From e089a5dd58dd39dee5f38583f4ccb2de891dd269 Mon Sep 17 00:00:00 2001 From: Meg McRoberts Date: Thu, 2 Mar 2023 01:03:02 -0800 Subject: [PATCH 01/23] k8s doc references on landing page Signed-off-by: Meg McRoberts --- docs/content/en/docs/crd-ref/_index.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/docs/content/en/docs/crd-ref/_index.md b/docs/content/en/docs/crd-ref/_index.md index 23e517ce9c..b1838abd9c 100644 --- a/docs/content/en/docs/crd-ref/_index.md +++ b/docs/content/en/docs/crd-ref/_index.md @@ -13,3 +13,21 @@ that are defined for the Keptn Lifecycle Toolkit. Information that is published here has been reviewed for technical accuracy but the format and content is still evolving. We welcome your input!** + +Each CRD is an object of an API library. +Keptn APIs follow the Kubernetes API versioning scheme. +and is itself composed of objects and sub-objects. + +For more information, see the Kubernetes documentation: + +* [API Overview](https://kubernetes.io/docs/reference/using-api/) + +* [Custom Resources](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/#:~:text=A%20resource%20is%20an%20endpoint,in%20a%20default%20Kubernetes%20installation.) + +* [API versioning](https://kubernetes.io/docs/reference/using-api/#api-versioning) + +* [Understanding Kubernetes Objects](https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/) + + + + From 3246ac609d6b424125873304c508f351e4e3e32a Mon Sep 17 00:00:00 2001 From: Meg McRoberts Date: Thu, 2 Mar 2023 01:24:22 -0800 Subject: [PATCH 02/23] process go.mod file --- docs/go.mod | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/docs/go.mod b/docs/go.mod index 7ae5fbaa06..bb69a32b84 100644 --- a/docs/go.mod +++ b/docs/go.mod @@ -4,7 +4,4 @@ go 1.19 require github.com/keptn-sandbox/lifecycle-toolkit-docs v0.0.0-20230209144724-01b35a6cfc44 // indirect= -require ( - github.com/google/docsy/dependencies v0.6.0 // indirect - github.com/keptn-sandbox/lifecycle-toolkit-docs v0.0.0-20230209144724-01b35a6cfc44 // indirect -) +require github.com/google/docsy/dependencies v0.6.0 // indirect From f377a78af520cbc497e8b04cb0e23bb50b4671ea Mon Sep 17 00:00:00 2001 From: Meg McRoberts Date: Tue, 11 Apr 2023 16:42:46 -0700 Subject: [PATCH 03/23] periods at end of list items Signed-off-by: Meg McRoberts --- docs/content/en/docs/crd-ref/_index.md | 2 - docs/content/en/docs/install/_index.md | 1 + docs/content/en/docs/install/cert-manager.md | 86 ++++++++++++++++++++ docs/content/en/docs/install/reqs.md | 9 ++ 4 files changed, 96 insertions(+), 2 deletions(-) create mode 100644 docs/content/en/docs/install/cert-manager.md diff --git a/docs/content/en/docs/crd-ref/_index.md b/docs/content/en/docs/crd-ref/_index.md index 13ab97bf81..b96035fe53 100644 --- a/docs/content/en/docs/crd-ref/_index.md +++ b/docs/content/en/docs/crd-ref/_index.md @@ -30,5 +30,3 @@ For more information, see the Kubernetes documentation: * [API versioning](https://kubernetes.io/docs/reference/using-api/#api-versioning) * [Understanding Kubernetes Objects](https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/) - - diff --git a/docs/content/en/docs/install/_index.md b/docs/content/en/docs/install/_index.md index c52a48f9f1..2a2b2b4e4d 100644 --- a/docs/content/en/docs/install/_index.md +++ b/docs/content/en/docs/install/_index.md @@ -19,6 +19,7 @@ or as part of an existing production cluster. 1. Understand the [Software versions and resources](reqs.md) that are required 1. [Bring or create your Kubernetes cluster](k8s.md) +1. [Replace the default cert-manager](cert-manager.md) (optional) 1. [Install the Keptn Lifecycle Controller](install.md) 1. [Integrate the Keptn Lifecycle Controller into your Kubernetes cluster](integrate.md) 1. [Upgrade](upgrade.md) to a new version of the Keptn Lifecycle Toolkit diff --git a/docs/content/en/docs/install/cert-manager.md b/docs/content/en/docs/install/cert-manager.md new file mode 100644 index 0000000000..076327f75c --- /dev/null +++ b/docs/content/en/docs/install/cert-manager.md @@ -0,0 +1,86 @@ +--- +title: Implement your own cert-manager (optional) +description: Replace the default KLT cert-manager +weight: 30 +hidechildren: false # this flag hides all sub-pages in the sidebar-multicard.html +--- + +The Keptn Lifecycle Toolkit includes +a light-weight, customized cert-manager +that is used for installation and to implement Webhooks. +Bundling the cert-manager simplifies the installation for new users +and provides the functionality KLT needs +without the overhead of other cert-managers. + +However, KLT works well with standard cert-managers. +You can redefine the cert-manager that KLT uses *before* you install KLT. + +The steps are: + +* Install the cert-manager of your choice. +* Modify the `Deployment` manifest of each KLT component. +* Add the `Certificate` CRD for the cert-manager you are using. + +## Modify the KLT manifest + +You must modify the KLT manifest for each KLT component +to make it aware of the cert-manager you are using. +The instructions here are for implementing +[cert-manager.io](https://cert-manager.io/); +the process is similar for other cert-managers. + +To do this, change the `Deployment` manifest of each KLT component +and **replace** the following `volumes` definition + + ```yaml + - emptyDir: {} + name: certs-dir + ``` + + with + + ```yaml + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert + ``` + +The manifests must have the following special annotation: + +```yaml +cert-manager.io/inject-ca-from=klt-serving-cert/keptn-lifecycle-toolkit-system +``` + +The value of the annotation must match the +`name/namespace` of the cert-manager CRD discussed below. + +## Add the CRD for your cert-manager + +```yaml +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: klt-serving-cert + namespace: keptn-lifecycle-toolkit-system +spec: + dnsNames: + - lifecycle-webhook-service.keptn-lifecycle-toolkit-system.svc + - lifecycle-webhook-service.keptn-lifecycle-toolkit-system.svc.cluster.local + issuerRef: + kind: Issuer + name: klt-selfsigned-issuer + :secretName webhook-server-cert // this has to match the name of the "secretName" field in the volume definition of step 1 +``` + +Note the following about these fields: + +* The `apiVersion` field refers to the API for the cert-manager. +* The `metadata` section includes two fields. + The value of these fields must match the annotations +* The value of the `secretName` field + must match the value of the `secretName` field used + in the `volumes` definition section of the KLT manifests above. + +See the [CA Injector](https://cert-manager.io/docs/concepts/ca-injector/) +documentation for more details. diff --git a/docs/content/en/docs/install/reqs.md b/docs/content/en/docs/install/reqs.md index eb20b5793f..e9ec16d46b 100644 --- a/docs/content/en/docs/install/reqs.md +++ b/docs/content/en/docs/install/reqs.md @@ -12,3 +12,12 @@ hidechildren: false # this flag hides all sub-pages in the sidebar-multicard.htm The Keptn Lifecycle Controller requires Kubernetes v1.24.0 or later. ## Resource requirements + +## cert-manager + +KLT includes a lightweight cert-manager +that is used for installation and Webhooks. +You can configure a different cert-manager +before you install KLT. +See [Implement your own cert-manager](cert-manager.md) +for instructions. From 4fab1921f9728418c74c02fad3ed626c0358501e Mon Sep 17 00:00:00 2001 From: Meg McRoberts Date: Tue, 11 Apr 2023 17:54:01 -0700 Subject: [PATCH 04/23] Each manifest Signed-off-by: Meg McRoberts --- docs/content/en/docs/install/cert-manager.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/en/docs/install/cert-manager.md b/docs/content/en/docs/install/cert-manager.md index 076327f75c..f597e9b91b 100644 --- a/docs/content/en/docs/install/cert-manager.md +++ b/docs/content/en/docs/install/cert-manager.md @@ -46,7 +46,7 @@ and **replace** the following `volumes` definition secretName: webhook-server-cert ``` -The manifests must have the following special annotation: +Each manifest must have the following special annotation: ```yaml cert-manager.io/inject-ca-from=klt-serving-cert/keptn-lifecycle-toolkit-system From bc83733f4feed32302f6eeeb01d44478646c339b Mon Sep 17 00:00:00 2001 From: Meg McRoberts Date: Tue, 11 Apr 2023 17:55:55 -0700 Subject: [PATCH 05/23] annotations match above Signed-off-by: Meg McRoberts --- docs/content/en/docs/install/cert-manager.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/content/en/docs/install/cert-manager.md b/docs/content/en/docs/install/cert-manager.md index f597e9b91b..ec7180f590 100644 --- a/docs/content/en/docs/install/cert-manager.md +++ b/docs/content/en/docs/install/cert-manager.md @@ -78,6 +78,7 @@ Note the following about these fields: * The `apiVersion` field refers to the API for the cert-manager. * The `metadata` section includes two fields. The value of these fields must match the annotations + used in the manifests. * The value of the `secretName` field must match the value of the `secretName` field used in the `volumes` definition section of the KLT manifests above. From 6cbd89d5fa030a0db07c5c2b764a987cb0cc7c17 Mon Sep 17 00:00:00 2001 From: Meg McRoberts Date: Wed, 12 Apr 2023 00:54:30 -0700 Subject: [PATCH 06/23] Update docs/content/en/docs/install/cert-manager.md Signed-off-by: Meg McRoberts meg.mcroberts@dynatrace.com Co-authored-by: Giovanni Liva Signed-off-by: Meg McRoberts --- docs/content/en/docs/install/cert-manager.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/en/docs/install/cert-manager.md b/docs/content/en/docs/install/cert-manager.md index ec7180f590..b4846b385b 100644 --- a/docs/content/en/docs/install/cert-manager.md +++ b/docs/content/en/docs/install/cert-manager.md @@ -1,5 +1,5 @@ --- -title: Implement your own cert-manager (optional) +title: Use your own cert-manager (optional) description: Replace the default KLT cert-manager weight: 30 hidechildren: false # this flag hides all sub-pages in the sidebar-multicard.html From 4102d7b6546f14f95b96b0ab7ce89b4ad8544dd5 Mon Sep 17 00:00:00 2001 From: Meg McRoberts Date: Wed, 12 Apr 2023 00:54:47 -0700 Subject: [PATCH 07/23] Update docs/content/en/docs/install/cert-manager.md Signed-off-by: Meg McRoberts meg.mcroberts@dynatrace.com Co-authored-by: Giovanni Liva Signed-off-by: Meg McRoberts --- docs/content/en/docs/install/cert-manager.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/en/docs/install/cert-manager.md b/docs/content/en/docs/install/cert-manager.md index b4846b385b..1b3cc9929a 100644 --- a/docs/content/en/docs/install/cert-manager.md +++ b/docs/content/en/docs/install/cert-manager.md @@ -7,7 +7,7 @@ hidechildren: false # this flag hides all sub-pages in the sidebar-multicard.htm The Keptn Lifecycle Toolkit includes a light-weight, customized cert-manager -that is used for installation and to implement Webhooks. +that is used to register Webhooks to the [KubeAPI](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/). Bundling the cert-manager simplifies the installation for new users and provides the functionality KLT needs without the overhead of other cert-managers. From fdac30935183c58c90f4cf204f2082c362a6c6f7 Mon Sep 17 00:00:00 2001 From: Meg McRoberts Date: Wed, 12 Apr 2023 00:55:11 -0700 Subject: [PATCH 08/23] Update docs/content/en/docs/install/cert-manager.md Signed-off-by: Meg McRoberts meg.mcroberts@dynatrace.com Co-authored-by: Giovanni Liva Signed-off-by: Meg McRoberts --- docs/content/en/docs/install/cert-manager.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/en/docs/install/cert-manager.md b/docs/content/en/docs/install/cert-manager.md index 1b3cc9929a..581fe56136 100644 --- a/docs/content/en/docs/install/cert-manager.md +++ b/docs/content/en/docs/install/cert-manager.md @@ -70,7 +70,7 @@ spec: issuerRef: kind: Issuer name: klt-selfsigned-issuer - :secretName webhook-server-cert // this has to match the name of the "secretName" field in the volume definition of step 1 + secretName webhook-server-cert // this has to match the name of the "secretName" field in the volume definition ``` Note the following about these fields: From 3d555307015a6bc2ed97e00c83e825258289dd8d Mon Sep 17 00:00:00 2001 From: Meg McRoberts Date: Wed, 12 Apr 2023 00:59:50 -0700 Subject: [PATCH 09/23] more explicit that cert-manager is optional step Signed-off-by: Meg McRoberts --- docs/content/en/docs/install/_index.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/content/en/docs/install/_index.md b/docs/content/en/docs/install/_index.md index 2a2b2b4e4d..b5ac6c8293 100644 --- a/docs/content/en/docs/install/_index.md +++ b/docs/content/en/docs/install/_index.md @@ -19,7 +19,9 @@ or as part of an existing production cluster. 1. Understand the [Software versions and resources](reqs.md) that are required 1. [Bring or create your Kubernetes cluster](k8s.md) -1. [Replace the default cert-manager](cert-manager.md) (optional) +1. [Replace the default cert-manager](cert-manager.md) (optional). + This step is only required if you want to replace the default KLT cert-manager + with another cert-manager. 1. [Install the Keptn Lifecycle Controller](install.md) 1. [Integrate the Keptn Lifecycle Controller into your Kubernetes cluster](integrate.md) 1. [Upgrade](upgrade.md) to a new version of the Keptn Lifecycle Toolkit From addefb89afac394128cc7a98bca5d1c86ac3f4bb Mon Sep 17 00:00:00 2001 From: Meg McRoberts Date: Wed, 12 Apr 2023 06:59:11 -0700 Subject: [PATCH 10/23] Update docs/content/en/docs/install/cert-manager.md Signed-off-by: Meg McRoberts meg.mcroberts@dynatrace.com Co-authored-by: Giovanni Liva Signed-off-by: Meg McRoberts --- docs/content/en/docs/install/cert-manager.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/content/en/docs/install/cert-manager.md b/docs/content/en/docs/install/cert-manager.md index 581fe56136..aca9cc0b0d 100644 --- a/docs/content/en/docs/install/cert-manager.md +++ b/docs/content/en/docs/install/cert-manager.md @@ -42,8 +42,8 @@ and **replace** the following `volumes` definition ```yaml - name: cert secret: - defaultMode: 420 - secretName: webhook-server-cert + defaultMode: 420 + secretName: webhook-server-cert ``` Each manifest must have the following special annotation: From 35df1d8a019fb13354738d28550c8893aeedd04d Mon Sep 17 00:00:00 2001 From: Meg McRoberts Date: Thu, 13 Apr 2023 02:03:36 -0700 Subject: [PATCH 11/23] Add architectural description of cert-manager Signed-off-by: Meg McRoberts --- .../concepts/architecture/cert-manager.md | 43 +++++++++++++++++++ .../overview/klc-cert-manager/_index.md | 24 ----------- docs/content/en/docs/install/cert-manager.md | 32 ++++++++------ 3 files changed, 63 insertions(+), 36 deletions(-) create mode 100644 docs/content/en/docs/concepts/architecture/cert-manager.md delete mode 100644 docs/content/en/docs/concepts/overview/klc-cert-manager/_index.md diff --git a/docs/content/en/docs/concepts/architecture/cert-manager.md b/docs/content/en/docs/concepts/architecture/cert-manager.md new file mode 100644 index 0000000000..717013d010 --- /dev/null +++ b/docs/content/en/docs/concepts/architecture/cert-manager.md @@ -0,0 +1,43 @@ +--- +title: Keptn Certificate Manager +description: Learn how the cert-manager works +icon: concepts +layout: quickstart +weight: 100 +hidechildren: true # this flag hides all sub-pages in the sidebar-multicard.html +--- + +### Keptn Cert Manager + +The Lifecycle Toolkit includes a Mutating Webhook +that requires TLS certificates to be mounted as a volume in its pod. +In version 0.6.0 and later, the certificate creation +is handled automatically by +the [klt-cert-manager](https://github.com/keptn/lifecycle-toolkit/blob/main/klt-cert-manager/README.md). + +How it works: + +* The certificate is created as a secret +in the `keptn-lifecycle-toolkit-system` namespace +with a renewal threshold of 12 hours. +* If the certificate expires, +the [klt-cert-manager](https://github.com/keptn/lifecycle-toolkit/blob/main/klt-cert-manager/README.md) +renews it. +* The Lifecycle Toolkit operator waits for a valid certificate to be ready. +* When the certificate is ready, + it is mounted on an empty dir volume in the operator. + +When a certificate is left over from an older version, +the webhook or the operator may generate errors +because of an invalid certificate. +To solve this, delete the certificate and restart the operator. + +`klt-cert-manager` is a customized certificate manager +that is installed with the Lifecycle Toolkit by default. +It is included to simplify installation for new users +and because it is much smaller than most standard certificate managers. +However, KLT is compatible with most certificate managers +and can be configured to use another certificate manager if you prefer. +See [Use your own cert-manager](../../install/cert-manager) +for instructions. + diff --git a/docs/content/en/docs/concepts/overview/klc-cert-manager/_index.md b/docs/content/en/docs/concepts/overview/klc-cert-manager/_index.md deleted file mode 100644 index b76c12d29a..0000000000 --- a/docs/content/en/docs/concepts/overview/klc-cert-manager/_index.md +++ /dev/null @@ -1,24 +0,0 @@ ---- -title: Keptn Certificate Manager -icon: concepts -layout: quickstart -weight: 5 -hidechildren: true # this flag hides all sub-pages in the sidebar-multicard.html ---- - -### Keptn Cert Manager - -The Lifecycle Toolkit includes a Mutating Webhook which requires TLS certificates to be mounted as a volume in its pod. -In version 0.6.0 and later, the certificate creation -is handled automatically by -the [klt-cert-manager](https://github.com/keptn/lifecycle-toolkit/blob/main/klt-cert-manager/README.md). - -The certificate is created as a secret in the `keptn-lifecycle-toolkit-system` namespace with a renewal threshold of 12 -hours. -If it expires, the [klt-cert-manager](https://github.com/keptn/lifecycle-toolkit/blob/main/klt-cert-manager/README.md) -renews it. -The Lifecycle Toolkit operator waits for a valid certificate to be ready. -The certificate is mounted on an empty dir volume in the operator. - -When a certificate is left over from an older version, the webhook or the operator may generate errors because of an -invalid certificate. To solve this, delete the certificate and restart the operator. diff --git a/docs/content/en/docs/install/cert-manager.md b/docs/content/en/docs/install/cert-manager.md index 581fe56136..17eb38c4d4 100644 --- a/docs/content/en/docs/install/cert-manager.md +++ b/docs/content/en/docs/install/cert-manager.md @@ -11,25 +11,31 @@ that is used to register Webhooks to the [KubeAPI](https://kubernetes.io/docs/re Bundling the cert-manager simplifies the installation for new users and provides the functionality KLT needs without the overhead of other cert-managers. +For a description of the architecture, see +[Keptn Certificate Manager](../concepts/architecture/cert-manager). -However, KLT works well with standard cert-managers. -You can redefine the cert-manager that KLT uses *before* you install KLT. +KLT, however, works well with standard cert-managers. +If you are already using a different cert-manager, +you can configure KLT to instead use that cert-manager, +but you must do this *before* you install KLT. The steps are: -* Install the cert-manager of your choice. -* Modify the `Deployment` manifest of each KLT component. +* Install the cert-manager of your choice + if it is not already installed. +* Modify the `Deployment` manifest of each KLT operator component. * Add the `Certificate` CRD for the cert-manager you are using. ## Modify the KLT manifest -You must modify the KLT manifest for each KLT component +You must modify the KLT manifest for each KLT operator component to make it aware of the cert-manager you are using. -The instructions here are for implementing +These instructions implement [cert-manager.io](https://cert-manager.io/); the process is similar for other cert-managers. -To do this, change the `Deployment` manifest of each KLT component +To configure KLT to use your cert-manager, +change the `Deployment` manifest of each KLT operator component and **replace** the following `volumes` definition ```yaml @@ -42,8 +48,8 @@ and **replace** the following `volumes` definition ```yaml - name: cert secret: - defaultMode: 420 - secretName: webhook-server-cert + defaultMode: 420 + secretName: webhook-server-cert ``` Each manifest must have the following special annotation: @@ -57,6 +63,8 @@ The value of the annotation must match the ## Add the CRD for your cert-manager +This is the CRD for `cert-manager.io`: + ```yaml apiVersion: cert-manager.io/v1 kind: Certificate @@ -70,7 +78,7 @@ spec: issuerRef: kind: Issuer name: klt-selfsigned-issuer - secretName webhook-server-cert // this has to match the name of the "secretName" field in the volume definition + secretName webhook-server-cert ``` Note the following about these fields: @@ -78,10 +86,10 @@ Note the following about these fields: * The `apiVersion` field refers to the API for the cert-manager. * The `metadata` section includes two fields. The value of these fields must match the annotations - used in the manifests. + used in the KLT operator manifests. * The value of the `secretName` field must match the value of the `secretName` field used - in the `volumes` definition section of the KLT manifests above. + in the `volumes` definition section of the KLT operator manifests above. See the [CA Injector](https://cert-manager.io/docs/concepts/ca-injector/) documentation for more details. From 2cd118ee47a3e878de56e73754367cb24c5ac0b0 Mon Sep 17 00:00:00 2001 From: Meg McRoberts Date: Thu, 13 Apr 2023 02:07:07 -0700 Subject: [PATCH 12/23] markdownlint-fix Signed-off-by: Meg McRoberts --- docs/content/en/docs/concepts/architecture/cert-manager.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/content/en/docs/concepts/architecture/cert-manager.md b/docs/content/en/docs/concepts/architecture/cert-manager.md index 717013d010..976b0f4148 100644 --- a/docs/content/en/docs/concepts/architecture/cert-manager.md +++ b/docs/content/en/docs/concepts/architecture/cert-manager.md @@ -40,4 +40,3 @@ However, KLT is compatible with most certificate managers and can be configured to use another certificate manager if you prefer. See [Use your own cert-manager](../../install/cert-manager) for instructions. - From 60ba57c59e1ae1d31da8ec2433cc86d85cb66363 Mon Sep 17 00:00:00 2001 From: Meg McRoberts Date: Mon, 17 Apr 2023 02:41:16 -0700 Subject: [PATCH 13/23] how to delete klt cert-manager Signed-off-by: Meg McRoberts --- .../concepts/architecture/cert-manager.md | 34 +++++++++++++++---- docs/content/en/docs/install/cert-manager.md | 10 ++++-- 2 files changed, 35 insertions(+), 9 deletions(-) diff --git a/docs/content/en/docs/concepts/architecture/cert-manager.md b/docs/content/en/docs/concepts/architecture/cert-manager.md index 976b0f4148..95eda8bf7e 100644 --- a/docs/content/en/docs/concepts/architecture/cert-manager.md +++ b/docs/content/en/docs/concepts/architecture/cert-manager.md @@ -4,7 +4,7 @@ description: Learn how the cert-manager works icon: concepts layout: quickstart weight: 100 -hidechildren: true # this flag hides all sub-pages in the sidebar-multicard.html +hidechildren: false # this flag hides all sub-pages in the sidebar-multicard.html --- ### Keptn Cert Manager @@ -27,11 +27,6 @@ renews it. * When the certificate is ready, it is mounted on an empty dir volume in the operator. -When a certificate is left over from an older version, -the webhook or the operator may generate errors -because of an invalid certificate. -To solve this, delete the certificate and restart the operator. - `klt-cert-manager` is a customized certificate manager that is installed with the Lifecycle Toolkit by default. It is included to simplify installation for new users @@ -40,3 +35,30 @@ However, KLT is compatible with most certificate managers and can be configured to use another certificate manager if you prefer. See [Use your own cert-manager](../../install/cert-manager) for instructions. + +## Invalid certificate errors + +When a certificate is left over from an older version, +the webhook or the operator may generate errors +because of an invalid certificate. +To solve this, delete the certificate and restart the operator. + +The KLT cert-manager certificate is stored as a secret in the `klt` namespace. +To retrieve it: + +```shell +kubectl get secrets -n keptn-lifecycle-toolkit-system +``` + +This returns something like: +```shell +NAME TYPE DATA AGE +klt-certs Opaque 5 4d23h +``` + +Specify the `NAME` of the KLT certificate (`klt-certs` in this case) +to delete the KLT certificate: + +```shell +kubectl delete secret klt-certs -n keptn-lifecycle-toolkit-system +``` diff --git a/docs/content/en/docs/install/cert-manager.md b/docs/content/en/docs/install/cert-manager.md index 17eb38c4d4..f78913c415 100644 --- a/docs/content/en/docs/install/cert-manager.md +++ b/docs/content/en/docs/install/cert-manager.md @@ -12,13 +12,17 @@ Bundling the cert-manager simplifies the installation for new users and provides the functionality KLT needs without the overhead of other cert-managers. For a description of the architecture, see -[Keptn Certificate Manager](../concepts/architecture/cert-manager). +[Keptn Certificate Manager](../concepts/architecture/cert-manager.md). KLT, however, works well with standard cert-managers. +The KLT cert-manager can also coexist with another cert-manager. If you are already using a different cert-manager, -you can configure KLT to instead use that cert-manager, -but you must do this *before* you install KLT. +you can continue to use that cert-manager for other components +and use the KLT cert-manager just for KLT activities +or you can configure KLT to use that cert-manager. +If you want KLT to use your cert-manager, +you must configure it *before* you install KLT. The steps are: * Install the cert-manager of your choice From 199d5b38d9c370d5894667fcca78be5f64735f96 Mon Sep 17 00:00:00 2001 From: Meg McRoberts Date: Mon, 17 Apr 2023 02:50:43 -0700 Subject: [PATCH 14/23] delete concepts/overview again Signed-off-by: Meg McRoberts --- .../concepts/architecture/cert-manager.md | 64 ++++++++++++ .../overview/klc-cert-manager/_index.md | 25 ----- docs/content/en/docs/crd-ref/_index.md | 2 - docs/content/en/docs/install/_index.md | 3 + docs/content/en/docs/install/cert-manager.md | 99 +++++++++++++++++++ docs/content/en/docs/install/reqs.md | 9 ++ 6 files changed, 175 insertions(+), 27 deletions(-) create mode 100644 docs/content/en/docs/concepts/architecture/cert-manager.md delete mode 100644 docs/content/en/docs/concepts/overview/klc-cert-manager/_index.md create mode 100644 docs/content/en/docs/install/cert-manager.md diff --git a/docs/content/en/docs/concepts/architecture/cert-manager.md b/docs/content/en/docs/concepts/architecture/cert-manager.md new file mode 100644 index 0000000000..95eda8bf7e --- /dev/null +++ b/docs/content/en/docs/concepts/architecture/cert-manager.md @@ -0,0 +1,64 @@ +--- +title: Keptn Certificate Manager +description: Learn how the cert-manager works +icon: concepts +layout: quickstart +weight: 100 +hidechildren: false # this flag hides all sub-pages in the sidebar-multicard.html +--- + +### Keptn Cert Manager + +The Lifecycle Toolkit includes a Mutating Webhook +that requires TLS certificates to be mounted as a volume in its pod. +In version 0.6.0 and later, the certificate creation +is handled automatically by +the [klt-cert-manager](https://github.com/keptn/lifecycle-toolkit/blob/main/klt-cert-manager/README.md). + +How it works: + +* The certificate is created as a secret +in the `keptn-lifecycle-toolkit-system` namespace +with a renewal threshold of 12 hours. +* If the certificate expires, +the [klt-cert-manager](https://github.com/keptn/lifecycle-toolkit/blob/main/klt-cert-manager/README.md) +renews it. +* The Lifecycle Toolkit operator waits for a valid certificate to be ready. +* When the certificate is ready, + it is mounted on an empty dir volume in the operator. + +`klt-cert-manager` is a customized certificate manager +that is installed with the Lifecycle Toolkit by default. +It is included to simplify installation for new users +and because it is much smaller than most standard certificate managers. +However, KLT is compatible with most certificate managers +and can be configured to use another certificate manager if you prefer. +See [Use your own cert-manager](../../install/cert-manager) +for instructions. + +## Invalid certificate errors + +When a certificate is left over from an older version, +the webhook or the operator may generate errors +because of an invalid certificate. +To solve this, delete the certificate and restart the operator. + +The KLT cert-manager certificate is stored as a secret in the `klt` namespace. +To retrieve it: + +```shell +kubectl get secrets -n keptn-lifecycle-toolkit-system +``` + +This returns something like: +```shell +NAME TYPE DATA AGE +klt-certs Opaque 5 4d23h +``` + +Specify the `NAME` of the KLT certificate (`klt-certs` in this case) +to delete the KLT certificate: + +```shell +kubectl delete secret klt-certs -n keptn-lifecycle-toolkit-system +``` diff --git a/docs/content/en/docs/concepts/overview/klc-cert-manager/_index.md b/docs/content/en/docs/concepts/overview/klc-cert-manager/_index.md deleted file mode 100644 index b935a31f16..0000000000 --- a/docs/content/en/docs/concepts/overview/klc-cert-manager/_index.md +++ /dev/null @@ -1,25 +0,0 @@ ---- -title: Keptn Certificate Manager -icon: concepts -layout: quickstart -weight: 5 -hidechildren: true # this flag hides all sub-pages in the sidebar-multicard.html ---- - -### Keptn Cert Manager - -The Lifecycle Toolkit includes a Mutating Webhook which requires TLS certificates to be mounted as a volume in its pod. -In version 0.6.0 and later, the certificate creation -is handled automatically by -the [klt-cert-manager](https://github.com/keptn/lifecycle-toolkit/blob/main/klt-cert-manager/README.md). - -The certificate is created as a secret in the `keptn-lifecycle-toolkit-system` namespace with a renewal threshold of 12 -hours. -If it expires, the [klt-cert-manager](https://github.com/keptn/lifecycle-toolkit/blob/main/klt-cert-manager/README.md) -renews it. -The Lifecycle Toolkit operator waits for a valid certificate to be ready. -The certificate is mounted on an empty dir volume in the operator. - -When a certificate is left over from an older version, the webhook or the operator may generate errors because of an -invalid certificate. -To solve this, delete the certificate and restart the operator. diff --git a/docs/content/en/docs/crd-ref/_index.md b/docs/content/en/docs/crd-ref/_index.md index 13ab97bf81..b96035fe53 100644 --- a/docs/content/en/docs/crd-ref/_index.md +++ b/docs/content/en/docs/crd-ref/_index.md @@ -30,5 +30,3 @@ For more information, see the Kubernetes documentation: * [API versioning](https://kubernetes.io/docs/reference/using-api/#api-versioning) * [Understanding Kubernetes Objects](https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/) - - diff --git a/docs/content/en/docs/install/_index.md b/docs/content/en/docs/install/_index.md index 786b2a2372..efd5c6c776 100644 --- a/docs/content/en/docs/install/_index.md +++ b/docs/content/en/docs/install/_index.md @@ -19,6 +19,9 @@ or as part of an existing production cluster. 1. Understand the [Software versions and resources](reqs.md) that are required 1. [Bring or create your Kubernetes cluster](k8s.md) +1. [Replace the default cert-manager](cert-manager.md) (optional). + This step is only required if you want to replace the default KLT cert-manager + with another cert-manager. 1. [Install the Keptn Lifecycle Controller](install.md) 1. [Integrate the Keptn Lifecycle Controller into your Kubernetes cluster](integrate.md) 1. [Upgrade](upgrade.md) to a new version of the Keptn Lifecycle Toolkit diff --git a/docs/content/en/docs/install/cert-manager.md b/docs/content/en/docs/install/cert-manager.md new file mode 100644 index 0000000000..f78913c415 --- /dev/null +++ b/docs/content/en/docs/install/cert-manager.md @@ -0,0 +1,99 @@ +--- +title: Use your own cert-manager (optional) +description: Replace the default KLT cert-manager +weight: 30 +hidechildren: false # this flag hides all sub-pages in the sidebar-multicard.html +--- + +The Keptn Lifecycle Toolkit includes +a light-weight, customized cert-manager +that is used to register Webhooks to the [KubeAPI](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/). +Bundling the cert-manager simplifies the installation for new users +and provides the functionality KLT needs +without the overhead of other cert-managers. +For a description of the architecture, see +[Keptn Certificate Manager](../concepts/architecture/cert-manager.md). + +KLT, however, works well with standard cert-managers. +The KLT cert-manager can also coexist with another cert-manager. +If you are already using a different cert-manager, +you can continue to use that cert-manager for other components +and use the KLT cert-manager just for KLT activities +or you can configure KLT to use that cert-manager. + +If you want KLT to use your cert-manager, +you must configure it *before* you install KLT. +The steps are: + +* Install the cert-manager of your choice + if it is not already installed. +* Modify the `Deployment` manifest of each KLT operator component. +* Add the `Certificate` CRD for the cert-manager you are using. + +## Modify the KLT manifest + +You must modify the KLT manifest for each KLT operator component +to make it aware of the cert-manager you are using. +These instructions implement +[cert-manager.io](https://cert-manager.io/); +the process is similar for other cert-managers. + +To configure KLT to use your cert-manager, +change the `Deployment` manifest of each KLT operator component +and **replace** the following `volumes` definition + + ```yaml + - emptyDir: {} + name: certs-dir + ``` + + with + + ```yaml + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert + ``` + +Each manifest must have the following special annotation: + +```yaml +cert-manager.io/inject-ca-from=klt-serving-cert/keptn-lifecycle-toolkit-system +``` + +The value of the annotation must match the +`name/namespace` of the cert-manager CRD discussed below. + +## Add the CRD for your cert-manager + +This is the CRD for `cert-manager.io`: + +```yaml +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: klt-serving-cert + namespace: keptn-lifecycle-toolkit-system +spec: + dnsNames: + - lifecycle-webhook-service.keptn-lifecycle-toolkit-system.svc + - lifecycle-webhook-service.keptn-lifecycle-toolkit-system.svc.cluster.local + issuerRef: + kind: Issuer + name: klt-selfsigned-issuer + secretName webhook-server-cert +``` + +Note the following about these fields: + +* The `apiVersion` field refers to the API for the cert-manager. +* The `metadata` section includes two fields. + The value of these fields must match the annotations + used in the KLT operator manifests. +* The value of the `secretName` field + must match the value of the `secretName` field used + in the `volumes` definition section of the KLT operator manifests above. + +See the [CA Injector](https://cert-manager.io/docs/concepts/ca-injector/) +documentation for more details. diff --git a/docs/content/en/docs/install/reqs.md b/docs/content/en/docs/install/reqs.md index eb20b5793f..e9ec16d46b 100644 --- a/docs/content/en/docs/install/reqs.md +++ b/docs/content/en/docs/install/reqs.md @@ -12,3 +12,12 @@ hidechildren: false # this flag hides all sub-pages in the sidebar-multicard.htm The Keptn Lifecycle Controller requires Kubernetes v1.24.0 or later. ## Resource requirements + +## cert-manager + +KLT includes a lightweight cert-manager +that is used for installation and Webhooks. +You can configure a different cert-manager +before you install KLT. +See [Implement your own cert-manager](cert-manager.md) +for instructions. From 96cca0c1204a6bfdb0e6110cce933bd9796a82b9 Mon Sep 17 00:00:00 2001 From: Meg McRoberts Date: Mon, 17 Apr 2023 04:05:34 -0700 Subject: [PATCH 15/23] rebase issues Signed-off-by: Meg McRoberts --- docs/content/en/docs/install/_index.md | 2 +- docs/content/en/docs/install/cert-manager.md | 14 +++++++++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/docs/content/en/docs/install/_index.md b/docs/content/en/docs/install/_index.md index efd5c6c776..2c71a4fced 100644 --- a/docs/content/en/docs/install/_index.md +++ b/docs/content/en/docs/install/_index.md @@ -19,7 +19,7 @@ or as part of an existing production cluster. 1. Understand the [Software versions and resources](reqs.md) that are required 1. [Bring or create your Kubernetes cluster](k8s.md) -1. [Replace the default cert-manager](cert-manager.md) (optional). +1. [Replace the default cert-manager](cert-manager.md) (optional) This step is only required if you want to replace the default KLT cert-manager with another cert-manager. 1. [Install the Keptn Lifecycle Controller](install.md) diff --git a/docs/content/en/docs/install/cert-manager.md b/docs/content/en/docs/install/cert-manager.md index f78913c415..39c61b881e 100644 --- a/docs/content/en/docs/install/cert-manager.md +++ b/docs/content/en/docs/install/cert-manager.md @@ -28,7 +28,19 @@ The steps are: * Install the cert-manager of your choice if it is not already installed. * Modify the `Deployment` manifest of each KLT operator component. -* Add the `Certificate` CRD for the cert-manager you are using. +that is used for installation and to implement Webhooks. +Bundling the cert-manager simplifies the installation for new users +and provides the functionality KLT needs +without the overhead of other cert-managers. + +However, KLT works well with standard cert-managers. +You can redefine the cert-manager that KLT uses *before* you install KLT. + +The steps are: + +* Install the cert-manager of your choice +* Modify the `Deployment` manifest of each KLT component +* Add the `Certificate` CRD for the cert-manager you are using ## Modify the KLT manifest From f011c8ee5ea7ad3e154b2383c21682b06e540fd4 Mon Sep 17 00:00:00 2001 From: Meg McRoberts Date: Tue, 11 Apr 2023 17:55:55 -0700 Subject: [PATCH 16/23] fix merge conflicts Signed-off-by: Meg McRoberts --- docs/content/en/docs/install/cert-manager.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/content/en/docs/install/cert-manager.md b/docs/content/en/docs/install/cert-manager.md index 39c61b881e..a424c54e64 100644 --- a/docs/content/en/docs/install/cert-manager.md +++ b/docs/content/en/docs/install/cert-manager.md @@ -102,7 +102,11 @@ Note the following about these fields: * The `apiVersion` field refers to the API for the cert-manager. * The `metadata` section includes two fields. The value of these fields must match the annotations +<<<<<<< HEAD used in the KLT operator manifests. +======= + used in the manifests. +>>>>>>> bc83733 (annotations match above) * The value of the `secretName` field must match the value of the `secretName` field used in the `volumes` definition section of the KLT operator manifests above. From 61907c183e54c2a6c4ecc69fbb3f98f30742a732 Mon Sep 17 00:00:00 2001 From: Meg McRoberts Date: Wed, 12 Apr 2023 00:54:47 -0700 Subject: [PATCH 17/23] Update docs/content/en/docs/install/cert-manager.md Signed-off-by: Meg McRoberts meg.mcroberts@dynatrace.com Co-authored-by: Giovanni Liva Signed-off-by: Meg McRoberts --- docs/content/en/docs/install/cert-manager.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/content/en/docs/install/cert-manager.md b/docs/content/en/docs/install/cert-manager.md index a424c54e64..bca7eb46ff 100644 --- a/docs/content/en/docs/install/cert-manager.md +++ b/docs/content/en/docs/install/cert-manager.md @@ -8,6 +8,7 @@ hidechildren: false # this flag hides all sub-pages in the sidebar-multicard.htm The Keptn Lifecycle Toolkit includes a light-weight, customized cert-manager that is used to register Webhooks to the [KubeAPI](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/). +<<<<<<< HEAD Bundling the cert-manager simplifies the installation for new users and provides the functionality KLT needs without the overhead of other cert-managers. @@ -29,6 +30,8 @@ The steps are: if it is not already installed. * Modify the `Deployment` manifest of each KLT operator component. that is used for installation and to implement Webhooks. +======= +>>>>>>> 4102d7b (Update docs/content/en/docs/install/cert-manager.md ) Bundling the cert-manager simplifies the installation for new users and provides the functionality KLT needs without the overhead of other cert-managers. From 2e2c03f5d70d771201b3d5caf3b30f0dd2a0299f Mon Sep 17 00:00:00 2001 From: Meg McRoberts Date: Mon, 17 Apr 2023 04:10:31 -0700 Subject: [PATCH 18/23] Update docs/content/en/docs/install/cert-manager.md Signed-off-by: Meg McRoberts meg.mcroberts@dynatrace.com Co-authored-by: Giovanni Liva Signed-off-by: Meg McRoberts Signed-off-by: Meg McRoberts --- docs/content/en/docs/install/cert-manager.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/content/en/docs/install/cert-manager.md b/docs/content/en/docs/install/cert-manager.md index bca7eb46ff..c70424098e 100644 --- a/docs/content/en/docs/install/cert-manager.md +++ b/docs/content/en/docs/install/cert-manager.md @@ -97,7 +97,11 @@ spec: issuerRef: kind: Issuer name: klt-selfsigned-issuer +<<<<<<< HEAD secretName webhook-server-cert +======= + secretName webhook-server-cert // this has to match the name of the "secretName" field in the volume definition +>>>>>>> fdac309 (Update docs/content/en/docs/install/cert-manager.md ) ``` Note the following about these fields: From e614b76427a1bceb5436a1d859526cd70ed9a4b6 Mon Sep 17 00:00:00 2001 From: Meg McRoberts Date: Mon, 17 Apr 2023 04:11:39 -0700 Subject: [PATCH 19/23] rebase merge conflicts Signed-off-by: Meg McRoberts --- .../concepts/architecture/cert-manager.md | 15 +++++++++++++ docs/content/en/docs/install/cert-manager.md | 22 +++++++++++++++++-- 2 files changed, 35 insertions(+), 2 deletions(-) diff --git a/docs/content/en/docs/concepts/architecture/cert-manager.md b/docs/content/en/docs/concepts/architecture/cert-manager.md index 95eda8bf7e..1b0c734ef7 100644 --- a/docs/content/en/docs/concepts/architecture/cert-manager.md +++ b/docs/content/en/docs/concepts/architecture/cert-manager.md @@ -4,7 +4,11 @@ description: Learn how the cert-manager works icon: concepts layout: quickstart weight: 100 +<<<<<<< HEAD hidechildren: false # this flag hides all sub-pages in the sidebar-multicard.html +======= +hidechildren: true # this flag hides all sub-pages in the sidebar-multicard.html +>>>>>>> 35df1d8 (Add architectural description of cert-manager) --- ### Keptn Cert Manager @@ -27,6 +31,14 @@ renews it. * When the certificate is ready, it is mounted on an empty dir volume in the operator. +<<<<<<< HEAD +======= +When a certificate is left over from an older version, +the webhook or the operator may generate errors +because of an invalid certificate. +To solve this, delete the certificate and restart the operator. + +>>>>>>> 35df1d8 (Add architectural description of cert-manager) `klt-cert-manager` is a customized certificate manager that is installed with the Lifecycle Toolkit by default. It is included to simplify installation for new users @@ -36,6 +48,7 @@ and can be configured to use another certificate manager if you prefer. See [Use your own cert-manager](../../install/cert-manager) for instructions. +<<<<<<< HEAD ## Invalid certificate errors When a certificate is left over from an older version, @@ -62,3 +75,5 @@ to delete the KLT certificate: ```shell kubectl delete secret klt-certs -n keptn-lifecycle-toolkit-system ``` +======= +>>>>>>> 35df1d8 (Add architectural description of cert-manager) diff --git a/docs/content/en/docs/install/cert-manager.md b/docs/content/en/docs/install/cert-manager.md index c70424098e..30b3beebb4 100644 --- a/docs/content/en/docs/install/cert-manager.md +++ b/docs/content/en/docs/install/cert-manager.md @@ -35,15 +35,25 @@ that is used for installation and to implement Webhooks. Bundling the cert-manager simplifies the installation for new users and provides the functionality KLT needs without the overhead of other cert-managers. +For a description of the architecture, see +[Keptn Certificate Manager](../concepts/architecture/cert-manager). -However, KLT works well with standard cert-managers. -You can redefine the cert-manager that KLT uses *before* you install KLT. +KLT, however, works well with standard cert-managers. +If you are already using a different cert-manager, +you can configure KLT to instead use that cert-manager, +but you must do this *before* you install KLT. The steps are: * Install the cert-manager of your choice +<<<<<<< HEAD * Modify the `Deployment` manifest of each KLT component * Add the `Certificate` CRD for the cert-manager you are using +======= + if it is not already installed. +* Modify the `Deployment` manifest of each KLT operator component. +* Add the `Certificate` CRD for the cert-manager you are using. +>>>>>>> 35df1d8 (Add architectural description of cert-manager) ## Modify the KLT manifest @@ -97,11 +107,15 @@ spec: issuerRef: kind: Issuer name: klt-selfsigned-issuer +<<<<<<< HEAD <<<<<<< HEAD secretName webhook-server-cert ======= secretName webhook-server-cert // this has to match the name of the "secretName" field in the volume definition >>>>>>> fdac309 (Update docs/content/en/docs/install/cert-manager.md ) +======= + secretName webhook-server-cert +>>>>>>> 35df1d8 (Add architectural description of cert-manager) ``` Note the following about these fields: @@ -109,11 +123,15 @@ Note the following about these fields: * The `apiVersion` field refers to the API for the cert-manager. * The `metadata` section includes two fields. The value of these fields must match the annotations +<<<<<<< HEAD <<<<<<< HEAD used in the KLT operator manifests. ======= used in the manifests. >>>>>>> bc83733 (annotations match above) +======= + used in the KLT operator manifests. +>>>>>>> 35df1d8 (Add architectural description of cert-manager) * The value of the `secretName` field must match the value of the `secretName` field used in the `volumes` definition section of the KLT operator manifests above. From b9ee5e65b8110cfa4a9e2ea5455e4d40d463187b Mon Sep 17 00:00:00 2001 From: Meg McRoberts Date: Mon, 17 Apr 2023 04:12:37 -0700 Subject: [PATCH 20/23] rebase merge conflicts Signed-off-by: Meg McRoberts --- docs/content/en/docs/concepts/architecture/cert-manager.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/content/en/docs/concepts/architecture/cert-manager.md b/docs/content/en/docs/concepts/architecture/cert-manager.md index 1b0c734ef7..aeb192f8c3 100644 --- a/docs/content/en/docs/concepts/architecture/cert-manager.md +++ b/docs/content/en/docs/concepts/architecture/cert-manager.md @@ -47,6 +47,7 @@ However, KLT is compatible with most certificate managers and can be configured to use another certificate manager if you prefer. See [Use your own cert-manager](../../install/cert-manager) for instructions. +<<<<<<< HEAD <<<<<<< HEAD ## Invalid certificate errors @@ -77,3 +78,5 @@ kubectl delete secret klt-certs -n keptn-lifecycle-toolkit-system ``` ======= >>>>>>> 35df1d8 (Add architectural description of cert-manager) +======= +>>>>>>> 2cd118e (markdownlint-fix) From 94ffb44458116a70f85e63551c507d9eb5aa3dd3 Mon Sep 17 00:00:00 2001 From: Meg McRoberts Date: Mon, 17 Apr 2023 02:41:16 -0700 Subject: [PATCH 21/23] rebase merge conflicts Signed-off-by: Meg McRoberts --- .../en/docs/concepts/architecture/cert-manager.md | 14 ++++++++++++++ docs/content/en/docs/install/cert-manager.md | 10 +++++++--- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/docs/content/en/docs/concepts/architecture/cert-manager.md b/docs/content/en/docs/concepts/architecture/cert-manager.md index aeb192f8c3..d98027231e 100644 --- a/docs/content/en/docs/concepts/architecture/cert-manager.md +++ b/docs/content/en/docs/concepts/architecture/cert-manager.md @@ -5,10 +5,14 @@ icon: concepts layout: quickstart weight: 100 <<<<<<< HEAD +<<<<<<< HEAD hidechildren: false # this flag hides all sub-pages in the sidebar-multicard.html ======= hidechildren: true # this flag hides all sub-pages in the sidebar-multicard.html >>>>>>> 35df1d8 (Add architectural description of cert-manager) +======= +hidechildren: false # this flag hides all sub-pages in the sidebar-multicard.html +>>>>>>> 60ba57c (how to delete klt cert-manager) --- ### Keptn Cert Manager @@ -31,6 +35,7 @@ renews it. * When the certificate is ready, it is mounted on an empty dir volume in the operator. +<<<<<<< HEAD <<<<<<< HEAD ======= When a certificate is left over from an older version, @@ -39,6 +44,8 @@ because of an invalid certificate. To solve this, delete the certificate and restart the operator. >>>>>>> 35df1d8 (Add architectural description of cert-manager) +======= +>>>>>>> 60ba57c (how to delete klt cert-manager) `klt-cert-manager` is a customized certificate manager that is installed with the Lifecycle Toolkit by default. It is included to simplify installation for new users @@ -48,8 +55,12 @@ and can be configured to use another certificate manager if you prefer. See [Use your own cert-manager](../../install/cert-manager) for instructions. <<<<<<< HEAD +<<<<<<< HEAD <<<<<<< HEAD +======= + +>>>>>>> 60ba57c (how to delete klt cert-manager) ## Invalid certificate errors When a certificate is left over from an older version, @@ -76,7 +87,10 @@ to delete the KLT certificate: ```shell kubectl delete secret klt-certs -n keptn-lifecycle-toolkit-system ``` +<<<<<<< HEAD ======= >>>>>>> 35df1d8 (Add architectural description of cert-manager) ======= >>>>>>> 2cd118e (markdownlint-fix) +======= +>>>>>>> 60ba57c (how to delete klt cert-manager) diff --git a/docs/content/en/docs/install/cert-manager.md b/docs/content/en/docs/install/cert-manager.md index 30b3beebb4..bccb0c9817 100644 --- a/docs/content/en/docs/install/cert-manager.md +++ b/docs/content/en/docs/install/cert-manager.md @@ -36,13 +36,17 @@ Bundling the cert-manager simplifies the installation for new users and provides the functionality KLT needs without the overhead of other cert-managers. For a description of the architecture, see -[Keptn Certificate Manager](../concepts/architecture/cert-manager). +[Keptn Certificate Manager](../concepts/architecture/cert-manager.md). KLT, however, works well with standard cert-managers. +The KLT cert-manager can also coexist with another cert-manager. If you are already using a different cert-manager, -you can configure KLT to instead use that cert-manager, -but you must do this *before* you install KLT. +you can continue to use that cert-manager for other components +and use the KLT cert-manager just for KLT activities +or you can configure KLT to use that cert-manager. +If you want KLT to use your cert-manager, +you must configure it *before* you install KLT. The steps are: * Install the cert-manager of your choice From c365e6c7cce038052d002abc6fdfccfc9b8651e5 Mon Sep 17 00:00:00 2001 From: Meg McRoberts Date: Mon, 17 Apr 2023 04:48:02 -0700 Subject: [PATCH 22/23] markdownlint-fix Signed-off-by: Meg McRoberts --- docs/content/en/docs/concepts/architecture/cert-manager.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/content/en/docs/concepts/architecture/cert-manager.md b/docs/content/en/docs/concepts/architecture/cert-manager.md index 95eda8bf7e..947a8da24e 100644 --- a/docs/content/en/docs/concepts/architecture/cert-manager.md +++ b/docs/content/en/docs/concepts/architecture/cert-manager.md @@ -51,6 +51,7 @@ kubectl get secrets -n keptn-lifecycle-toolkit-system ``` This returns something like: + ```shell NAME TYPE DATA AGE klt-certs Opaque 5 4d23h From e38594ca8d541955e0b561112f63d97d68ab2f1d Mon Sep 17 00:00:00 2001 From: Meg McRoberts Date: Mon, 17 Apr 2023 04:53:38 -0700 Subject: [PATCH 23/23] xref error Signed-off-by: Meg McRoberts --- docs/content/en/docs/concepts/architecture/cert-manager.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/en/docs/concepts/architecture/cert-manager.md b/docs/content/en/docs/concepts/architecture/cert-manager.md index 947a8da24e..d49a1940dc 100644 --- a/docs/content/en/docs/concepts/architecture/cert-manager.md +++ b/docs/content/en/docs/concepts/architecture/cert-manager.md @@ -33,7 +33,7 @@ It is included to simplify installation for new users and because it is much smaller than most standard certificate managers. However, KLT is compatible with most certificate managers and can be configured to use another certificate manager if you prefer. -See [Use your own cert-manager](../../install/cert-manager) +See [Use your own cert-manager](../../install/cert-manager.md) for instructions. ## Invalid certificate errors