Merge remote-tracking branch 'upstream/main' into persona-paths

New frontmatter.

docs/howtos/airgap/02-install.md

@@ -144,7 +144,7 @@ Install `cert-manager`, if not already installed, in the air gap cluster:
 ```shell
 helm install --create-namespace cert-manager ./cert-manager-<Version>.tgz \
     -n kubewarden \
-    --set installCRDs=true \
+    --set crds.enabled=true \
     --set image.repository=<REGISTRY.YOURDOMAIN.COM:PORT>/jetstack/cert-manager-controller \
     --set webhook.image.repository=<REGISTRY.YOURDOMAIN.COM:PORT>/jetstack/cert-manager-webhook \
     --set cainjector.image.repository=<REGISTRY.YOURDOMAIN.COM:PORT>/jetstack/cert-manager-cainjector \

docs/howtos/production-deployments.md

@@ -0,0 +1,149 @@
+---
+sidebar_label: Production deployments
+title: Configuring Kubewarden stack for production
+description: Configuring Kubewarden stack for production
+keywords:
+  [
+    kubewarden,
+    kubernetes,
+    policyservers,
+    production,
+    poddisruptionbudget,
+    affinity,
+    limits,
+    tolerations,
+  ]
+doc-persona: [kubewarden-operator, kubewarden-integrator]
+doc-type: [howto]
+doc-topic:
+  [
+    operator-manual,
+    policy-servers,
+    production,
+    poddisruptionbudget,
+    affinity,
+    limits,
+    tolerations,
+  ]
+---
+
+# Configuring Tolerations and Affinity/Anti-Affinity for the Kubewarden stack
+
+Kubewarden provides features for reliability and correct
+scheduling of its components in a Kubernetes cluster. 
+
+Starting from version
+1.15 of the Kubewarden Helm charts, two new fields, `tolerations` and
+`affinity`, are introduced under the `global` value. These fields allow
+users to define Kubernetes tolerations and affinity/anti-affinity settings for
+the Kubewarden stack, including the controller deployment, audit scanner
+cronjob, and the PolicyServer custom resource.
+
+## Tolerations
+
+The `tolerations` field is an array where users can specify Kubernetes
+tolerations for the Kubewarden components. Tolerations allow pods to be
+scheduled on nodes with matching taints. This is useful for managing where pods
+can be scheduled, especially in scenarios involving node maintenance, dedicated
+workloads, or specific hardware requirements:
+
+```yaml
+global:
+  tolerations:
+    - key: "key1"
+      operator: "Equal"
+      value: "value1"
+      effect: "NoSchedule"
+    - key: "key2"
+      operator: "Equal"
+      value: "value2"
+      effect: "NoExecute"
+```
+
+In this example, the tolerations defined are applied to the controller
+deployment, audit scanner cronjob, and the PolicyServer custom resource.
+
+## Affinity/Anti-Affinity
+
+The `affinity` field allows users to define Kubernetes affinity and
+anti-affinity rules for the Kubewarden components. Affinity rules constrain
+pods to specific nodes, while anti-affinity rules prevent pods from being
+scheduled on certain nodes or in close proximity to other pods. These settings
+are useful for ensuring high availability, fault tolerance, and optimized
+resource usage in a cluster.
+
+```yaml
+global:
+  affinity:
+    podAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+      - labelSelector:
+          matchExpressions:
+          - key: security
+            operator: In
+            values:
+            - S1
+        topologyKey: topology.kubernetes.io/zone
+    podAntiAffinity:
+      preferredDuringSchedulingIgnoredDuringExecution:
+      - weight: 100
+        podAffinityTerm:
+          labelSelector:
+            matchExpressions:
+            - key: security
+              operator: In
+              values:
+              - S2
+          topologyKey: topology.kubernetes.io/zone
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: kubernetes.io/os
+            operator: In
+            values:
+            - linux
+      preferredDuringSchedulingIgnoredDuringExecution:
+      - weight: 1
+        preference:
+          matchExpressions:
+          - key: label-1
+            operator: In
+            values:
+            - key-1
+      - weight: 50
+        preference:
+          matchExpressions:
+          - key: label-2
+            operator: In
+            values:
+            - key-2
+```
+
+In this example, the affinity rules will be applied to the controller
+deployment, audit scanner cronjob, and the PolicyServer custom resource.
+
+The previous affinity configuration available in the `kubewarden-default` Helm
+chart, which was used to define the affinity configuration for the PolicyServer
+only, has been removed in favor of the global `affinity` field. This change
+simplifies the configuration process by providing a single approach to
+defining affinity and anti-affinity rules for all Kubewarden components.
+
+:::warning The old `affinity` configuration in the `kubewarden-default` Helm
+chart has been removed. Users should now use the
+`global.affinity` field to configure affinity and anti-affinity settings for
+the entire Kubewarden stack. 
+:::
+
+By using the `tolerations` and `affinity` fields, operators can fine-tune
+the scheduling and reliability of the Kubewarden stack to meet their specific
+deployment needs and constraints. For more details on the exact fields and
+their configurations, refer to the [Kubernetes documentation on Taints and
+Tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
+and [Affinity and
+Anti-Affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity).
+
+For more information about production configuration for PolicyServers, refer to
+the [policy server documentaiton](/docs/howtos/policy-servers/03-production-deployments.md) guide.
+
+

docs/howtos/telemetry/10-opentelemetry-qs.md

@@ -103,7 +103,7 @@ with Cert Manager, [see the compat chart](https://github.com/open-telemetry/open
 We will install the latest cert-manager Helm chart:
 
 :::note
-At time of writing the latest cert-manager chart version is `v1.13.1`
+At time of writing the latest cert-manager chart version is `v1.15.1`
 :::
 
 ```console
@@ -112,8 +112,8 @@ helm repo add jetstack https://charts.jetstack.io
 helm install --wait \
     --namespace cert-manager \
     --create-namespace \
-    --set installCRDs=true \
-    --version 1.13.1 \
+    --set crds.enabled=true \
+    --version 1.15.1 \
     cert-manager jetstack/cert-manager
 ```
 

docs/quick-start.md

@@ -19,6 +19,7 @@ doc-topic: [quick-start]
 
 <head>
   <link rel="canonical" href="https://docs.kubewarden.io/quick-start"/>
+  <script async src="https://artifacthub.io/artifacthub-widget.js"></script>
 </head>
 
 The Kubewarden stack comprises:
@@ -52,7 +53,7 @@ You can install the latest version of `cert-manager` through Helm by running the
 helm repo add jetstack https://charts.jetstack.io
 
 helm install --wait --namespace cert-manager --create-namespace \
-	--set installCRDs=true cert-manager jetstack/cert-manager
+	--set crds.enabled=true cert-manager jetstack/cert-manager
 ```
 
 :::
@@ -408,4 +409,16 @@ kubectl delete -l "kubewarden" mutatingwebhookconfigurations.admissionregistrati
 
 ## What's next?
 
-Now, you are ready to deploy Kubewarden! Have a look at the policies on [artifacthub.io](https://artifacthub.io/packages/search?kind=13), on [GitHub](https://github.com/topics/kubewarden-policy), or reuse existing Rego policies as shown in the [following chapters](tutorials/writing-policies/rego/01-intro-rego.md).
+Now, you are ready to deploy Kubewarden! Have a look at the policies on
+[artifacthub.io](https://artifacthub.io/packages/search?kind=13), on
+[GitHub](https://github.com/topics/kubewarden-policy), or reuse existing Rego
+policies as shown in the [following
+chapters](tutorials/writing-policies/rego/01-intro-rego.md).
+
+<details>
+<summary>Full list of available policies on ArtifactHub</summary>
+
+<div class="artifacthub-widget-group" data-url="https://artifacthub.io/packages/search?kind=13&sort=relevance&page=1" data-theme="light" data-header="false" data-stars="false" data-color="#fe7c3f" data-responsive="true"  data-loading="true"></div>
+
+</details>
+

docs/reference/CRDs.md

@@ -4,7 +4,7 @@ sidebar_position: 5
 title: Custom Resource Definitions (CRD)
 description: Kubewarden's Custom Resource Definitions (CRD)
 keywords: [kubewarden, kubernetes, custom resource definitions, crd]
-doc-persona: [kubewarden-developer]
+doc-persona: [kubewarden-policy-developer]
 doc-type: [reference]
 doc-topic: [operator-manual, crd]
 ---

docs/tutorials/testing-policies/03-cluster-operators.md

@@ -3,7 +3,7 @@ sidebar_label: Cluster operators
 title: Testing for cluster operators
 description: An introduction to testing Kubewarden policies for cluster operators.
 keywords: [kubewarden, kubernetes, cluster operators, testing]
-doc-persona: [kubewarden-developer]
+doc-persona: [kubewarden-policy-developer]
 doc-type: [tutorial]
 doc-topic: [testing-policies, cluster-operators]
 ---

docs/tutorials/writing-policies/CEL/01-intro-cel.md

@@ -5,7 +5,7 @@ description: An introduction to writing Kubewarden policies with CEL.
 keywords: [kubewarden, kubernetes, writing policies, introduction]
 doc-type: [tutorial]
 doc-topic: [kubewarden, writing-policies, cel, introduction]
-doc-persona: [kubewarden-developer, kubwarden-operator]
+doc-persona: [kubewarden-policy-developer, kubewarden-operator]
 ---
 
 <head>

docs/tutorials/writing-policies/CEL/02-reusing-vap.md

@@ -5,7 +5,7 @@ description: "Example: Reusing ValidatingAdmissionPolicies"
 keywords: [kubewarden, kubernetes, writing policies, ValidatingAdmissionPolicies]
 doc-type: [tutorial]
 doc-topic: [kubewarden, writing-policies, cel, ValidatingAdmissionPolicies]
-doc-persona: [kubewarden-developer, kubwarden-operator]
+doc-persona: [kubewarden-policy-developer, kubewarden-operator]
 ---
 
 <head>

docs/tutorials/writing-policies/CEL/03-context-aware.md

@@ -15,7 +15,7 @@ keywords:
 doc-type: [tutorial]
 doc-topic:
   [kubewarden, writing-policies, cel, context-aware, context, awaree, ingress]
-doc-persona: [kubewarden-developer, kubwarden-operator]
+doc-persona: [kubewarden-policy-developer, kubewarden-operator]
 ---
 
 <head>

docs/tutorials/writing-policies/CEL/04-example-sigstore.md

@@ -7,7 +7,7 @@ keywords:
 doc-type: [tutorial]
 doc-topic:
   [kubewarden, writing-policies, cel, sigstore, signature, verification]
-doc-persona: [kubewarden-developer, kubwarden-operator]
+doc-persona: [kubewarden-policy-developer, kubewarden-operator]
 ---
 
 <head>

docs/tutorials/writing-policies/go/01-intro-go.md

@@ -6,7 +6,7 @@ description: A tutorial introduction to writing policies in Go.
 keywords: [kubewarden, kubernetes, writing policies in Go]
 doc-type: [tutorial]
 doc-topic: [kubewarden, writing-policies, go, introduction]
-doc-persona: [kubewarden-developer]
+doc-persona: [kubewarden-policy-developer]
 ---
 
 <head>

docs/tutorials/writing-policies/go/02-scaffold.md

@@ -6,7 +6,7 @@ description: Creating a new validation policy for Kubewarden using Go.
 keywords: [kubewarden, kubernetes, writing policies in Go, new validation policy]
 doc-type: [tutorial]
 doc-topic: [kubewarden, writing-policies, go, creating a new validation policy]
-doc-persona: [kubewarden-developer]
+doc-persona: [kubewarden-policy-developer]
 ---
 
 <head>

docs/tutorials/writing-policies/go/03-policy-settings.md

@@ -6,7 +6,7 @@ description: Defining policy setting for a Kubewarden policy written in Go.
 keywords: [kubewarden, kubernetes, defining policy settings, Go]
 doc-type: [tutorial]
 doc-topic: [kubewarden, writing-policies, go, defining-policy-settings]
-doc-persona: [kubewarden-developer]
+doc-persona: [kubewarden-policy-developer]
 ---
 
 <head>

docs/tutorials/writing-policies/go/04-validation.md

@@ -6,7 +6,7 @@ description: A tutorial on writing validation logic for a Kubewarden policy usin
 keywords: [kubewarden, kubernetes, writing policies, golang, go]
 doc-type: [tutorial]
 doc-topic: [kubewarden, writing-policies, golang, validation-logic]
-doc-persona: [kubewarden-developer]
+doc-persona: [kubewarden-policy-developer]
 ---
 
 <head>

docs/tutorials/writing-policies/go/05-e2e-tests.md

@@ -6,7 +6,7 @@ description: A tutorial introduction to end-to-end testing for writing Kubewarde
 keywords: [kubewarden, kubernetes, writing policies, end-to-end testing, golang, go]
 doc-type: [tutorial]
 doc-topic: [kubewarden, writing-policies, golang, end-to-end-testing]
-doc-persona: [kubewarden-developer]
+doc-persona: [kubewarden-policy-developer]
 ---
 
 <head>

docs/tutorials/writing-policies/go/06-logging.md

@@ -6,7 +6,7 @@ description: A tutorial introduction to logging when using Go to write a Kubewar
 keywords: [kubewarden, kubernetes, writing policies, golang, go, logging]
 doc-type: [tutorial]
 doc-topic: [kubewarden, writing-policies, golang, logging]
-doc-persona: [kubewarden-developer]
+doc-persona: [kubewarden-policy-developer]
 ---
 
 <head>

docs/tutorials/writing-policies/go/07-automate.md

@@ -6,7 +6,7 @@ description: Integrating with GitHub actions when developing policies for Kubewa
 keywords: [kubewarden, kubernetes, github, integration]
 doc-type: [tutorial]
 doc-topic: [kubewarden, writing-policies, golang, github-action-integration]
-doc-persona: [kubewarden-developer]
+doc-persona: [kubewarden-policy-developer]
 ---
 
 <head>

docs/tutorials/writing-policies/go/08-distribute.md

@@ -6,7 +6,7 @@ description: Distributing Kubewarden policies developed with Go.
 keywords: [kubewarden, kubernetes, distributing kubewarden policies]
 doc-type: [tutorial]
 doc-topic: [kubewarden, writing-policies, go, distributing-policies]
-doc-persona: [kubewarden-developer, kubewarden-operator]
+doc-persona: [kubewarden-policy-developer, kubewarden-operator]
 ---
 
 <head>

docs/tutorials/writing-policies/go/09-validation-with-queries.md

@@ -6,7 +6,7 @@ description: Validation using JSON queries with Kubewarden policies in Go.
 keywords: [kubewarden, kubernetes, validation using JSON queries]
 doc-type: [tutorial]
 doc-topic: [kubewarden, writing-policies, golang, validation-using-json]
-doc-persona: [kubewarden-developer]
+doc-persona: [kubewarden-policy-developer]
 ---
 
 <head>

docs/tutorials/writing-policies/go/10-raw-policies.md

@@ -6,7 +6,7 @@ description: Writing raw Kubewarden policies using Go.
 keywords: [kubewarden, kubernetes, writing policies, raw, go]
 doc-type: [tutorial]
 doc-topic: [kubewarden, writing-policies, golang, raw-policies]
-doc-persona: [kubewarden-developer]
+doc-persona: [kubewarden-policy-developer]
 ---
 
 <head>

docs/tutorials/writing-policies/metadata.md

@@ -6,7 +6,7 @@ description: Using policy metadata when developing a Kubewarden policy.
 keywords: [kubewarden, kubernetes policy development, policy metadata]
 doc-type: [tutorial]
 doc-topic: [kubewarden, writing-polices, policy-metadata]
-doc-persona: [kubewarden-developer]
+doc-persona: [kubewarden-policy-developer]
 ---
 
 <head>

docs/tutorials/writing-policies/rust/01-intro-rust.md

@@ -5,7 +5,7 @@ description: An introduction to writing Kubewarden policies with Rust.
 keywords: [kubewarden, kubernetes, writing policies, introduction]
 doc-type: [tutorial]
 doc-topic: [kubewarden, writing-policies, rust, introduction]
-doc-persona: [kubewarden-developer]
+doc-persona: [kubewarden-policy-developer]
 ---
 
 <head>

docs/tutorials/writing-policies/rust/02-create-policy.md

@@ -5,7 +5,7 @@ description: Creating a Kubewarden policy using Rust.
 keywords: [kubewarden, kubernetes, policy creation]
 doc-type: [tutorial]
 doc-topic: [kubewarden, writing-policies, rust, creating-policies]
-doc-persona: [kubewarden-developer]
+doc-persona: [kubewarden-policy-developer]
 ---
 
 <head>

docs/tutorials/writing-policies/rust/03-define-policy-settings.md

@@ -5,7 +5,7 @@ description: Defining policy settings for a Kubewarden policy developed using Ru
 keywords: [kubewarden, kubernetes, writing policies, policy settings, rust]
 doc-type: [tutorial]
 doc-topic: [kubewarden, writing-policies, rust, policy-settings]
-doc-persona: [kubewarden-developer]
+doc-persona: [kubewarden-policy-developer]
 ---
 
 <head>