From f7b561703a84c9e19d8bdbca01af7495370d5205 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 5 Feb 2025 09:39:12 +0000 Subject: [PATCH 1/4] Update stakater/.github action to v0.0.117 --- .github/workflows/closed_pr.yaml | 2 +- .github/workflows/delete_branch.yaml | 2 +- .github/workflows/pull_request.yaml | 6 +++--- .github/workflows/push.yaml | 2 +- .github/workflows/release.yaml | 4 ++-- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/closed_pr.yaml b/.github/workflows/closed_pr.yaml index 7402d6640..fba5727a2 100644 --- a/.github/workflows/closed_pr.yaml +++ b/.github/workflows/closed_pr.yaml @@ -7,6 +7,6 @@ on: jobs: push: - uses: stakater/.github/.github/workflows/mkdocs_pull_request_closed.yaml@v0.0.64 + uses: stakater/.github/.github/workflows/mkdocs_pull_request_closed.yaml@v0.0.117 secrets: GH_TOKEN: ${{ secrets.STAKATER_GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/delete_branch.yaml b/.github/workflows/delete_branch.yaml index 5ca5fefd7..9a38e9a75 100644 --- a/.github/workflows/delete_branch.yaml +++ b/.github/workflows/delete_branch.yaml @@ -5,7 +5,7 @@ on: jobs: delete: - uses: stakater/.github/.github/workflows/mkdocs_branch_deleted.yaml@v0.0.64 + uses: stakater/.github/.github/workflows/mkdocs_branch_deleted.yaml@v0.0.117 secrets: GH_TOKEN: ${{ secrets.STAKATER_GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml index f560125e4..7aaefaa3d 100644 --- a/.github/workflows/pull_request.yaml +++ b/.github/workflows/pull_request.yaml @@ -8,14 +8,14 @@ on: jobs: doc_qa: - uses: stakater/.github/.github/workflows/pull_request_doc_qa.yaml@v0.0.64 + uses: stakater/.github/.github/workflows/pull_request_doc_qa.yaml@v0.0.117 with: MD_CONFIG: .github/md_config.json DOC_SRC: content MD_LINT_CONFIG: .markdownlint.yaml build_container: if: ${{ github.base_ref == 'main' }} - uses: stakater/.github/.github/workflows/pull_request_container_build.yaml@v0.0.64 + uses: stakater/.github/.github/workflows/pull_request_container_build.yaml@v0.0.117 with: DOCKER_BUILD_CONTEXTS: content=https://github.com/stakater/mto-docs.git#pull-request-deployments DOCKER_FILE_PATH: Dockerfile @@ -27,6 +27,6 @@ jobs: DOCKER_SECRETS: GIT_AUTH_TOKEN=${{ secrets.STAKATER_GITHUB_TOKEN }} deploy_doc: - uses: stakater/.github/.github/workflows/mkdocs_pull_request_versioned_doc.yaml@v0.0.64 + uses: stakater/.github/.github/workflows/mkdocs_pull_request_versioned_doc.yaml@v0.0.117 secrets: GH_TOKEN: ${{ secrets.STAKATER_GITHUB_TOKEN }} diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml index 634c8871b..567d45fee 100644 --- a/.github/workflows/push.yaml +++ b/.github/workflows/push.yaml @@ -8,6 +8,6 @@ on: jobs: push: - uses: stakater/.github/.github/workflows/mkdocs_push_versioned_doc.yaml@v0.0.64 + uses: stakater/.github/.github/workflows/mkdocs_push_versioned_doc.yaml@v0.0.117 secrets: GH_TOKEN: ${{ secrets.STAKATER_GITHUB_TOKEN }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index e8526f112..a570d79ca 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -7,11 +7,11 @@ on: jobs: create_release: - uses: stakater/.github/.github/workflows/release_template.yaml@v0.0.64 + uses: stakater/.github/.github/workflows/release_template.yaml@v0.0.117 secrets: SLACK_WEBHOOK_URL: ${{ secrets.STAKATER_DELIVERY_SLACK_WEBHOOK }} build_container: - uses: stakater/.github/.github/workflows/push_container_only.yaml@v0.0.64 + uses: stakater/.github/.github/workflows/push_container_only.yaml@v0.0.117 with: DOCKER_BUILD_CONTEXTS: content=https://github.com/stakater/mto-docs.git#gh-pages DOCKER_FILE_PATH: Dockerfile From 333b444089c1c8264f0e5ba9e07d6af0f97e29d5 Mon Sep 17 00:00:00 2001 From: Karl Johan Grahn Date: Wed, 5 Feb 2025 14:33:34 +0100 Subject: [PATCH 2/4] update --- .markdownlint.yaml | 12 ++++++------ .vale.ini | 4 ++-- Dockerfile | 2 +- DockerfileLocal | 4 ++-- prepare_theme.sh | 2 +- prepare_theme_pr.sh | 6 ++++++ theme_common | 2 +- 7 files changed, 19 insertions(+), 13 deletions(-) create mode 100644 prepare_theme_pr.sh diff --git a/.markdownlint.yaml b/.markdownlint.yaml index 77dfb501b..292e7adb2 100644 --- a/.markdownlint.yaml +++ b/.markdownlint.yaml @@ -1,6 +1,6 @@ -{ - "MD007": { "indent": 4 }, - "MD013": false, - "MD024": false, - "MD029": { "style": one }, -} +MD007: + indent: 4 +MD013: false +MD024: false +MD029: + style: one diff --git a/.vale.ini b/.vale.ini index df0ed594d..24bb70252 100644 --- a/.vale.ini +++ b/.vale.ini @@ -1,7 +1,7 @@ -#StylesPath = styles +StylesPath = styles MinAlertLevel = warning -Packages = https://github.com/stakater/vale-package/releases/download/v0.0.9/Stakater.zip +Packages = https://github.com/stakater/vale-package/releases/download/v0.0.52/Stakater.zip Vocab = Stakater # Only check MarkDown files diff --git a/Dockerfile b/Dockerfile index 4a13dfcc7..06c1f54fd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:1 -FROM nginxinc/nginx-unprivileged:1.25-alpine +FROM nginxinc/nginx-unprivileged:1.27-alpine WORKDIR /usr/share/nginx/html/ # copy the entire application diff --git a/DockerfileLocal b/DockerfileLocal index 0b3a246ec..7ca2845d2 100644 --- a/DockerfileLocal +++ b/DockerfileLocal @@ -1,5 +1,5 @@ -FROM python:3.12-alpine as builder +FROM python:3.13-alpine as builder # set workdir RUN mkdir -p $HOME/application @@ -14,7 +14,7 @@ RUN pip install -r theme_common/requirements.txt # RUN pip install -r requirements.txt # pre-mkbuild step, we are infusing common and local theme changes -RUN python theme_common/scripts/combine_theme_resources.py theme_common/resources theme_override/resources dist/_theme +RUN python theme_common/scripts/combine_theme_resources.py -s theme_common/resources -ov theme_override/resources -o dist/_theme RUN python theme_common/scripts/combine_mkdocs_config_yaml.py theme_common/mkdocs.yml theme_override/mkdocs.yml mkdocs.yml RUN rm -f 'prepare_theme.sh' && \ diff --git a/prepare_theme.sh b/prepare_theme.sh index 67cf92e0f..29b3eddd1 100755 --- a/prepare_theme.sh +++ b/prepare_theme.sh @@ -1,3 +1,3 @@ pip install -r theme_common/requirements.txt -python theme_common/scripts/combine_theme_resources.py theme_common/resources theme_override/resources dist/_theme +python theme_common/scripts/combine_theme_resources.py -s theme_common/resources -ov theme_override/resources -o dist/_theme python theme_common/scripts/combine_mkdocs_config_yaml.py theme_common/mkdocs.yml theme_override/mkdocs.yml mkdocs.yml diff --git a/prepare_theme_pr.sh b/prepare_theme_pr.sh new file mode 100644 index 000000000..98ea733e8 --- /dev/null +++ b/prepare_theme_pr.sh @@ -0,0 +1,6 @@ +# This script is meant to be used for pull request builds +pip install -r theme_common/requirements.txt +python theme_common/scripts/combine_theme_resources.py -s theme_common/resources -ov theme_override/resources -o dist/_theme +# The next step is used to override resources for pull request builds - these overrides could as well have been put in the local theme_override folder, but this is a generic solution +python theme_common/scripts/combine_theme_resources.py -s theme_common/resources_pr_specific -ov theme_override/resources -o dist/_theme -skiprmtree +python theme_common/scripts/combine_mkdocs_config_yaml.py theme_common/mkdocs.yml theme_override/mkdocs.yml mkdocs.yml diff --git a/theme_common b/theme_common index 8098fec59..f5f425c5c 160000 --- a/theme_common +++ b/theme_common @@ -1 +1 @@ -Subproject commit 8098fec59a17dc749f51313f173fcb832b14a92b +Subproject commit f5f425c5ca47226c29c0d5e22763acb351872992 From a139565581008d7f2fbe6d5ff11553aa28e13f4d Mon Sep 17 00:00:00 2001 From: Karl Johan Grahn Date: Wed, 5 Feb 2025 14:37:16 +0100 Subject: [PATCH 3/4] update --- .github/workflows/closed_pr.yaml | 4 ++-- .github/workflows/delete_branch.yaml | 6 ++++-- .github/workflows/pull_request.yaml | 20 ++++++++++---------- .github/workflows/push.yaml | 6 ++++-- .github/workflows/release.yaml | 10 +++++----- 5 files changed, 25 insertions(+), 21 deletions(-) diff --git a/.github/workflows/closed_pr.yaml b/.github/workflows/closed_pr.yaml index fba5727a2..b253d2d5f 100644 --- a/.github/workflows/closed_pr.yaml +++ b/.github/workflows/closed_pr.yaml @@ -7,6 +7,6 @@ on: jobs: push: - uses: stakater/.github/.github/workflows/mkdocs_pull_request_closed.yaml@v0.0.117 + uses: stakater/.github/.github/workflows/pull_request_closed.yaml@v0.0.117 secrets: - GH_TOKEN: ${{ secrets.STAKATER_GITHUB_TOKEN }} \ No newline at end of file + GH_TOKEN: ${{ secrets.PUBLISH_TOKEN }} diff --git a/.github/workflows/delete_branch.yaml b/.github/workflows/delete_branch.yaml index 9a38e9a75..fa37c8059 100644 --- a/.github/workflows/delete_branch.yaml +++ b/.github/workflows/delete_branch.yaml @@ -5,7 +5,9 @@ on: jobs: delete: - uses: stakater/.github/.github/workflows/mkdocs_branch_deleted.yaml@v0.0.117 + uses: stakater/.github/.github/workflows/branch_deleted.yaml@v0.0.117 + with: + LATEST_DOC_VERSION: "1.1" secrets: - GH_TOKEN: ${{ secrets.STAKATER_GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.PUBLISH_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml index 7aaefaa3d..24b3aedb0 100644 --- a/.github/workflows/pull_request.yaml +++ b/.github/workflows/pull_request.yaml @@ -11,22 +11,22 @@ jobs: uses: stakater/.github/.github/workflows/pull_request_doc_qa.yaml@v0.0.117 with: MD_CONFIG: .github/md_config.json - DOC_SRC: content + DOC_SRC: content README.md MD_LINT_CONFIG: .markdownlint.yaml + deploy_doc: + uses: stakater/.github/.github/workflows/pull_request_versioned_doc.yaml@v0.0.117 + secrets: + GH_TOKEN: ${{ secrets.PUBLISH_TOKEN }} build_container: + needs: deploy_doc if: ${{ github.base_ref == 'main' }} uses: stakater/.github/.github/workflows/pull_request_container_build.yaml@v0.0.117 with: DOCKER_BUILD_CONTEXTS: content=https://github.com/stakater/mto-docs.git#pull-request-deployments DOCKER_FILE_PATH: Dockerfile - secrets: CONTAINER_REGISTRY_URL: ghcr.io/stakater - CONTAINER_REGISTRY_USERNAME: stakater-user - CONTAINER_REGISTRY_PASSWORD: ${{ secrets.STAKATER_GITHUB_TOKEN }} - SLACK_WEBHOOK_URL: ${{ secrets.STAKATER_DELIVERY_SLACK_WEBHOOK }} - DOCKER_SECRETS: GIT_AUTH_TOKEN=${{ secrets.STAKATER_GITHUB_TOKEN }} - - deploy_doc: - uses: stakater/.github/.github/workflows/mkdocs_pull_request_versioned_doc.yaml@v0.0.117 secrets: - GH_TOKEN: ${{ secrets.STAKATER_GITHUB_TOKEN }} + CONTAINER_REGISTRY_USERNAME: ${{ github.actor }} + CONTAINER_REGISTRY_PASSWORD: ${{ secrets.GHCR_TOKEN }} + SLACK_WEBHOOK_URL: ${{ secrets.STAKATER_DELIVERY_SLACK_WEBHOOK }} + DOCKER_SECRETS: GIT_AUTH_TOKEN=${{ secrets.PUBLISH_TOKEN }} diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml index 567d45fee..aefa7d5af 100644 --- a/.github/workflows/push.yaml +++ b/.github/workflows/push.yaml @@ -8,6 +8,8 @@ on: jobs: push: - uses: stakater/.github/.github/workflows/mkdocs_push_versioned_doc.yaml@v0.0.117 + uses: stakater/.github/.github/workflows/push_versioned_doc.yaml@v0.0.117 + with: + LATEST_DOC_VERSION: "1.1" secrets: - GH_TOKEN: ${{ secrets.STAKATER_GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.PUBLISH_TOKEN }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index a570d79ca..1d63f6704 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -3,7 +3,7 @@ name: Release on: push: tags: - - "v*" + - 'v*' jobs: create_release: @@ -17,8 +17,8 @@ jobs: DOCKER_FILE_PATH: Dockerfile secrets: CONTAINER_REGISTRY_URL: ghcr.io/stakater - CONTAINER_REGISTRY_USERNAME: stakater-user - CONTAINER_REGISTRY_PASSWORD: ${{ secrets.STAKATER_GITHUB_TOKEN }} + CONTAINER_REGISTRY_USERNAME: ${{ github.actor }} + CONTAINER_REGISTRY_PASSWORD: ${{ secrets.GHCR_TOKEN }} SLACK_WEBHOOK_URL: ${{ secrets.STAKATER_DELIVERY_SLACK_WEBHOOK }} - GH_TOKEN: ${{ secrets.STAKATER_GITHUB_TOKEN }} - DOCKER_SECRETS: GIT_AUTH_TOKEN=${{ secrets.STAKATER_GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.PUBLISH_TOKEN }} + DOCKER_SECRETS: GIT_AUTH_TOKEN=${{ secrets.PUBLISH_TOKEN }} From 53e5f189d8cc236f8e220580e45f359db0d4f0de Mon Sep 17 00:00:00 2001 From: Karl Johan Grahn Date: Wed, 5 Feb 2025 14:40:53 +0100 Subject: [PATCH 4/4] update --- README.md | 6 +++--- content/changelog.md | 4 ++-- content/explanation/console.md | 2 +- content/faq.md | 2 +- content/how-to-guides/integration-config.md | 18 +++++++++--------- content/index.md | 6 +++--- .../deploying-private-helm-charts.md | 2 +- ...ing-secrets-using-sealed-secret-template.md | 4 ++-- .../reference-guides/distributing-secrets.md | 4 ++-- content/reference-guides/integrationconfig.md | 2 +- .../argocd/enabling-multi-tenancy-argocd.md | 2 +- .../vault/enabling-multi-tenancy-vault.md | 2 +- 12 files changed, 27 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index fb824187f..01b6be72f 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,7 @@ Then access the docs on [`localhost:8080`](localhost:8080). ### Run commands locally -Use [virtualenvwrapper](https://virtualenvwrapper.readthedocs.io/en/latest/install.html) to set up Python virtual environment. +Use [`virtualenvwrapper`](https://virtualenvwrapper.readthedocs.io/en/latest/install.html) to set up Python virtual environment. Install [Python 3](https://www.python.org/downloads/). @@ -59,7 +59,7 @@ Then run below script to prepare theme from local and common theme resources. It ./prepare_theme.sh ``` -Finally, serve the docs using the built-in web server which is based on Python http server - note that the production build will use Nginx instead: +Finally, serve the docs using the built-in web server which is based on Python http server - note that the production build will use nginx instead: ```bash mkdocs serve @@ -77,7 +77,7 @@ if you want to make theme changes with live reload, you can use `--watch-theme` mkdocs serve --watch-theme ``` -Then, you can make changes in `content` or `dist/_theme` folder. Please note that `dist/_theme` is a build folder and any changes made here will be lost if you do not move them to theme_common or theme_override folder. +Then, you can make changes in `content` or `dist/_theme` folder. Please note that `dist/_theme` is a build folder and any changes made here will be lost if you do not move them to `theme_common` or `theme_override` folder. ### QA Checks diff --git a/content/changelog.md b/content/changelog.md index 37f7147cb..4c17af64c 100644 --- a/content/changelog.md +++ b/content/changelog.md @@ -96,7 +96,7 @@ ### v0.8.3 -- fix: Reconcile namespaces when the group spec for tenants is changed, so new rolebindings can be created for them +- fix: Reconcile namespaces when the group spec for tenants is changed, so new `rolebindings` can be created for them ### v0.8.1 @@ -176,7 +176,7 @@ ### v0.5.3 -- fix: Add support for parameters in Helm chartRepository in templates +- fix: Add support for parameters in Helm `chartRepository` in templates ### v0.5.2 diff --git a/content/explanation/console.md b/content/explanation/console.md index e3d7f50a3..931b2c0cc 100644 --- a/content/explanation/console.md +++ b/content/explanation/console.md @@ -77,7 +77,7 @@ The Showback feature is an essential financial governance tool, providing detail Administrators have overarching access to the console, including the ability to view all namespaces and tenants. They have exclusive access to the IntegrationConfig, allowing them to view all the settings and integrations. -![integrationConfig](../images/integrationConfig.png) +![integration Config](../images/integrationConfig.png) ### Tenant Users diff --git a/content/faq.md b/content/faq.md index c96961a8f..d1d273278 100644 --- a/content/faq.md +++ b/content/faq.md @@ -2,7 +2,7 @@ ## Pod Creation Error -### Q. Errors in ReplicaSet Events about pods not being able to schedule on OpenShift because scc annotation is not found +### Q. Errors in ReplicaSet Events about pods not being able to schedule on OpenShift because SCC annotation is not found ```terminal unable to find annotation openshift.io/sa.scc.uid-range diff --git a/content/how-to-guides/integration-config.md b/content/how-to-guides/integration-config.md index e3346500c..d34a77d42 100644 --- a/content/how-to-guides/integration-config.md +++ b/content/how-to-guides/integration-config.md @@ -176,11 +176,11 @@ kubectl -n multi-tenant-operator create secret generic --f Integration config will be managing the following resources required for console GUI: -- `MTO Postgresql` resources. -- `MTO Prometheus` resources. -- `MTO Opencost` resources. -- `MTO Console, Gateway, Keycloak` resources. -- `Showback` cronjob. +- `MTO Postgresql` resources +- `MTO Prometheus` resources +- `MTO Opencost` resources +- `MTO Console, Gateway, Keycloak` resources +- `Showback` cron-job Details on console GUI and showback can be found [here](../explanation/console.md) @@ -289,11 +289,11 @@ rbac: ##### Default -This field contains roles that will be used to create default roleBindings for each namespace that belongs to tenants. These roleBindings are only created for a namespace if that namespace isn't already matched by the `custom` field below it. Therefore, it is required to have at least one role mentioned within each of its three subfields: `owner`, `editor`, and `viewer`. These 3 subfields also correspond to the member fields of the [Tenant CR](./tenant.md#tenant) +This field contains roles that will be used to create default `roleBindings` for each namespace that belongs to tenants. These `roleBindings` are only created for a namespace if that namespace isn't already matched by the `custom` field below it. Therefore, it is required to have at least one role mentioned within each of its three subfields: `owner`, `editor`, and `viewer`. These 3 subfields also correspond to the member fields of the [Tenant CR](./tenant.md#tenant) ##### Custom -An array of custom roles. Similar to the `default` field, you can mention roles within this field as well. However, the custom roles also require the use of a `labelSelector` for each iteration within the array. The roles mentioned here will only apply to the namespaces that are matched by the labelSelector. If a namespace is matched by 2 different labelSelectors, then both roles will apply to it. Additionally, roles can be skipped within the labelSelector. These missing roles are then inherited from the `default` roles field . For example, if the following custom roles arrangement is used: +An array of custom roles. Similar to the `default` field, you can mention roles within this field as well. However, the custom roles also require the use of a `labelSelector` for each iteration within the array. The roles mentioned here will only apply to the namespaces that are matched by the `labelSelector`. If a namespace is matched by 2 different `labelSelectors`, then both roles will apply to it. Additionally, roles can be skipped within the `labelSelector`. These missing roles are then inherited from the `default` roles field . For example, if the following custom roles arrangement is used: ```yaml custom: @@ -368,7 +368,7 @@ For example: ##### Groups -`privileged.groups:` Contains names of the groups that are allowed to perform CRUD operations on namespaces present on the cluster. Users in the specified group(s) will be able to perform these operations without MTO getting in their way. MTO does not interfere even with the deletion of privilegedNamespaces. +`privileged.groups:` Contains names of the groups that are allowed to perform CRUD operations on namespaces present on the cluster. Users in the specified group(s) will be able to perform these operations without MTO getting in their way. MTO does not interfere even with the deletion of `privilegedNamespaces`. !!! note User `kube:admin` is bypassed by default to perform operations as a cluster admin, this includes operations on all the namespaces. @@ -483,7 +483,7 @@ argocd: ### Vault -[Vault](https://www.vaultproject.io/) is used to secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API. +[Vault](https://www.vaultproject.io/) is used to secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or http API. If `vault` is configured on a cluster, then Vault configuration can be enabled. diff --git a/content/index.md b/content/index.md index 2e797b73d..af06be267 100644 --- a/content/index.md +++ b/content/index.md @@ -36,9 +36,9 @@ Multi Tenant Operator binds existing ClusterRoles to the Tenant's Namespaces use Multi Tenant Operator is also able to leverage existing OpenShift groups or external groups synced from 3rd party identity management systems, for maintaining Tenant membership in your organization's current user management system. -## HashiCorp Vault Multitenancy +## Hashicorp Vault Multitenancy -Multi Tenant Operator extends the tenants permission model to HashiCorp Vault where it can create Vault paths and greatly ease the overhead of managing RBAC in Vault. Tenant users can manage their own secrets without the concern of someone else having access to their Vault paths. +Multi Tenant Operator extends the tenants permission model to Hashicorp Vault where it can create Vault paths and greatly ease the overhead of managing RBAC in Vault. Tenant users can manage their own secrets without the concern of someone else having access to their Vault paths. More details on [Vault Multitenancy](./tutorials/vault/enabling-multi-tenancy-vault.md) @@ -104,7 +104,7 @@ More details on [Sandboxes](./tutorials/tenant/create-sandbox.md) Multi Tenant Operator supports cloning of secrets and configmaps from one namespace to another namespace based on label selectors. It uses templates to enable users to provide reference to secrets and configmaps. It uses a template group instance to distribute those secrets and namespaces in matching namespaces, even if namespaces belong to different tenants. If template instance is used then the resources will only be mapped if namespaces belong to same tenant. -More details on [Distributing Secrets and ConfigMaps](./reference-guides/distributing-resources.md) +More details on [Distributing Secrets and Configmaps](./reference-guides/distributing-resources.md) ## Self-Service diff --git a/content/reference-guides/deploying-private-helm-charts.md b/content/reference-guides/deploying-private-helm-charts.md index 04e334716..a6f224c28 100644 --- a/content/reference-guides/deploying-private-helm-charts.md +++ b/content/reference-guides/deploying-private-helm-charts.md @@ -53,7 +53,7 @@ Multi Tenant Operator will pick up the credentials from the mentioned namespace Afterward, Bill can see that manifests in the chart have been successfully created in all label matching namespaces. -## Deploying Helm Chart to Namespaces via TemplateGroupInstances from HTTPS Registry +## Deploying Helm Chart to Namespaces via TemplateGroupInstances from https Registry Bill, the cluster admin, wants to deploy a helm chart from `HTTPS` registry in namespaces where certain labels exists. diff --git a/content/reference-guides/distributing-secrets-using-sealed-secret-template.md b/content/reference-guides/distributing-secrets-using-sealed-secret-template.md index d78eada01..098ea3df5 100644 --- a/content/reference-guides/distributing-secrets-using-sealed-secret-template.md +++ b/content/reference-guides/distributing-secrets-using-sealed-secret-template.md @@ -71,7 +71,7 @@ spec: Bill has added support for a new label `distribute-image-pull-secret: true"` for tenant projects/namespaces, now MTO will add that label depending on the used field. -Finally, Bill creates a `TemplateGroupInstance` which will deploy the sealed secrets using the newly created project label and template. +Finally, Bill creates a `TemplateGroupInstance` which will deploy the Sealed Secrets using the newly created project label and template. ```yaml apiVersion: tenantoperator.stakater.com/v1alpha1 @@ -86,4 +86,4 @@ spec: sync: true ``` -MTO will now deploy the sealed secrets mentioned in `Template` to namespaces which have the mentioned label. The rest of the work to deploy secret from a sealed secret has to be done by Sealed Secrets Controller. +MTO will now deploy the Sealed Secrets mentioned in `Template` to namespaces which have the mentioned label. The rest of the work to deploy secret from a Sealed Secret has to be done by Sealed Secrets Controller. diff --git a/content/reference-guides/distributing-secrets.md b/content/reference-guides/distributing-secrets.md index b8de1463a..2e634fdda 100644 --- a/content/reference-guides/distributing-secrets.md +++ b/content/reference-guides/distributing-secrets.md @@ -71,7 +71,7 @@ spec: Bill has added support for a new label `distribute-image-pull-secret: true"` for tenant projects/namespaces, now MTO will add that label depending on the used field. -Finally, Bill creates a `TemplateGroupInstance` which will deploy the sealed secrets using the newly created project label and template. +Finally, Bill creates a `TemplateGroupInstance` which will deploy the Sealed Secrets using the newly created project label and template. ```yaml apiVersion: tenantoperator.stakater.com/v1alpha1 @@ -86,4 +86,4 @@ spec: sync: true ``` -MTO will now deploy the sealed secrets mentioned in `Template` to namespaces which have the mentioned label. The rest of the work to deploy secret from a sealed secret has to be done by Sealed Secrets Controller. +MTO will now deploy the Sealed Secrets mentioned in `Template` to namespaces which have the mentioned label. The rest of the work to deploy secret from a Sealed Secret has to be done by Sealed Secrets Controller. diff --git a/content/reference-guides/integrationconfig.md b/content/reference-guides/integrationconfig.md index 1bf7b3826..d2237466c 100644 --- a/content/reference-guides/integrationconfig.md +++ b/content/reference-guides/integrationconfig.md @@ -72,7 +72,7 @@ spec: ## Configuring Vault in IntegrationConfig -[Vault](https://www.vaultproject.io/) is used to secure, store and tightly control access to tokens, passwords, certificates, and encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API. +[Vault](https://www.vaultproject.io/) is used to secure, store and tightly control access to tokens, passwords, certificates, and encryption keys for protecting secrets and other sensitive data using a UI, CLI, or http API. If Bill (the cluster admin) has Vault configured in his cluster, then he can take benefit from MTO's integration with Vault. diff --git a/content/tutorials/argocd/enabling-multi-tenancy-argocd.md b/content/tutorials/argocd/enabling-multi-tenancy-argocd.md index 780cd4619..387d56cfd 100644 --- a/content/tutorials/argocd/enabling-multi-tenancy-argocd.md +++ b/content/tutorials/argocd/enabling-multi-tenancy-argocd.md @@ -129,7 +129,7 @@ Users belonging to the Sigma group will now only see applications created by the ![image](../../images/argocd.png) -## Prevent ArgoCD from syncing certain namespaced resources +## Prevent ArgoCD from syncing certain name-spaced resources Bill wants tenants to not be able to sync `ResourceQuota` and `LimitRange` resources to their namespaces. To do this correctly, Bill will specify these resources to blacklist in the ArgoCD portion of the [IntegrationConfig](../../how-to-guides/integration-config.md): diff --git a/content/tutorials/vault/enabling-multi-tenancy-vault.md b/content/tutorials/vault/enabling-multi-tenancy-vault.md index 143d132f8..02fccc8cf 100644 --- a/content/tutorials/vault/enabling-multi-tenancy-vault.md +++ b/content/tutorials/vault/enabling-multi-tenancy-vault.md @@ -2,7 +2,7 @@ ## Vault Multitenancy -HashiCorp Vault is an identity-based secret and encryption management system. Vault validates and authorizes a system's clients (users, machines, apps) before providing them access to secrets or stored sensitive data. +Hashicorp Vault is an identity-based secret and encryption management system. Vault validates and authorizes a system's clients (users, machines, apps) before providing them access to secrets or stored sensitive data. ## Vault integration in Multi Tenant Operator