-
Notifications
You must be signed in to change notification settings - Fork 162
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(docs): setup Gridsome for the website
- Loading branch information
1 parent
14f9686
commit 0acc2d2
Showing
111 changed files
with
25,054 additions
and
149 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
*.log | ||
.cache | ||
.DS_Store | ||
src/.temp | ||
node_modules | ||
dist | ||
.env | ||
.env.* |
File renamed without changes
File renamed without changes
File renamed without changes
File renamed without changes
File renamed without changes
File renamed without changes
File renamed without changes
File renamed without changes
File renamed without changes
File renamed without changes
File renamed without changes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -19,7 +19,7 @@ A lightweight Kubernetes within your laptop can be very handy for Kubernetes-nat | |
|
||
#### By `k3d` | ||
|
||
```sh | ||
```shell | ||
# Install K3d cli by brew in Mac, or your preferred way | ||
$ brew install k3d | ||
|
||
|
@@ -46,7 +46,7 @@ CONTAINER ID IMAGE COMMAND CREATED | |
|
||
#### By `kind` | ||
|
||
```sh | ||
```shell | ||
# # Install kind cli by brew in Mac, or your preferred way | ||
$ brew install kind | ||
|
||
|
@@ -99,13 +99,13 @@ The `fork-clone-contribute-pr` flow is common for contributing to OSS projects l | |
Let's assume you've forked it into your GitHub namespace, say `myuser`, and then you can clone it with Git protocol. | ||
Do remember to change the `myuser` to yours. | ||
|
||
```sh | ||
```shell | ||
$ git clone [email protected]:myuser/capsule.git && cd capsule | ||
``` | ||
|
||
It's a good practice to add the upsteam as the remote too so we can easily fetch and merge the upstream to our fork: | ||
|
||
```sh | ||
```shell | ||
$ git remote add upstream https://github.com/clastix/capsule.git | ||
$ git remote -vv | ||
origin [email protected]:myuser/capsule.git (fetch) | ||
|
@@ -116,7 +116,7 @@ upstream https://github.com/clastix/capsule.git (push) | |
|
||
## Build & deploy Capsule | ||
|
||
```sh | ||
```shell | ||
# Download the project dependencies | ||
$ go mod download | ||
|
||
|
@@ -173,13 +173,13 @@ During development, we prefer that the code is running within our IDE locally, i | |
|
||
Such a setup can be illustrated as below diagram: | ||
|
||
![Development Env](assets/dev-env.png) | ||
![Development Env](./assets/dev-env.png) | ||
|
||
To achieve that, there are some necessary steps we need to walk through, which have been made as a `make` target within our `Makefile`. | ||
|
||
So the TL;DR answer is: | ||
|
||
```sh | ||
```shell | ||
# If you haven't installed or run `make deploy` before, do it first | ||
# Note: please retry if you saw errors | ||
$ make deploy | ||
|
@@ -196,7 +196,7 @@ This is a very common setup for typical Kubernetes Operator development so we'd | |
|
||
We need to scale the existing replicas of `capsule-controller-manager` to 0 to avoid reconciliation competition between the Pod(s) and the code running outside of the cluster, in our preferred IDE for example. | ||
|
||
```sh | ||
```shell | ||
$ kubectl -n capsule-system scale deployment capsule-controller-manager --replicas=0 | ||
deployment.apps/capsule-controller-manager scaled | ||
``` | ||
|
@@ -205,7 +205,7 @@ deployment.apps/capsule-controller-manager scaled | |
|
||
Running webhooks requires TLS, we can prepare the TLS key pair in our development env to handle HTTPS requests. | ||
|
||
```sh | ||
```shell | ||
# Prepare a simple OpenSSL config file | ||
# Do remember to export LAPTOP_HOST_IP before running this command | ||
$ cat > _tls.cnf <<EOF | ||
|
@@ -246,7 +246,7 @@ By default, the webhooks will be registered with the services, which will route | |
|
||
We need to _delegate_ the controllers' and webbooks' services to the code running in our IDE by patching the `MutatingWebhookConfiguration` and `ValidatingWebhookConfiguration`. | ||
|
||
```sh | ||
```shell | ||
# Export your laptop's IP with the 9443 port exposed by controllers/webhooks' services | ||
$ export WEBHOOK_URL="https://${LAPTOP_HOST_IP}:9443" | ||
|
||
|
@@ -284,14 +284,14 @@ $ kubectl get ValidatingWebhookConfiguration capsule-validating-webhook-configur | |
|
||
Now we can run Capsule controllers with webhooks outside of the Kubernetes cluster: | ||
|
||
```sh | ||
```shell | ||
$ export NAMESPACE=capsule-system && export TMPDIR=/tmp/ | ||
$ go run . | ||
``` | ||
|
||
To verify that, we can open a new console and create a new Tenant: | ||
|
||
```sh | ||
```shell | ||
$ kubectl apply -f - <<EOF | ||
apiVersion: capsule.clastix.io/v1beta1 | ||
kind: Tenant | ||
|
@@ -356,4 +356,4 @@ For example, if you're using [Visual Studio Code](https://code.visualstudio.com) | |
} | ||
``` | ||
|
||
Please refer to [contributing.md](contributing.md) for more details while contributing. | ||
Please refer to [contributing](/docs/contributing) for more details while contributing. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
# Meet the multi-tenancy benchmark MTB | ||
Actually, there's no yet a real standard for the multi-tenancy model in Kubernetes, although the [SIG multi-tenancy group](https://github.com/kubernetes-sigs/multi-tenancy) is working on that. SIG multi-tenancy drafted a generic validation schema appliable to generic multi-tenancy projects. Multi-Tenancy Benchmarks [MTB](https://github.com/kubernetes-sigs/multi-tenancy/tree/master/benchmarks) are guidelines for multi-tenant configuration of Kubernetes clusters. Capsule is an open source multi-tenancy operator and we decided to meet the requirements of MTB. | ||
|
||
> N.B. At the time of writing, the MTB is in development and not ready for usage. Strictly speaking, we do not claim official conformance to MTB, but just to adhere to the multi-tenancy requirements and best practices promoted by MTB. | ||
|
||
|MTB Benchmark |MTB Profile|Capsule Version|Conformance|Notes | | ||
|--------------|-----------|---------------|-----------|-------| | ||
|[Block access to cluster resources](/docs/operator/mtb/block-access-to-cluster-resources)|L1|v0.1.0|✓|---| | ||
|[Block access to multitenant resources](/docs/operator/mtb/block-access-to-multitenant-resources)|L1|v0.1.0|✓|---| | ||
|[Block access to other tenant resources](/docs/operator/mtb/block-access-to-other-tenant-resources)|L1|v0.1.0|✓|MTB draft| | ||
|[Block add capabilities](/docs/operator/mtb/block-add-capabilities)|L1|v0.1.0|✓|---| | ||
|[Require always imagePullPolicy](/docs/operator/mtb/require-always-imagepullpolicy)|L1|v0.1.0|✓|---| | ||
|[Require run as non-root user](/docs/operator/mtb/require-run-as-non-root-user)|L1|v0.1.0|✓|---| | ||
|[Block privileged containers](/docs/operator/mtb/block-privileged-containers)|L1|v0.1.0|✓|---| | ||
|[Block privilege escalation](/docs/operator/mtb/block-privilege-escalation)|L1|v0.1.0|✓|---| | ||
|[Configure namespace resource quotas](/docs/operator/mtb/configure-namespace-resource-quotas)|L1|v0.1.0|✓|---| | ||
|[Block modification of resource quotas](/docs/operator/mtb/block-modification-of-resource-quotas)|L1|v0.1.0|✓|---| | ||
|[Configure namespace object limits](/docs/operator/mtb/configure-namespace-object-limits)|L1|v0.1.0|✓|---| | ||
|[Block use of host path volumes](/docs/operator/mtb/block-use-of-host-path-volumes)|L1|v0.1.0|✓|---| | ||
|[Block use of host networking and ports](/docs/operator/mtb/block-use-of-host-networking-and-ports)|L1|v0.1.0|✓|---| | ||
|[Block use of host PID](/docs/operator/mtb/block-use-of-host-pid)|L1|v0.1.0|✓|---| | ||
|[Block use of host IPC](/docs/operator/mtb/block-use-of-host-ipc)|L1|v0.1.0|✓|---| | ||
|[Block use of NodePort services](/docs/operator/mtb/block-use-of-nodeport-services)|L1|v0.1.0|✓|---| | ||
|[Require PersistentVolumeClaim for storage](/docs/operator/mtb/require-persistentvolumeclaim-for-storage)|L1|v0.1.0|✓|MTB draft| | ||
|[Require PV reclaim policy of delete](/docs/operator/mtb/require-reclaim-policy-of-delete)|L1|v0.1.0|✓|MTB draft| | ||
|[Block use of existing PVs](/docs/operator/mtb/block-use-of-existing-persistent-volumes)|L1|v0.1.0|✓|MTB draft| | ||
|[Block network access across tenant namespaces](/docs/operator/mtb/block-network-access-across-tenant-namespaces)|L1|v0.1.0|✓|MTB draft| | ||
|[Allow self-service management of Network Policies](/docs/operator/mtb/allow-self-service-management-of-network-policies)|L2|v0.1.0|✓|---| | ||
|[Allow self-service management of Roles](/docs/operator/mtb/allow-self-service-management-of-roles)|L2|v0.1.0|✓|MTB draft| | ||
|[Allow self-service management of Role Bindings](/docs/operator/mtb/allow-self-service-management-of-rolebindings)|L2|v0.1.0|✓|MTB draft| |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
# Kubernetes Operator | ||
|
||
* [Getting Started](/docs/operator/getting-started) | ||
* [Use Cases](/docs/operator/use-cases/overview) | ||
* [SIG Multi-tenancy benchmark](/docs/operator/mtb/sig-multitenancy-bench) | ||
* [Run on Managed Kubernetes Services](/docs/operator/managed-kubernetes/overview) | ||
* [Monitoring Capsule](/docs/operator/monitoring) | ||
* [References](/docs/operator/references) | ||
* [Contributing](/docs/operator/contributing) | ||
|
12 changes: 6 additions & 6 deletions
12
docs/operator/references.md → docs/content/operator/references.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
.../use-cases/node-labels-and-annotations.md → .../use-cases/node-labels-and-annotations.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.