Skip to content

Commit

Permalink
Merge pull request #158 from stakater/update
Browse files Browse the repository at this point in the history
Update main with 0.12 changes
  • Loading branch information
Bharath Nallapeta authored Jul 11, 2024
2 parents cd697a0 + 040466b commit b564d64
Showing 1 changed file with 46 additions and 42 deletions.
88 changes: 46 additions & 42 deletions content/crds-api-reference/integration-config.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,16 +13,26 @@ spec:
console: true
showback: true
ingress:
IngressClassName: 'nginx'
Keycloak:
Host: tenant-operator-keycloak.apps.mycluster-ams.abcdef.cloud
TLSSecretName: tenant-operator-tls
Console:
Host: tenant-operator-console.apps.mycluster-ams.abcdef.cloud
TLSSecretName: tenant-operator-tls
Gateway:
Host: tenant-operator-gateway.apps.mycluster-ams.abcdef.cloud
TLSSecretName: tenant-operator-tls
ingressClassName: 'nginx'
keycloak:
host: tenant-operator-keycloak.apps.mycluster-ams.abcdef.cloud
tlsSecretName: tenant-operator-tls
console:
host: tenant-operator-console.apps.mycluster-ams.abcdef.cloud
tlsSecretName: tenant-operator-tls
gateway:
host: tenant-operator-gateway.apps.mycluster-ams.abcdef.cloud
tlsSecretName: tenant-operator-tls
customPricingModel:
CPU: "0.031611"
spotCPU: "0.006655"
RAM: "0.004237"
spotRAM: "0.000892"
GPU: "0.95"
storage: "0.00005479452"
zoneNetworkEgress: "0.01"
regionNetworkEgress: "0.01"
internetNetworkEgress: "0.12"
accessControl:
rbac:
tenantRoles:
Expand All @@ -36,7 +46,6 @@ spec:
viewer:
clusterRoles:
- view
- viewer
custom:
- labelSelector:
matchExpressions:
Expand All @@ -54,7 +63,6 @@ spec:
- custom-editor
viewer:
clusterRoles:
- custom-viewer
- custom-view
namespaceAccessPolicy:
deny:
Expand Down Expand Up @@ -95,7 +103,7 @@ spec:
integrations:
keycloak:
realm: mto
address: https://keycloak.apps.prod.abcdefghi.kubeapp.cloud/
address: https://keycloak.apps.prod.abcdefghi.kubeapp.cloud
clientName: mto-console
argocd:
clusterResourceWhitelist:
Expand All @@ -107,7 +115,7 @@ spec:
namespace: openshift-operators
vault:
enabled: true
authMethod: kubernetes #enum: {kubernetes:default, Token}
authMethod: kubernetes #enum: {kubernetes:default, token}
accessInfo:
accessorPath: oidc/
address: https://vault.apps.prod.abcdefghi.kubeapp.cloud/
Expand All @@ -128,16 +136,16 @@ Following are the different components that can be used to configure multi-tenan
console: true
showback: true
ingress:
IngressClassName: nginx
Keycloak:
Host: tenant-operator-keycloak.apps.mycluster-ams.abcdef.cloud
TLSSecretName: tenant-operator-tls
Console:
Host: tenant-operator-console.apps.mycluster-ams.abcdef.cloud
TLSSecretName: tenant-operator-tls
Gateway:
Host: tenant-operator-gateway.apps.mycluster-ams.abcdef.cloud
TLSSecretName: tenant-operator-tls
ingressClassName: nginx
keycloak:
host: tenant-operator-keycloak.apps.mycluster-ams.abcdef.cloud
tlsSecretName: tenant-operator-tls
console:
host: tenant-operator-console.apps.mycluster-ams.abcdef.cloud
tlsSecretName: tenant-operator-tls
gateway:
host: tenant-operator-gateway.apps.mycluster-ams.abcdef.cloud
tlsSecretName: tenant-operator-tls
```
- `components.console:` Enables or disables the console GUI for MTO.
Expand Down Expand Up @@ -190,7 +198,6 @@ accessControl:
viewer:
clusterRoles:
- view
- viewer
custom:
- labelSelector:
matchExpressions:
Expand All @@ -208,7 +215,6 @@ accessControl:
- custom-editor
viewer:
clusterRoles:
- custom-viewer
- custom-view
namespaceAccessPolicy:
deny:
Expand All @@ -218,18 +224,18 @@ accessControl:
- [email protected]
groups:
- cluster-admins
privileged:
namespaces:
- ^default$
- ^openshift.*
- ^kube.*
serviceAccounts:
- ^system:serviceaccount:openshift.*
- ^system:serviceaccount:kube.*
users:
- ''
groups:
- cluster-admins
privileged:
namespaces:
- ^default$
- ^openshift.*
- ^kube.*
serviceAccounts:
- ^system:serviceaccount:openshift.*
- ^system:serviceaccount:kube.*
users:
- ''
groups:
- cluster-admins
```

### RBAC
Expand All @@ -240,7 +246,7 @@ RBAC is used to configure the roles that will be applied to each Tenant namespac

TenantRoles are required within the IntegrationConfig, as they are used for defining what roles will be applied to each Tenant namespace. The field allows optional custom roles, that are then used to create RoleBindings for namespaces that match a labelSelector.

> ⚠️ If you do not configure roles in any way, then the default OpenShift roles of `owner`, `edit`, and `view` will apply to Tenant members. Their details can be found [here](../reference-guides/custom-roles.md)
> ⚠️ If you do not configure roles in any way, then the default OpenShift roles of `owner`, `edit`, and `view` will apply to Tenant members. Their details can be found [here](../how-to-guides/custom-roles.md)

```yaml
rbac:
Expand All @@ -255,7 +261,6 @@ rbac:
viewer:
clusterRoles:
- view
- viewer
custom:
- labelSelector:
matchExpressions:
Expand All @@ -273,7 +278,6 @@ rbac:
- custom-editor
viewer:
clusterRoles:
- custom-viewer
- custom-view
```

Expand Down Expand Up @@ -428,7 +432,7 @@ Integrations are used to configure the integrations that MTO has with other tool
integrations:
keycloak:
realm: mto
address: https://keycloak.apps.prod.abcdefghi.kubeapp.cloud/
address: https://keycloak.apps.prod.abcdefghi.kubeapp.cloud
clientName: mto-console
argocd:
clusterResourceWhitelist:
Expand Down

0 comments on commit b564d64

Please sign in to comment.