-developers/tutorials/inner-loop/scale-app/scale-app.md @@ -38,7 +38,7 @@ Welcome to this tutorial on utilizing Horizontal Pod Autoscaler (HPA) in SAAP to It should look like this: - ![autoscaling values](images/autoscaling-yaml.png) + ![autoscaling values](images/autoscaling-yaml.png) 1. Save and run `tilt up` at the root of your directory. Hit the space bar and the browser with `TILT` logs will be shown. If everything is green then the changes will be deployed on the cluster. @@ -59,20 +59,20 @@ Welcome to this tutorial on utilizing Horizontal Pod Autoscaler (HPA) in SAAP to 1. While this is running, we should see in SAAP, the autoscaler is kicking in and spinning up additional pods. Open the `Workloads` tab. At the very bottom, you will see HorizontalPodAutoScalar. Open the review HPA. You will see the below screen Notice the CPU utilization and desired replica count. It has jumped! - ![scale-up](./images/scale-up.png) + ![scale-up](./images/scale-up.png) 1. If you navigate to the review deployment, you should see the replica count has jumped and so have the number of pods. - ![HPA-deployment](images/deployment-after-autoscale.png) + ![HPA-deployment](images/deployment-after-autoscale.png) - ![replicas-HPA](images/pods-hpa.png) + ![replicas-HPA](images/pods-hpa.png) 1. Now let's wait for a couple of minutes for the load to ease. Navigate back to the `review` HorizontalPodAutoscaler. You will see that the CPU utilization and desired replicas have started going down. - ![scale-down](./images/back-to-before-hpa.png) + ![scale-down](./images/back-to-before-hpa.png) 1. Go to the review deployment, you will see that it has brought the pods down (Or is trying to decrease the number of pods) - ![scale-down](images/back-to-one-pod.png) + ![scale-down](images/back-to-one-pod.png) WELL DONE!! YOU NOW HAVE AUTO SCALING WITH YOUR APPLICATION!! diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/03-create-webhook.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/03-create-webhook.md index f93eacf9..bd665840 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/03-create-webhook.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/03-create-webhook.md @@ -19,15 +19,15 @@ The webhook setup acts as a bridge between your code repository and the CI/CD pi 1. Begin by accessing the repository where you plan to set up the webhook. In your source code GitHub repository, locate and click on the `Settings` tab. - ![Repository settings](images/repository-settings.png) + ![Repository settings](images/repository-settings.png) 1. Within the repository settings, navigate to the `Webhooks` section. This is where you can manage and configure webhooks for your repository. - ![Webhook](images/webhook.png) + ![Webhook](images/webhook.png) 1. Click on the option to `Add a new webhook` to initiate the process of creating a new webhook for your repository. - ![Webhook](images/add-webhook.png) + ![Webhook](images/add-webhook.png) 1. To set up the webhook, you'll need the `URL of the pipeline-as-code interceptor`. This URL is used to connect GitHub with your SAAP's pipeline system. @@ -68,25 +68,25 @@ The webhook setup acts as a bridge between your code repository and the CI/CD pi 1. Access Vault from `Forecastle` console, search `Vault` and open the `Vault` tile. -
+ ![Forecastle](images/forecastle.png) 1. From the drop-down menu under `Method`, select `OIDC` and click on `Sign in with OIDC Provider`. -
+ ![login-oidcs](images/login-oidc.png) 1. You will be brought to the `Vault` console. You should see the key/value path for . -
+ ![Vault tenant](images/vault-tenant.png) 1. Click on `/kv/`. 1. You will now be brought to the `secrets` and the `configurations` in Vault for . Click on `create secret`. -
+ ![create-secret](images/create-secret.png) 1. Let's create a `github-webhook-config` secret for our webhook secret. Write the name of the secret in `path` which is `github-webhook-config`. Add `secret data`, key: `webhook.secret`, value: (your webhook secret). Hit save. -
+ ![webhook secret](images/webhook-secret.png) ### Add External Secret @@ -101,41 +101,41 @@ The webhook setup acts as a bridge between your code repository and the CI/CD pi 1. Create a file named `github-webhook-config.yaml` and add in the below content. Replace the Url with your application repository's Url. ```yaml - apiVersion: external-secrets.io/v1beta1 - kind: ExternalSecret - metadata: + apiVersion: external-secrets.io/v1beta1 + kind: ExternalSecret + metadata: + name: github-webhook-config + spec: + secretStoreRef: + name: tenant-vault-secret-store + kind: SecretStore + refreshInterval: "1m0s" + target: name: github-webhook-config - spec: - secretStoreRef: - name: tenant-vault-secret-store - kind: SecretStore - refreshInterval: "1m0s" - target: - name: github-webhook-config - creationPolicy: 'Owner' - template: - data: - provider.token: "{{ .password | toString }}" - webhook.secret: "{{ .secret | toString }}" + creationPolicy: 'Owner' + template: data: - - secretKey: password - remoteRef: - key: github-webhook-config - property: provider.token - - secretKey: secret - remoteRef: - key: github-webhook-config - property: webhook.secret + provider.token: "{{ .password | toString }}" + webhook.secret: "{{ .secret | toString }}" + data: + - secretKey: password + remoteRef: + key: github-webhook-config + property: provider.token + - secretKey: secret + remoteRef: + key: github-webhook-config + property: webhook.secret ``` -
+ ![GitHub-webhook-config-es](images/github-webhook-config-es.png) 1. Now open up ArgoCD and look for this External Secret. If everything was added correctly, you will see a secret created from this External Secret. -
+ ![GitHub-webhook-config-argo](images/github-webhook-config-argo.png) 1. You can also check this secret by navigation to `-build` namespace and searching for the secret. -
+ ![GitHub-webhook-config-secret](images/github-webhook-config-secret.png) Great! We have everything set up for creating the Repository CR. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/05-create-repository.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/05-create-repository.md index cf99c8ea..b6432472 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/05-create-repository.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/05-create-repository.md @@ -40,7 +40,7 @@ In this tutorial, you'll create secrets containing your GitHub access credential name: "github-webhook-config" ``` - ![repository](images/repository.png) + ![repository](images/repository.png) Once you add these two files to the repository at the correct path, you can see that ArgoCD has deployed them to the cluster. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/06-adding-pipeline.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/06-adding-pipeline.md index 5672d9cd..ee1fd83f 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/06-adding-pipeline.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/06-adding-pipeline.md @@ -35,9 +35,9 @@ Let's walk you through creating a Tekton `PipelineRun` using a `Pipeline-as-Code 1. You can go to your tenant's build namespace and see the pipeline running. - ![git-clone](images/git-clone.png) + ![git-clone](images/git-clone.png) - ![git-clone-logs](images/git-clone-logs.png) + ![git-clone-logs](images/git-clone-logs.png) ### Exploring the Git Clone Task diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/07-add-create-git-tag.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/07-add-create-git-tag.md index 864c9a65..98943c79 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/07-add-create-git-tag.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/07-add-create-git-tag.md @@ -34,8 +34,8 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a 1. Create a pull request with you changes. This should trigger the pipeline in the build namespace. - ![create-git-tag](images/create-git-tag.png) + ![create-git-tag](images/create-git-tag.png) - ![create-git-tag-logs](images/create-git-tag-logs.png) + ![create-git-tag-logs](images/create-git-tag-logs.png) Great! Let's add more tasks in our pipelineRun in coming tutorials. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/08-add-create-environment.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/08-add-create-environment.md index 4ff85171..53751676 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/08-add-create-environment.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/08-add-create-environment.md @@ -32,16 +32,16 @@ The create environment task utilizes [Tronador](https://docs.stakater.com/tronad 1. Create a pull request with your changes. This should trigger the pipeline in the build namespace. - ![create-env](images/create-env.png) + ![create-env](images/create-env.png) - ![create-env-logs](images/create-env-logs.png) + ![create-env-logs](images/create-env-logs.png) 1. Once the task completes, you should be able to see a new project. The name of this project will contain your pr number, application name, and first commit hash of your pr. - ![env-project](images/env-project.png) + ![env-project](images/env-project.png) 1. Open up the project and navigate to pods, you should be able to see your application running. - ![dynamic-env](images/dynamic-env.png) + ![dynamic-env](images/dynamic-env.png) Great! Let's add more tasks in our pipelineRun in coming tutorials. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/09-add-code-linting.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/09-add-code-linting.md index f49b2ef2..733ac26c 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/09-add-code-linting.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/09-add-code-linting.md @@ -29,8 +29,8 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a 1. Create a pull request with you changes. This should trigger the pipeline in the build namespace. - ![code-linting](images/code-linting.png) + ![code-linting](images/code-linting.png) - ![code-linting-logs](images/code-linting-logs.png) + ![code-linting-logs](images/code-linting-logs.png) Great! Let's add more tasks in our pipelineRun in coming tutorials. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/10-add-kube-linting.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/10-add-kube-linting.md index bc33675c..3fdba220 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/10-add-kube-linting.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/10-add-kube-linting.md @@ -29,8 +29,8 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a 1. Create a pull request with you changes. This should trigger the pipeline in the build namespace. - ![Kube-linting](images/kube-linting.png) + ![Kube-linting](images/kube-linting.png) - ![Kube-linting-logs](images/kube-linting-logs.png) + ![Kube-linting-logs](images/kube-linting-logs.png) Great! Let's add more tasks in our pipelineRun in coming tutorials. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/11-add-unit-test.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/11-add-unit-test.md index a8cea1d7..7fdceeda 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/11-add-unit-test.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/11-add-unit-test.md @@ -29,8 +29,8 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a 1. Create a pull request with you changes. This should trigger the pipeline in the build namespace. - ![unit-test](images/unit-test.png) + ![unit-test](images/unit-test.png) - ![unit-test-logs](images/unit-test-logs.png) + ![unit-test-logs](images/unit-test-logs.png) Great! Let's add more tasks in our pipelineRun in coming tutorials. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/12-add-sonar-scan.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/12-add-sonar-scan.md index 16d6d01f..2dcd99a6 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/12-add-sonar-scan.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/12-add-sonar-scan.md @@ -31,8 +31,8 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a 1. Create a pull request with you changes. This should trigger the pipeline in the build namespace. - ![sonar-scan](images/sonar-scan.png) + ![sonar-scan](images/sonar-scan.png) - ![sonar-scan-logs](images/sonar-scan-logs.png) + ![sonar-scan-logs](images/sonar-scan-logs.png) Great! Let's add more tasks in our pipelineRun in coming tutorials. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/13-add-buildah-image-build.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/13-add-buildah-image-build.md index 4b66bfdd..c1722b76 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/13-add-buildah-image-build.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/13-add-buildah-image-build.md @@ -29,8 +29,8 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a 1. Create a pull request with you changes. This should trigger the pipeline in the build namespace. - ![buildah](images/buildah.png) + ![buildah](images/buildah.png) - ![buildah-logs](images/buildah-logs.png) + ![buildah-logs](images/buildah-logs.png) Great! Let's add more tasks in our pipelineRun in coming tutorials. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/14-add-buildah-image-push.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/14-add-buildah-image-push.md index f4bca18c..97dfcf52 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/14-add-buildah-image-push.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/14-add-buildah-image-push.md @@ -29,8 +29,8 @@ You have already created a PipelineRun in the previous tutorial. Let's now add a 1. Create a pull request with you changes. This should trigger the pipeline in the build namespace. - ![buildah](images/buildah.png) + ![buildah](images/buildah.png) - ![buildah-logs](images/buildah-logs.png) + ![buildah-logs](images/buildah-logs.png) Great! Let's add more tasks in our pipelineRun in coming tutorials. diff --git a/content/for-devops-engineers/how-to-guides/configure-repository-secret/configure-repository-secret.md b/content/for-devops-engineers/how-to-guides/configure-repository-secret/configure-repository-secret.md index 2d7dd40e..83bd3d4a 100644 --- a/content/for-devops-engineers/how-to-guides/configure-repository-secret/configure-repository-secret.md +++ b/content/for-devops-engineers/how-to-guides/configure-repository-secret/configure-repository-secret.md @@ -76,7 +76,7 @@ stringData: Login to the ArgoCD UI. Click `Setting` from left sidebar, then `Repositories` to view connected repositories. > Make sure connection status is successful - ![`ArgoCD-repositories`](../images/ArgoCD-repositories.png) + ![`ArgoCD-repositories`](../images/ArgoCD-repositories.png) ### Create an External Secret diff --git a/content/for-devops-engineers/tutorials/03-deploy-demo-app/deploy-demo-app.md b/content/for-devops-engineers/tutorials/03-deploy-demo-app/deploy-demo-app.md index 7d07d94b..6749658e 100644 --- a/content/for-devops-engineers/tutorials/03-deploy-demo-app/deploy-demo-app.md +++ b/content/for-devops-engineers/tutorials/03-deploy-demo-app/deploy-demo-app.md @@ -41,11 +41,11 @@ Alternatively, Navigate to the cluster Forecastle, search `nexus` using the sear - `nexus-helm-reg-url` : Add `-helm` in URL after `nexus` and append `/repository/helm-charts/`. This URL points to Helm Registry referred as `nexus-helm-reg-url` in this tutorial for example `https://nexus-helm-stakater-nexus.apps.clustername.random123string.kubeapp.cloud/repository/helm-charts/` - ![nexus-Forecastle](../images/nexus-forecastle.png) + ![nexus-Forecastle](../images/nexus-forecastle.png) ### Login to Docker Registry -Run following command to log into the registry. +Run following command to log into the registry: ```sh buildah login @@ -117,7 +117,8 @@ Lets push the image to nexus docker repo. Make sure to get credentials from Stak buildah push /stakater-nordmart-review-web:1.0.0 docker:///stakater-nordmart-review-web:1.0.0 ``` -> **Note: Nexus docker registry URL is the one we extract in the above section. Make sure you are logged in to the Nexus docker registry before building and pushing the application image.** +!!! note + Nexus docker registry URL is the one we extract in the above section. Make sure you are logged in to the Nexus docker registry before building and pushing the application image.** ## 3. Add Helm Chart to application repository diff --git a/content/for-devops-engineers/tutorials/04-preparing-pac-env/add-ssh-key.md b/content/for-devops-engineers/tutorials/04-preparing-pac-env/add-ssh-key.md index af93aad2..df4f9bb2 100644 --- a/content/for-devops-engineers/tutorials/04-preparing-pac-env/add-ssh-key.md +++ b/content/for-devops-engineers/tutorials/04-preparing-pac-env/add-ssh-key.md @@ -29,15 +29,15 @@ 1. Navigate to `SSH and GPG Keys` -
+ ![ssh-key](images/ssh-key.png) 1. Click `Add New Key` in SSH Key section. -
+ ![new-ssh-key](images/new-ssh-key.png) 1. Now add the public key of the keypair you generated earlier. -
+ ![add-public-key](images/add-public-key.png) ### Adding Private Key to Vault @@ -45,27 +45,27 @@ Now that we have added the public key to GitHub, let's add the private key to Va 1. Access Vault from `Forecastle` console, search `Vault` and open the `Vault` tile. -
+ ![Forecastle](images/forecastle.png) 1. From the drop-down menu under `Method`, select `OIDC` and click on `Sign in with OIDC Provider`. -
+ ![login-oidc](images/login-oidc.png) 1. You will be brought to the `Vault` console. You should see `common-shared-secrets` folder. -
+ ![common-shared-secrets](images/common-shared-secrets.png) 1. Click on `common-shared-secrets`. 1. You will now be brought to the `secrets` and the `configurations`. Click on `create secret`. -
+ ![create-secret](images/create-secret.png) 1. Let's create a `git-ssh-creds` secret for our webhook secret. Write the name of the secret in `path` which is `git-ssh-creds`. Add `secret data` * key: `id_rsa`, value: (The SSH Private Key). Hit save. -
+ ![git-ssh-creds](images/git-ssh-creds.png) ### Adding External Secret @@ -75,7 +75,7 @@ Since we want the `git-ssh-creds` secret to be deployed in all of the tenant nam 1. Open the `tenant-operator-config` folder and create a `templates` folder inside it: -
+ ![template](images/template.png) 1. Now create a file named `git-ssh-creds-template.yaml` and add the following content: diff --git a/content/for-devops-engineers/tutorials/04-preparing-pac-env/adding-github-token.md b/content/for-devops-engineers/tutorials/04-preparing-pac-env/adding-github-token.md index e05901f4..97f41411 100644 --- a/content/for-devops-engineers/tutorials/04-preparing-pac-env/adding-github-token.md +++ b/content/for-devops-engineers/tutorials/04-preparing-pac-env/adding-github-token.md @@ -28,11 +28,11 @@ You can check secrets documentation to read more on these secrets. 1. Go to your GitHub account `settings` for the top-right corner on your profile. -
+ ![git-account-settings](images/git-account-settings.png) 1. Navigate to `Developer settings` -
+ ![developer-settings](images/developer-settings.png) 1. Go to `Personal access tokens`. @@ -40,7 +40,7 @@ You can check secrets documentation to read more on these secrets. 1. Click `Generate new token`. -
+ ![pat-create](images/pat-create.png) 1. Provide a name for the token. @@ -57,7 +57,7 @@ You can check secrets documentation to read more on these secrets. * Pull requests (Read and write) * Webhook (Read and write) -
+ ![repo-perm](images/repository-permissions.png) !!! note Save the token cautiously, you'll need to save it in `Vault`. @@ -74,82 +74,82 @@ Login to Vault to view path. 1. Access Vault from `Forecastle` console, search `Vault` and open the `Vault` tile. -
+ ![Forecastle](images/forecastle.png) 1. From the drop-down menu under `Method`, select `OIDC` and click on `Sign in with OIDC Provider`. -
+ ![login-oidc](images/login-oidc.png) 1. You will be brought to the `Vault` console. You should see `common-shared-secrets` folder. -
+ ![common-shared-secrets](images/common-shared-secrets.png) 1. Click on `common-shared-secrets`. 1. You will now be brought to the `secrets` and the `configurations`. Click on `create secret`. -
+ ![create-secret](images/create-secret.png) 1. Let's create a `git-pat-creds` secret for our webhook secret. Write the name of the secret in `path` which is `git-pat-creds`. Add `secret data` * key: `username`, value: (GitHub username). * key: `password`, value (Newly created PAT). Hit save. -
+ ![git-pat-creds](images/git-pat-creds.png) ### Adding External Secret - Since we want the `git-pat-creds` secret to be deployed in all of the tenant namespaces, we will use a multi-tenant-operator template to deploy it. - - 1. Open up the `infra-gitops-config` repository that we have already bootstrapped. - - 1. Open the `tenant-operator-config` folder and create a `templates` folder inside it. - -
- - 1. Now create a file named `git-pat-creds-template.yaml` and add the following content. - - ```yaml - apiVersion: tenantoperator.stakater.com/v1alpha1 - kind: Template - metadata: - name: git-pat-creds - resources: - manifests: - - apiVersion: external-secrets.io/v1beta1 - kind: ExternalSecret - metadata: - name: git-pat-creds - spec: - dataFrom: - - extract: - conversionStrategy: Default - key: git-pat-creds - refreshInterval: 1m0s - secretStoreRef: - kind: SecretStore - name: tenant-vault-shared-secret-store - target: - name: git-pat-creds - ``` - - 1. Create another file named `git-pat-creds-tgi.yaml` and add the below content. - - ```yaml - apiVersion: tenantoperator.stakater.com/v1alpha1 - kind: TemplateGroupInstance - metadata: - name: git-pat-creds - spec: - template: git-pat-creds - selector: - matchExpressions: - - key: stakater.com/kind - operator: In - values: [ build, pr ] - sync: true - ``` - - 1. Lets see our Template and TGI in ArgoCD. Open up ArgoCD and look for `tenant-operator-config` application. You should be able to see your Template and TGI deployed. - -
+Since we want the `git-pat-creds` secret to be deployed in all of the tenant namespaces, we will use a multi-tenant-operator template to deploy it. + +1. Open up the `infra-gitops-config` repository that we have already bootstrapped. + +1. Open the `tenant-operator-config` folder and create a `templates` folder inside it. + + ![template](images/template.png) + +1. Now create a file named `git-pat-creds-template.yaml` and add the following content. + + ```yaml + apiVersion: tenantoperator.stakater.com/v1alpha1 + kind: Template + metadata: + name: git-pat-creds + resources: + manifests: + - apiVersion: external-secrets.io/v1beta1 + kind: ExternalSecret + metadata: + name: git-pat-creds + spec: + dataFrom: + - extract: + conversionStrategy: Default + key: git-pat-creds + refreshInterval: 1m0s + secretStoreRef: + kind: SecretStore + name: tenant-vault-shared-secret-store + target: + name: git-pat-creds + ``` + +1. Create another file named `git-pat-creds-tgi.yaml` and add the below content. + + ```yaml + apiVersion: tenantoperator.stakater.com/v1alpha1 + kind: TemplateGroupInstance + metadata: + name: git-pat-creds + spec: + template: git-pat-creds + selector: + matchExpressions: + - key: stakater.com/kind + operator: In + values: [ build, pr ] + sync: true + ``` + +1. Lets see our Template and TGI in ArgoCD. Open up ArgoCD and look for `tenant-operator-config` application. You should be able to see your Template and TGI deployed. + + ![tgi-and-template](images/tgi-and-template.png) diff --git a/content/managed-addons/monitoring-stack/app-alerts.md b/content/managed-addons/monitoring-stack/app-alerts.md index 7b75aef3..8b4042ab 100644 --- a/content/managed-addons/monitoring-stack/app-alerts.md +++ b/content/managed-addons/monitoring-stack/app-alerts.md @@ -7,7 +7,7 @@ There are 2 types of monitoring: 1. Infrastructure monitoring (comes default with OpenShift installation) 1. User Workload monitoring (it can be enabled) -![Monitoring Diagram](./images/monitoring-diagram.png) + ![Monitoring Diagram](./images/monitoring-diagram.png) ## Enabling monitoring for user-defined projects diff --git a/content/managed-addons/monitoring-stack/workload-application-alerts.md b/content/managed-addons/monitoring-stack/workload-application-alerts.md index acab59f3..0f9c2b17 100644 --- a/content/managed-addons/monitoring-stack/workload-application-alerts.md +++ b/content/managed-addons/monitoring-stack/workload-application-alerts.md @@ -20,8 +20,8 @@ You need to define `ServiceMonitor` so, the application metrics can be scrapped. | Parameter | Description | |:---|:---| -| `.Values.serviceMonitor.enabled` | Enable `ServiceMonitor` -| `.Values.serviceMonitor.endpoints` | Array of endpoints to be scraped by Prometheus +| `.Values.serviceMonitor.enabled` | Enable `ServiceMonitor` | +| `.Values.serviceMonitor.endpoints` | Array of endpoints to be scraped by Prometheus | ```yaml serviceMonitor: @@ -40,9 +40,9 @@ A sample AlertmanagerConfig can be configured in [Application Chart](https://git | Parameter | Description | |:---|:---| -| .Values.alertmanagerConfig.enabled | Enable alertmanagerConfig for this app (Will be merged in the base config) -| .Values.alertmanagerConfig.spec.route | The Alertmanager route definition for alerts matching the resource's namespace. It will be added to the generated Alertmanager configuration as a first-level route -| .Values.alertmanagerConfig.spec.receivers | List of receivers +| .Values.alertmanagerConfig.enabled | Enable alertmanagerConfig for this app (Will be merged in the base config) | +| .Values.alertmanagerConfig.spec.route | The Alertmanager route definition for alerts matching the resource's namespace. It will be added to the generated Alertmanager configuration as a first-level route | +| .Values.alertmanagerConfig.spec.receivers | List of receivers | We will use Slack as an example here. @@ -113,8 +113,8 @@ A sample PrometheusRule can be configured in [Application Chart](https://github. | Parameter | Description | |:---|:---| -| prometheusRule.enabled | Enable prometheusRule for this app -| prometheusRule.spec.groups | PrometheusRules in their groups to be added +| prometheusRule.enabled | Enable prometheusRule for this app | +| prometheusRule.spec.groups | PrometheusRules in their groups to be added | ```yaml prometheusRule: diff --git a/content/managed-addons/nexus/how-to-guide/how-to-grant-admin-privileges.md b/content/managed-addons/nexus/how-to-guide/how-to-grant-admin-privileges.md index f73b234e..124e866c 100644 --- a/content/managed-addons/nexus/how-to-guide/how-to-grant-admin-privileges.md +++ b/content/managed-addons/nexus/how-to-guide/how-to-grant-admin-privileges.md @@ -1,29 +1,29 @@ # How to grant admin privileges to user? -- Go to routes in `stakater-auth` namespace , open keycloak route , following screen will show up +- Go to routes in `stakater-auth` namespace , open keycloak route , following screen will show up: - ![Administration Console](./images/keycloak-1.png) + ![Administration Console](./images/keycloak-1.png) -- Select Administration Console. Login credentials are present in secret `rhsso-creds` (previously called `auth-secrets`) in `stakater-auth` namespace +- Select Administration Console. Login credentials are present in secret `rhsso-creds` (previously called `auth-secrets`) in `stakater-auth` namespace: - ![Login Admin Console](./images/keycloak-2.png) + ![Login Admin Console](./images/keycloak-2.png) -- Click on `Users` from left panel and click on `view all users button`. Select the user you want to assign admin role to. +- Click on `Users` from left panel and click on `view all users button`. Select the user you want to assign admin role to: - ![Users](./images/keycloak-3.png) + ![Users](./images/keycloak-3.png) -- On Role Mappings screen , select `nexus3` in client roles drop down. +- On Role Mappings screen, select `nexus3` in client roles drop down: - ![Role Mappings](./images/keycloak-4.png) + ![Role Mappings](./images/keycloak-4.png) -- On user screen select Role Mappings tab , `nexus-oauth-admin` role will be present in left most column , select it and click on `Add selected` +- On user screen select Role Mappings tab, `nexus-oauth-admin` role will be present in left most column, select it and click on `Add selected`: - ![nexus OAuth admin Role](./images/keycloak-5.png) + ![nexus OAuth admin Role](./images/keycloak-5.png) -- Role is assigned to user +- Role is assigned to user: - ![add selected role](./images/keycloak-6.png)\ + ![add selected role](./images/keycloak-6.png) -- Now login to nexus repository you will have admin access +- Now login to nexus repository you will have admin access: - ![Nexus Repository](./images/keycloak-7.png) + ![Nexus Repository](./images/keycloak-7.png)