-
Notifications
You must be signed in to change notification settings - Fork 24
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add CA bundle and no_log docs, and refactor doc structure
- Loading branch information
1 parent
af59db1
commit a4cc6f6
Showing
5 changed files
with
133 additions
and
64 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
59 changes: 59 additions & 0 deletions
59
docs/user-guide/advanced-configuration/deploying-a-specific-version.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| ## Deploying a specific version of EDA | ||
|
|
||
| There are a few variables that are customizable for eda the image management. | ||
|
|
||
| | Name | Description | Default | | ||
| | ---------------------- | ------------------------- | -------------------------------------- | | ||
| | image | Path of the image to pull | quay.io/ansible/eda-server | | ||
| | image_version | Image version to pull | latest | | ||
| | image_web | Path of the image to pull | quay.io/ansible/eda-ui | | ||
| | image_web_version | Image version to pull | latest | | ||
| | image_pull_policy | The pull policy to adopt | IfNotPresent | | ||
| | image_pull_secrets | The pull secrets to use | None | | ||
| | redis_image | Path of the image to pull | redis | | ||
| | redis_image_version | Image version to pull | latest | | ||
| | postgres_image | Path of the image to pull | postgres | | ||
| | postgres_image_version | Image version to pull | latest | | ||
|
|
||
| Example of customization could be: | ||
|
|
||
| ```yaml | ||
| --- | ||
| spec: | ||
| ... | ||
| image: myorg/my-custom-eda | ||
| image_version: latest | ||
| image_web: myorg/my-custom-eda | ||
| image_web_version: latest | ||
| image_pull_policy: Always | ||
| image_pull_secrets: | ||
| - pull_secret_name | ||
| ``` | ||
| > **Note**: The `image` and `image_version` style variables are intended for local mirroring scenarios. Please note that using a version of EDA other than the one bundled with the `eda-server-operator` is **not** supported even though it will likely work and can be useful for pinning a version. For the default values, check the [main.yml](https://github.com/ansible/eda-server-operator/blob/main/roles/eda/defaults/main.yml) file. | ||
|
|
||
|
|
||
| ### Configuring an image pull secret | ||
|
|
||
| 1. Log in with that token, or username/password, then create a pull secret from the docker/config.json | ||
|
|
||
| ```bash | ||
| docker login quay.io -u <user> -p <token> | ||
| ``` | ||
|
|
||
| 2. Then, create a k8s secret from your .docker/config.json file. This pull secret should be created in the same namespace you are installing the EDA Operator. | ||
|
|
||
| ```bash | ||
| kubectl create secret generic redhat-operators-pull-secret \ | ||
| --from-file=.dockerconfigjson=.docker/config.json \ | ||
| --type=kubernetes.io/dockerconfigjson | ||
| ``` | ||
|
|
||
| 3. Add that image pull secret to your EDA spec | ||
|
|
||
| ```yaml | ||
| --- | ||
| spec: | ||
| image_pull_secrets: | ||
| - redhat-operators-pull-secret | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| ## No Log | ||
|
|
||
| Configure no_log for tasks with no_log | ||
|
|
||
| | Name | Description | Default | | ||
| | ------ | -------------------- | ------- | | ||
| | no_log | No log configuration | 'true' | | ||
|
|
||
| Example configuration of `no_log` parameter | ||
|
|
||
| ```yaml | ||
| spec: | ||
| no_log: true | ||
| ``` |
51 changes: 51 additions & 0 deletions
51
docs/user-guide/advanced-configuration/trusting-a-custom-certificate-authority.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| ## Trusting a Custom Certificate Authority | ||
|
|
||
| In cases which you need to trust a custom Certificate Authority, there are few variables you can customize for the `eda-server-operator`. | ||
|
|
||
| Trusting a custom Certificate Authority allows the EDA to access network services configured with SSL certificates issued locally, such as cloning a project from from an internal Git server via HTTPS. If it is needed, you will likely see errors like this when doing project syncs: | ||
|
|
||
| ```bash | ||
| fatal: unable to access 'https://private.repo./mine/ansible-rulebook.git': SSL certificate problem: unable to get local issuer certificate | ||
| ``` | ||
|
|
||
|
|
||
| | Name | Description | Default | | ||
| | -------------------------------- | ---------------------------------------- | --------| | ||
| | bundle_cacert_secret | Certificate Authority secret name | '' | | ||
| Please note the `eda-server-operator` will look for the data field `ldap-ca.crt` in the specified secret when using the `ldap_cacert_secret`, whereas the data field `bundle-ca.crt` is required for `bundle_cacert_secret` parameter. | ||
|
|
||
| Example of customization could be: | ||
|
|
||
| ```yaml | ||
| --- | ||
| spec: | ||
| ... | ||
| bundle_cacert_secret: <resourcename>-custom-certs | ||
| ``` | ||
| Create the secret with CLI: | ||
| * Certificate Authority secret | ||
| ``` | ||
| # kubectl create secret generic <resourcename>-custom-certs \ | ||
| --from-file=ldap-ca.crt=<PATH/TO/YOUR/CA/PEM/FILE> \ | ||
| --from-file=bundle-ca.crt=<PATH/TO/YOUR/CA/PEM/FILE> | ||
| ``` | ||
|
|
||
|
|
||
| Alternatively, you can also create the secret with `kustomization.yaml` file: | ||
|
|
||
| ```yaml | ||
| .... | ||
|
|
||
| secretGenerator: | ||
| - name: <resourcename>-custom-certs | ||
| files: | ||
| - bundle-ca.crt=<path+filename> | ||
| options: | ||
| disableNameSuffixHash: true | ||
|
|
||
| ... | ||
| ``` | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters