diff --git a/README.md b/README.md index ab33cc51..02691f0f 100644 --- a/README.md +++ b/README.md @@ -126,66 +126,6 @@ yDL2Cx5Za94g9MvBP6B73nzVLlmfgPjR ## Advanced Configuration -### Deploying a specific version of EDA - -There are a few variables that are customizable for eda the image management. - -| Name | Description | Default | -| ---------------------- | ------------------------- | -------------------------------------- | -| image | Path of the image to pull | quay.io/ansible/eda-server | -| image_version | Image version to pull | main | -| image_web | Path of the image to pull | quay.io/ansible/eda-ui | -| image_web_version | Image version to pull | latest | -| image_pull_policy | The pull policy to adopt | IfNotPresent | -| image_pull_secrets | The pull secrets to use | None | -| redis_image | Path of the image to pull | redis | -| redis_image_version | Image version to pull | latest | -| postgres_image | Path of the image to pull | postgres | -| postgres_image_version | Image version to pull | latest | - -Example of customization could be: - -```yaml ---- -spec: - ... - image: myorg/my-custom-eda - image_version: latest - image_web: myorg/my-custom-eda - image_web_version: latest - image_pull_policy: Always - image_pull_secrets: - - pull_secret_name -``` - - > **Note**: The `image` and `image_version` style variables are intended for local mirroring scenarios. Please note that using a version of EDA other than the one bundled with the `eda-server-operator` is **not** supported even though it will likely work and can be useful for pinning a version. For the default values, check the [main.yml](https://github.com/ansible/eda-server-operator/blob/main/roles/eda/defaults/main.yml) file. - - -### Configuring an image pull secret - -1. Log in with that token, or username/password, then create a pull secret from the docker/config.json - -```bash -docker login quay.io -u -p -``` - -2. Then, create a k8s secret from your .docker/config.json file. This pull secret should be created in the same namespace you are installing the EDA Operator. - -```bash -kubectl create secret generic redhat-operators-pull-secret \ - --from-file=.dockerconfigjson=.docker/config.json \ - --type=kubernetes.io/dockerconfigjson -``` - -3. Add that image pull secret to your EDA spec - -```yaml ---- -spec: - image_pull_secrets: - - redhat-operators-pull-secret -``` - ### Admin user account configuration There are three variables that are customizable for the admin user account creation. @@ -236,17 +176,22 @@ The secret should be formatted as follow: apiVersion: v1 kind: Secret metadata: - name: custom-awx-db-encryption-secret + name: custom-eda-db-encryption-secret namespace: stringData: secret_key: supersecuresecretkey ``` -Then specify the name of the k8s secret on the AWX spec: +Then specify the name of the k8s secret on the EDA spec: ```yaml --- spec: ... - db_fields_encryption_secret: custom-awx-db-encryption-secret + db_fields_encryption_secret: custom-eda-db-encryption-secret ``` + +### Additional Advanced Configuration +- [No Log](./docs/user-guide/advanced-configuration/no-log.md) +- [Deploy a Specific Version of EDA](./docs/user-guide/advanced-configuration/deploying-a-specific-version.md) +- [Trusting a Custom Certificate Authority](./docs/user-guide/advanced-configuration/trusting-a-custom-certificate-authority.md) diff --git a/docs/user-guide/advanced-configuration/deploying-a-specific-version.md b/docs/user-guide/advanced-configuration/deploying-a-specific-version.md new file mode 100644 index 00000000..9bae6ab6 --- /dev/null +++ b/docs/user-guide/advanced-configuration/deploying-a-specific-version.md @@ -0,0 +1,59 @@ +## Deploying a specific version of EDA + +There are a few variables that are customizable for eda the image management. + +| Name | Description | Default | +| ---------------------- | ------------------------- | -------------------------------------- | +| image | Path of the image to pull | quay.io/ansible/eda-server | +| image_version | Image version to pull | latest | +| image_web | Path of the image to pull | quay.io/ansible/eda-ui | +| image_web_version | Image version to pull | latest | +| image_pull_policy | The pull policy to adopt | IfNotPresent | +| image_pull_secrets | The pull secrets to use | None | +| redis_image | Path of the image to pull | redis | +| redis_image_version | Image version to pull | latest | +| postgres_image | Path of the image to pull | postgres | +| postgres_image_version | Image version to pull | latest | + +Example of customization could be: + +```yaml +--- +spec: + ... + image: myorg/my-custom-eda + image_version: latest + image_web: myorg/my-custom-eda + image_web_version: latest + image_pull_policy: Always + image_pull_secrets: + - pull_secret_name +``` + + > **Note**: The `image` and `image_version` style variables are intended for local mirroring scenarios. Please note that using a version of EDA other than the one bundled with the `eda-server-operator` is **not** supported even though it will likely work and can be useful for pinning a version. For the default values, check the [main.yml](https://github.com/ansible/eda-server-operator/blob/main/roles/eda/defaults/main.yml) file. + + +### Configuring an image pull secret + +1. Log in with that token, or username/password, then create a pull secret from the docker/config.json + +```bash +docker login quay.io -u -p +``` + +2. Then, create a k8s secret from your .docker/config.json file. This pull secret should be created in the same namespace you are installing the EDA Operator. + +```bash +kubectl create secret generic redhat-operators-pull-secret \ + --from-file=.dockerconfigjson=.docker/config.json \ + --type=kubernetes.io/dockerconfigjson +``` + +3. Add that image pull secret to your EDA spec + +```yaml +--- +spec: + image_pull_secrets: + - redhat-operators-pull-secret +``` diff --git a/docs/user-guide/advanced-configuration/no-log.md b/docs/user-guide/advanced-configuration/no-log.md new file mode 100644 index 00000000..ae6ddf18 --- /dev/null +++ b/docs/user-guide/advanced-configuration/no-log.md @@ -0,0 +1,14 @@ +## No Log + +Configure no_log for tasks with no_log + +| Name | Description | Default | +| ------ | -------------------- | ------- | +| no_log | No log configuration | 'true' | + +Example configuration of `no_log` parameter + +```yaml + spec: + no_log: true +``` diff --git a/docs/user-guide/advanced-configuration/trusting-a-custom-certificate-authority.md b/docs/user-guide/advanced-configuration/trusting-a-custom-certificate-authority.md new file mode 100644 index 00000000..9afb70f3 --- /dev/null +++ b/docs/user-guide/advanced-configuration/trusting-a-custom-certificate-authority.md @@ -0,0 +1,51 @@ +## Trusting a Custom Certificate Authority + +In cases which you need to trust a custom Certificate Authority, there are few variables you can customize for the `eda-server-operator`. + +Trusting a custom Certificate Authority allows the EDA to access network services configured with SSL certificates issued locally, such as cloning a project from from an internal Git server via HTTPS. If it is needed, you will likely see errors like this when doing project syncs: + +```bash +fatal: unable to access 'https://private.repo./mine/ansible-rulebook.git': SSL certificate problem: unable to get local issuer certificate +``` + + +| Name | Description | Default | +| -------------------------------- | ---------------------------------------- | --------| +| bundle_cacert_secret | Certificate Authority secret name | '' | +Please note the `eda-server-operator` will look for the data field `ldap-ca.crt` in the specified secret when using the `ldap_cacert_secret`, whereas the data field `bundle-ca.crt` is required for `bundle_cacert_secret` parameter. + +Example of customization could be: + +```yaml +--- +spec: + ... + bundle_cacert_secret: -custom-certs +``` + +Create the secret with CLI: + +* Certificate Authority secret + +``` +# kubectl create secret generic -custom-certs \ + --from-file=ldap-ca.crt= \ + --from-file=bundle-ca.crt= +``` + + +Alternatively, you can also create the secret with `kustomization.yaml` file: + +```yaml +.... + +secretGenerator: + - name: -custom-certs + files: + - bundle-ca.crt= + options: + disableNameSuffixHash: true + +... +``` + diff --git a/roles/eda/defaults/main.yml b/roles/eda/defaults/main.yml index 37c5126a..7c17413b 100644 --- a/roles/eda/defaults/main.yml +++ b/roles/eda/defaults/main.yml @@ -11,7 +11,7 @@ image_pull_policy: IfNotPresent image_pull_secrets: [] _image: quay.io/ansible/eda-server -_image_version: main +_image_version: latest _image_web: quay.io/ansible/eda-ui _image_web_version: latest