-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #164 from stakater/automation/mto-chart-update-main
Merge automation/mto-chart-update-main into main
- Loading branch information
Showing
5 changed files
with
204 additions
and
27 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
# Basic vs Enterprise Tier | ||
|
||
Multi Tenant Operator offers two types of versions to the end customers | ||
|
||
* Basic Tier (up to 2 Tenants) | ||
* Enterprise Tier | ||
|
||
## License Configuration | ||
|
||
We offer a basic tier license with installation, and you can create max 2 [Tenants](../tutorials/tenant/create-tenant.md) with it. | ||
|
||
For our Enterprise version, you need to have a configmap `license` created in MTO's namespace (multi-tenant-operator). To get this configmap, you can contact [`[email protected]`](mailto:[email protected]). It would look like this: | ||
|
||
```yaml | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: license | ||
namespace: multi-tenant-operator | ||
data: | ||
payload.json: | | ||
{ | ||
"metaData": { | ||
"tier" : "paid", | ||
"company": "<company name here>" | ||
} | ||
} | ||
signature.base64.txt: <base64 signature here.> | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,114 @@ | ||
# Helm Chart Options | ||
|
||
Following options are available in the Helm Chart for Multi Tenant Operator: | ||
|
||
```yaml | ||
platform: Kubernetes | ||
|
||
# bypassedGroups are the comma-separated names of Groups which are bypassed in Namespace and Rolebinding webhooks | ||
bypassedGroups: "system:cluster-admins,system:masters" | ||
|
||
replicaCount: 1 | ||
|
||
operator: | ||
image: | ||
repository: ghcr.io/stakater/public/tenant-operator | ||
tag: v0.12.62 | ||
pullPolicy: IfNotPresent | ||
serviceAccount: | ||
# Annotations to add to the service account | ||
annotations: {} | ||
# The name of the service account to use. | ||
# If not set and create is true, a name is generated using the fullname template | ||
name: "controller-manager" | ||
|
||
imagePullSecrets: [] | ||
|
||
nameOverride: "" | ||
fullnameOverride: "" | ||
|
||
watchNamespaces: [] | ||
|
||
# Webhook Configuration | ||
webhook: | ||
enabled: true | ||
certificates: | ||
create: true | ||
|
||
deployment: | ||
annotations: | ||
# reloader.stakater.com/auto: "true" | ||
|
||
service: | ||
type: ClusterIP | ||
port: 443 | ||
|
||
podSecurityContext: | ||
runAsNonRoot: true | ||
|
||
securityContext: | ||
{} | ||
# capabilities: | ||
# drop: | ||
# - ALL | ||
# readOnlyRootFilesystem: true | ||
# runAsNonRoot: true | ||
# runAsUser: 1000 | ||
|
||
resources: | ||
|
||
limits: | ||
cpu: 100m | ||
memory: 2Gi | ||
requests: | ||
cpu: 10m | ||
memory: 200Mi | ||
|
||
nodeSelector: {} | ||
|
||
tolerations: [] | ||
|
||
affinity: {} | ||
|
||
integrationConfig: | ||
# create: false | ||
accessControl: | ||
privileged: | ||
namespaces: | ||
- ^default$ | ||
- ^openshift-.* | ||
- ^stakater-.* | ||
- ^kube-.* | ||
- ^redhat-.* | ||
- ^hive-.* | ||
serviceAccounts: | ||
- ^system:serviceaccount:openshift-.* | ||
- ^system:serviceaccount:stakater-.* | ||
- ^system:serviceaccount:kube-.* | ||
- ^system:serviceaccount:redhat-.* | ||
- ^system:serviceaccount:hive-.* | ||
groups: | ||
# - saap-cluster-admins | ||
components: | ||
console: false | ||
showback: false | ||
|
||
userRoles: | ||
create: true | ||
|
||
# Extend tenant cluster manager role | ||
managerRoleExtendedRules: | ||
{} | ||
# - apiGroups: | ||
# - user.openshift.io | ||
# resources: | ||
# - groups | ||
# verbs: | ||
# - create | ||
# - delete | ||
# - get | ||
# - list | ||
# - patch | ||
# - update | ||
# - watch | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
# On Kubernetes | ||
|
||
This document contains instructions on installing, uninstalling and configuring Multi Tenant Operator on Kubernetes. | ||
|
||
1. [Installing via Helm CLI](#installing-via-helm-cli) | ||
|
||
1. [Uninstall](#uninstall-via-helm-cli) | ||
|
||
## Requirements | ||
|
||
* A **Kubernetes** cluster (v1.24 or higher) | ||
* [Helm CLI](https://helm.sh/docs/intro/install/) | ||
* [kubectl](https://kubernetes.io/docs/tasks/tools/) | ||
* To run on Kubernetes, two certificates are needed in the operator namespace for the operator to be up and running, named | ||
1. `quota-template-intconfig-server-cert` pointing to `multi-tenant-operator-quota-template-intconfig-webhook-service.{{ .Release.Namespace }}.svc.cluster.local` | ||
1. `webhook-server-cert` pointing to `multi-tenant-operator-webhook-service.{{ .Release.Namespace }}.svc.cluster.local` | ||
|
||
If you are using [Cert Manager](https://cert-manager.io/docs/installation/), these certificates will be handled by templates in Helm Chart | ||
|
||
## Installing via Helm CLI | ||
|
||
* Public Helm Chart of MTO is available at [Stakater GHCR Packages](https://github.com/orgs/stakater/packages/container/package/public/charts/multi-tenant-operator) and available Helm options can be seen at [MTO Helm Chart Options](./helm-values.md) | ||
|
||
* Use `helm install` command to install MTO helm chart. Here, `bypassedGroups` has the names of groups which are designated as Cluster Admins in your cluster. For this example, we will use `system:masters` | ||
|
||
```terminal | ||
helm install tenant-operator oci://ghcr.io/stakater/public/charts/multi-tenant-operator --version 0.12.62 --namespace multi-tenant-operator --create-namespace --set bypassedGroups=system:masters' | ||
``` | ||
|
||
!!! note | ||
It is better to install MTO in its preferred namespace, `multi-tenant-operator` | ||
|
||
Wait for the pods to be up | ||
|
||
```terminal | ||
kubectl get pods -n multi-tenant-operator --watch | ||
``` | ||
|
||
After all pods come in running state, you can move to next sections on [Licensing](./basic-vs-enterprise-tier.md) and [Tutorials](../tutorials/tenant/create-tenant.md) | ||
|
||
## Uninstall via Helm CLI | ||
|
||
MTO can be uninstalled by Helm CLI if Helm was used to install it earlier. | ||
|
||
* Use `helm uninstall` command to remove the earlier created `Helm Release` in `multi-tenant-operator` namespace | ||
|
||
```terminal | ||
helm uninstall tenant-operator --namespace multi-tenant-operator | ||
``` | ||
|
||
## Notes | ||
|
||
* For details on licensing of MTO please refer [Basic vs Enterprise Tier](./basic-vs-enterprise-tier.md). | ||
* For more details on how to use MTO please refer [Tenant tutorial](../tutorials/tenant/create-tenant.md). | ||
* For details on how to extend your MTO manager ClusterRole please refer [extend-default-clusterroles](../how-to-guides/extend-default-roles.md). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -8,13 +8,11 @@ This document contains instructions on installing, uninstalling and configuring | |
|
||
1. [Enabling Console](#enabling-console) | ||
|
||
1. [License configuration](#license-configuration) | ||
|
||
1. [Uninstall](#uninstall-via-operatorhub-ui) | ||
|
||
## Requirements | ||
|
||
* An **OpenShift** cluster [v4.8 - v4.13] | ||
* An **OpenShift** cluster [v4.8 - v4.15] | ||
|
||
## Installing via OperatorHub UI | ||
|
||
|
@@ -141,29 +139,6 @@ spec: | |
|
||
* Now the `InstallPlan` will be approved, and MTO console components will be installed. | ||
|
||
## License Configuration | ||
|
||
We offer a free license with installation, and you can create max 2 [Tenants](../tutorials/tenant/create-tenant.md) with it. | ||
|
||
We offer a paid license as well. You need to have a configmap `license` created in MTO's namespace (multi-tenant-operator). To get this configmap, you can contact [`[email protected]`](mailto:[email protected]). It would look like this: | ||
|
||
```yaml | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: license | ||
namespace: multi-tenant-operator | ||
data: | ||
payload.json: | | ||
{ | ||
"metaData": { | ||
"tier" : "paid", | ||
"company": "<company name here>" | ||
} | ||
} | ||
signature.base64.txt: <base64 signature here.> | ||
``` | ||
|
||
## Uninstall via OperatorHub UI | ||
|
||
You can uninstall MTO by following these steps: | ||
|
@@ -184,5 +159,6 @@ You can uninstall MTO by following these steps: | |
|
||
## Notes | ||
|
||
* For details on licensing of MTO please refer [Basic vs Enterprise Tier](./basic-vs-enterprise-tier.md). | ||
* For more details on how to use MTO please refer [Tenant tutorial](../tutorials/tenant/create-tenant.md). | ||
* For more details on how to extend your MTO manager ClusterRole please refer [extend-default-clusterroles](../how-to-guides/extend-default-roles.md). | ||
* For details on how to extend your MTO manager ClusterRole please refer [extend-default-clusterroles](../how-to-guides/extend-default-roles.md). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters