From a71a4c0ad4d594c2d9619df65e313ddc4cd5805c Mon Sep 17 00:00:00 2001 From: Eneko Fernandez Date: Fri, 29 Dec 2023 10:01:44 +0100 Subject: [PATCH] last refactoring before opening pr Signed-off-by: Eneko Fernandez --- ...rprise-getting-started-advanced-topics.mdx | 2 +- ...tall-enterprise-getting-started-expand.mdx | 2 +- ...all-enterprise-getting-started-harden.mdx} | 35 +++++++------------ ...tall-enterprise-getting-started-manual.mdx | 28 ++++----------- .../install-enterprise-getting-started.mdx | 31 +++++++--------- .../{intro-enterprise.mdx => intro.mdx} | 31 +++++----------- website/sidebars.js | 6 ++-- 7 files changed, 45 insertions(+), 90 deletions(-) rename website/docs/enterprise/getting-started/{install-enterprise-getting-started-onboard.mdx => install-enterprise-getting-started-harden.mdx} (96%) rename website/docs/enterprise/getting-started/{intro-enterprise.mdx => intro.mdx} (77%) diff --git a/website/docs/enterprise/getting-started/install-enterprise-getting-started-advanced-topics.mdx b/website/docs/enterprise/getting-started/install-enterprise-getting-started-advanced-topics.mdx index 4864af5887..f2dc228d19 100644 --- a/website/docs/enterprise/getting-started/install-enterprise-getting-started-advanced-topics.mdx +++ b/website/docs/enterprise/getting-started/install-enterprise-getting-started-advanced-topics.mdx @@ -2,7 +2,7 @@ title: Advanced Topics hide_title: true toc_max_heading_level: 4 -pagination_prev: enterprise/getting-started/install-enterprise-getting-started-onboard +pagination_prev: enterprise/getting-started/install-enterprise-getting-started-harden pagination_next: enterprise/getting-started/install-enterprise-getting-started-expand --- diff --git a/website/docs/enterprise/getting-started/install-enterprise-getting-started-expand.mdx b/website/docs/enterprise/getting-started/install-enterprise-getting-started-expand.mdx index 242959eec6..652732576e 100644 --- a/website/docs/enterprise/getting-started/install-enterprise-getting-started-expand.mdx +++ b/website/docs/enterprise/getting-started/install-enterprise-getting-started-expand.mdx @@ -2,7 +2,7 @@ title: Step 3 - Expand Capabilities hide_title: true toc_max_heading_level: 4 -pagination_prev: enterprise/getting-started/install-enterprise-getting-started-onboard +pagination_prev: enterprise/getting-started/install-enterprise-getting-started-harden --- import Tabs from "@theme/Tabs"; diff --git a/website/docs/enterprise/getting-started/install-enterprise-getting-started-onboard.mdx b/website/docs/enterprise/getting-started/install-enterprise-getting-started-harden.mdx similarity index 96% rename from website/docs/enterprise/getting-started/install-enterprise-getting-started-onboard.mdx rename to website/docs/enterprise/getting-started/install-enterprise-getting-started-harden.mdx index 7b1d257926..a1f1d80944 100644 --- a/website/docs/enterprise/getting-started/install-enterprise-getting-started-onboard.mdx +++ b/website/docs/enterprise/getting-started/install-enterprise-getting-started-harden.mdx @@ -1,8 +1,8 @@ --- -title: Step 2 - Complete and Onboard +title: Step 2 - Harden hide_title: true -toc_max_heading_level: 4 -pagination_prev: enterprise/getting-started/install-enterprise-getting-started-onboard +toc_max_heading_level: 3 +pagination_prev: enterprise/getting-started/install-enterprise-getting-started-harden pagination_next: enterprise/getting-started/install-enterprise-getting-started-expand --- @@ -15,7 +15,7 @@ import oauthBitbucket from '/img/oauth-bitbucket.png'; import oauthAzureDevOps from '/img/oauth-azure-devops.png'; import oauthAzureDevOpsSuccess from '/img/oauth-azure-devops-success.png'; -# Step 2 - Complete and Onboard +# Step 2 - Harden :::info What to expect You have [started with WGE](../install-enterprise-getting-started) and already familiar with its [bootstrapping workflow](../install-enterprise-getting-started/#bootstrapping). @@ -24,13 +24,11 @@ You now want to complete your baseline setup before onboarding the rest of the t This guide provides you with recommendations to meet this bar. At the end of it, you are ready to onboard the rest of the team. ::: -## Authentication +## Setup OIDC Authentication As a reminder, Weave GitOps Enterprise supports as authentication methods, `Cluster User`, that you have likely setup as part of the previous step, and `OIDC`. OIDC is the recommended way for production, so take the time to set it up before onboarding other users. -### OIDC - :::warning Currently, we do not have a persistent session storage, this means that if you scale to multiple replicas, logins will not be persisted. ::: @@ -122,7 +120,7 @@ Use [`gitops check oidc-config`](../../../references/cli-reference/gitops_check_ See [Advanced Topics](#advanced-topics) for other OIDC topics like customise scopes. ::: -## Authorization +## Configure OIDC Authorization Weave GitOps Enterprise works with standard [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) to authorise: @@ -133,11 +131,9 @@ Weave GitOps Enterprise works with standard [Kubernetes RBAC](https://kubernetes During [getting started](../install-enterprise-getting-started/) you have created the default RBAC for the `Cluser User`, `Weave GitOps Service Account` and `Flux Service Accounts` but not for OIDC users. -### OIDC - Setup Authorization for OIDC users by both defining and deploying the RBAC rules. -#### Defining RBAC Rules +### Defining RBAC Rules RBAC rules are highly context-dependent and there is no one-size fits all. You would need to take the time with your Security organisation on defining them. We provide you with the following RBAC Configuration as inspirational to get you conversations started: It is purposefully vague as we intend to give a @@ -290,7 +286,7 @@ cluster client (and vice versa). -#### Deploy them via `/bases` +### Deploy them via `/bases` Once you have the rules defined, you want to ensure they are available in your environment. The `bases` pattern is a useful approach to easily achieve this. It works as follows: @@ -332,9 +328,7 @@ resources will be created. -## Configure Weave GitOps Enterprise - -### Enable Write Access to Git +## Enable Write Access to Git Weave GitOps Enterprise creates pull requests for adding resources. To do this, it needs to be able to write to the Git repository. Here we provide guidance for GitHub, GitLab, BitBucket Server, and Azure DevOps. @@ -457,14 +451,10 @@ Note that each user can view and manage which applications they have authorized -## Access the dashboard +## Configure Service and Ingress During [getting started](../install-enterprise-getting-started/) you have accessed the dashboard via its non-TLS ClusterIP service -which is not recommended to use for production environments. Use this section to evolve your access before onboarding users. - -### Configure Service and Ingress - -Weave GitOps Enterprise dashboard is by default available via its ClusterIP service. You could To achieve other networking configurations +which is not recommended to use for production environments. You could To achieve other networking configurations by modifying the `service` or `ingress` in the `HelmRelease` values: ```yaml @@ -482,7 +472,7 @@ spec: ... ``` -### Configure TLS +## Configure TLS By default, the WGE UI pod will listen on port `8000` with TLS enabled. WGE will generate and use a self-signed certificate for this purpose. @@ -508,7 +498,6 @@ Other ingress conguration changes can be made via the ingress configuration ... other parameters specific to the ingress type ... ``` - ## Next Steps Onboard the rest of the Platform Engineering team and head to [Step 3 - Expand](../install-enterprise-getting-started-expand) to extend diff --git a/website/docs/enterprise/getting-started/install-enterprise-getting-started-manual.mdx b/website/docs/enterprise/getting-started/install-enterprise-getting-started-manual.mdx index a6dbd00f38..098b2c7ac5 100644 --- a/website/docs/enterprise/getting-started/install-enterprise-getting-started-manual.mdx +++ b/website/docs/enterprise/getting-started/install-enterprise-getting-started-manual.mdx @@ -2,26 +2,20 @@ title: Manually hide_title: false pagination_prev: enterprise/getting-started/install-enterprise-getting-started -pagination_next: enterprise/getting-started/install-enterprise-getting-started-onboard +pagination_next: enterprise/getting-started/install-enterprise-getting-started-harden toc_max_heading_level: 4 --- import Tabs from "@theme/Tabs"; import TabItem from "@theme/TabItem"; -import TierLabel from "@site/docs/_components/TierLabel"; -import AlphaWarning from "../../_components/_alpha_warning.mdx"; import CurlCodeBlock from "../../_components/CurlCodeBlock"; -import oauthBitbucket from '/img/oauth-bitbucket.png'; -import oauthAzureDevOps from '/img/oauth-azure-devops.png'; -import oauthAzureDevOpsSuccess from '/img/oauth-azure-devops-success.png'; # Getting Started Manually -This guide will walk you through to manual getting started [bootstrapping](../install-enterprise-getting-started/#bootstrapping) route for Weave GitOps Enterprise. - -:::caution This guide aims to easy discovery or day-0 experiences. +:::info What to expect +You are a Platform Engineer in charge of discovering or setting up Weave GitOps Enterprise for your organisation. -Ensure you complete the [rest of the journeys](../install-enterprise-getting-started/) if you aim to onboard other Platform Engineers or Developers. +This guide will walk you through to manual getting started [bootstrapping](../install-enterprise-getting-started/#bootstrapping) route for Weave GitOps Enterprise. ::: ## Bootstrap Flux @@ -37,15 +31,7 @@ flux bootstrap git --url="https://example.com/repository.git" --"password=passwo flux bootstrap git --url="ssh://git@example.com/repository.git" --private-key-file="path/to/private.key" --password="password" --path="clusters/my-cluster" ``` -## Entitlements - -Weave GitOps Enterprise Entitlement is your obtained license to use our product. The Entitlements file is a Kubernetes secret that contains your licence. -To get the entitlement secret please contact *sales@weave.works*, then apply it on your management cluster with the name `weave-gitops-enterprise-credentials` under `flux-system` namespace. - -```bash - kubectl apply -n flux-system -f entitlements.yaml -``` -## Authentication +## Configure Authentication There are two supported authentication methods for Weave GitOps Enterprise: @@ -92,7 +78,7 @@ Use these credentials to login as `ClusterUser` via the UI. Ensure your [authentication is fit for production](../install-enterprise-onboard-platform-engineers#authentication) before onboarding other Platform Engineers or Developers. ::: -## Authorization +## Configure Authorization Weave GitOps Enterprise works with standard [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) to define what actions can a subject do-over the existing resources. Weave GitOps requires authorization for the following subjects: @@ -175,7 +161,7 @@ They are generated during Flux Bootstrapping. More information about Flux Author Ensure your [authorization is fit for production](../install-enterprise-onboard-platform-engineers#authorization) before onboarding other Platform Engineers or Developers. ::: -## Install WGE +## Deploy the HelmRelease We install Weave GitOps Enterprise via Flux Helm Release that you could deploy via the CLI or manually: diff --git a/website/docs/enterprise/getting-started/install-enterprise-getting-started.mdx b/website/docs/enterprise/getting-started/install-enterprise-getting-started.mdx index 2821d5b28f..4955e5e60b 100644 --- a/website/docs/enterprise/getting-started/install-enterprise-getting-started.mdx +++ b/website/docs/enterprise/getting-started/install-enterprise-getting-started.mdx @@ -1,8 +1,8 @@ --- title: Step 1 - Getting Started hide_title: true -pagination_prev: enterprise/getting-started/intro-enterprise -pagination_next: enterprise/getting-started/install-enterprise-getting-started-onboard +pagination_prev: enterprise/getting-started/intro +pagination_next: enterprise/getting-started/install-enterprise-getting-started-harden toc_max_heading_level: 4 --- @@ -72,20 +72,10 @@ To get the entitlement secret please contact *sales@weave.works*, then apply it ``` ## Bootstrapping -Bootstrapping is the workflow that installs Weave GitOps Enterprise in your environment by executing these stages: +Bootstrap Weave GitOps Enterprise in your environment by any of these methods: -1. **Bootstrap Flux**: bootstrap Flux on your Management Cluster. -2. **Entitlements**: verify your Entitlements. -3. **Authentication**: configure how users authenticate. -4. **Authorization**: configure what your users and other subjects can do. -5. **Install WGE**: deploy Weave GitOps Enterprise via Flux Helm Release. -6. **Access the dashboard**: access the application as you expect. -7. **Extend WGE**: add other capabilities to support your Platform workflows. - -Run the method that better match your expectations. - - - + + :::tip Recommended path if: @@ -101,7 +91,7 @@ You have limited knowledge about the product and / or want guidance step-by-step - + :::tip Recommended Path if: You are already familiar with installing Weave GitOps Enterprise. You wan to leverage the CLI for consistency and automation. @@ -135,7 +125,12 @@ gitops bootstrap --silent \ You want to have full control on the process or your context cannot be handled via the CLI. ::: -Continue to [Manual Bootstrapping](../install-enterprise-getting-started-manual) to guide you. +Execute the following tasks to manually bootstrap: + +1. [**Bootstrap Flux**](../install-enterprise-getting-started-manual/#bootstrap-flux) +2. [**Configure Authentication**](../install-enterprise-getting-started-manual/#configure-authentication) +3. [**Configure Authorization**](../install-enterprise-getting-started-manual/#configure-authorization) +4. [**Deploy WGE HelmRelease**](../install-enterprise-getting-started-manual/#deploy-the-helmrelease) @@ -159,5 +154,5 @@ Access your browser on [http://localhost:8000](http://localhost:8000) to see the ## Next Steps You have bootstrapped Weave GitOps Enterprise and Flux on your Management Cluster. Continue to -[Step 2 - Onboarding](../install-enterprise-getting-started-onboard) to harden your environment +[Step 2 - Onboarding](../install-enterprise-getting-started-harden) to harden your environment to onboard the rest of the team. diff --git a/website/docs/enterprise/getting-started/intro-enterprise.mdx b/website/docs/enterprise/getting-started/intro.mdx similarity index 77% rename from website/docs/enterprise/getting-started/intro-enterprise.mdx rename to website/docs/enterprise/getting-started/intro.mdx index 409c59e6ff..b3a19133b3 100644 --- a/website/docs/enterprise/getting-started/intro-enterprise.mdx +++ b/website/docs/enterprise/getting-started/intro.mdx @@ -7,33 +7,18 @@ import Link from "@docusaurus/Link"; # Weave GitOps Enterprise -:::tip Ready for more GitOps? -To purchase an entitlement to Weave GitOps Enterprise, please contact [sales@weave.works](mailto:sales@weave.works). -::: - [Weave GitOps Enterprise](https://www.weave.works/product/enterprise-faq/) is a platform engineering solution that extends Kubernetes to manage the platform using the GitOps model. It is a developer friendly Kubernetes application platform for on-premise and cloud deployment and is additive to standard managed Kubernetes tools (e.g., OpenShift, Rancher, EKS, AKS, etc.). WGE offers streamlined operations, enhanced developer productivity, compliance and security, scalability, and growth, and provides trusted support and readiness for production. -- Continue to [Getting Started](#getting-started) to start your Weave GitOpps Enterprise journey. -- Reade more about [features](#feature-breakdown) or in [Weave GitOps Enterprise FAQ](https://www.weave.works/product/enterprise-faq/) for more information. - -## Install - -You are a Platform Engineer who is in charge of discovering or setting up Weave GitOps Enterprise (WGE) for your organisation. -We propose you to tackle it in three days: - -### Step 1: Getting Started +:::tip Start onboarding -[**Get your environment setup**](../install-enterprise-getting-started) with limited knowledge about WGE. You want to do some initial discovery or to layout the foundations. +As a Platform Engineer, you bear the task of either exploring or establishing Weave GitOps Enterprise (WGE) +within your organization. We suggest that you onboard following these steps: -### Step 2: Onboard the team - -[**Onboard Platform Engineers**](../install-enterprise-onboard): you want to harden your setup to onboard other Platform Engineers. Other Platform Engineers setup any WGE capabilities for your devs. - -[**Onboard Developers**](../install-enterprise-onboard): the platform capabilities have been setup and you ready to start onboard developers. - -### Day 2: Operate & Improve - -- TBA +- [**Step 1 - Get Started**](../install-enterprise-getting-started) quickly with limited knowledge about WGE. This is your first action aimed at conducting preliminary exploration, or laying out the groundwork. +- [**Step 2 - Harden**](../install-enterprise-getting-started-harden) your setup and onboard to other Platform Engineers. +- [**Step 3 - Expand**](../install-enterprise-expand) what WGE can do with the rest of the Platform Engineering team. +- [**Step 4 - Onboard and Operate**](../install-enterprise-expand): onboard your Developers and operate the Platform. +::: ## Feature Breakdown diff --git a/website/sidebars.js b/website/sidebars.js index 74cad7f012..b3170875eb 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -36,7 +36,7 @@ module.exports = { label: "Weave GitOps Enterprise", link: { type: "doc", - id: "enterprise/getting-started/intro-enterprise", + id: "enterprise/getting-started/intro", }, items: [ { @@ -52,10 +52,10 @@ module.exports = { }, { type: "category", - label: "Step 2 - Complete and Onboard", + label: "Step 2 - Harden", link: { type: "doc", - id: "enterprise/getting-started/install-enterprise-getting-started-onboard", + id: "enterprise/getting-started/install-enterprise-getting-started-harden", }, items: [ "enterprise/getting-started/install-enterprise-getting-started-advanced-topics",