Commit Graph

111 Commits

Author SHA1 Message Date
Ryan Richard
3592f80457 Merge branch 'main' into disable_http 2022-03-28 17:03:59 -07:00
Ryan Richard
488f08dd6e Provide a way to override the new HTTP loopback-only validation
Add new deprecated_insecure_accept_external_unencrypted_http_requests
value in values.yaml. Allow it to be a boolean or a string to make it
easier to use (both --data-value and --data-value-yaml will work).

Also:
- Consider "ip6-localhost" and "ip6-loopback" to be loopback addresses
  for the validation
- Remove unused env.SupervisorHTTPAddress var
- Deprecate the `service_http_*` values in values.yaml by renaming them
  and causing a ytt render error when the old names are used
2022-03-28 17:03:23 -07:00
Monis Khan
57fb085bef
Add Workspace ONE Access docs
Signed-off-by: Monis Khan <mok@vmware.com>
2022-03-24 20:17:54 -04:00
Ryan Richard
8d12c1b674 HTTP listener: default disabled and may only bind to loopback interfaces 2022-03-24 15:46:10 -07:00
Margo Crawford
b8bdfa1b9a Update docs to reference the latest k8s codegen version
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-03-03 10:36:42 -08:00
Mo Khan
be2aee957c
Bump API docs to 1.23
Seems like this should be automated.
2022-03-02 09:04:41 -05:00
Mo Khan
c4ae5cfebb
Merge pull request #1003 from enj/enj/d/dex_password
Update dex docs regarding password grant
2022-02-15 15:45:54 -05:00
Ryan Richard
f728ea743f Add --ignore-not-found to delete Supervisor app command 2022-02-15 09:04:47 -08:00
Ryan Richard
230e563ab7 Another draft of the new tutorial guide 2022-02-14 17:23:57 -08:00
Monis Khan
a21a5bca1e
Update dex docs regarding password grant
Signed-off-by: Monis Khan <mok@vmware.com>
2022-02-13 12:48:20 -05:00
Ryan Richard
05ec8cba8c Add a new subheading to the tutorial doc 2022-02-11 17:16:40 -08:00
Ryan Richard
e57a1a7891 Overwrite the old Supervisor+Concierge tutorial with the new one
And make it easier for web site readers to find by adding prominent
links to it from several places.
2022-02-11 17:03:13 -08:00
Ryan Richard
c56ef5c40c First draft of a Supervisor on GKE + Concierge on GKE tutorial
Including ingress, DNS, cert-manager + letsencrypt for TLS certs,
Okta, multiple workload clusters, etc.
2022-02-09 17:13:40 -08:00
anjalitelang
6590230bcd
Merge pull request #954 from anjaltelang/main
Blog for v0.13.0
2022-01-21 15:17:18 -08:00
Pinny
4f06cd3c2e Update CLI docs for v0.13.0 release 2022-01-21 23:12:12 +00:00
Margo Crawford
dea9bf9b90
Merge pull request #970 from vmware-tanzu/kubectl-apply-resources
When instructing users how to install the concierge with kubectl apply,
2022-01-21 13:36:52 -08:00
Margo Crawford
726e88ea03 When instructing users how to install the concierge with kubectl apply,
reccommend using install-pinniped-concierge-crds.yaml, then
install-pinniped-concierge-resources.yaml.

Previously we recommended install-pinniped-concierge-crds (a subset),
then install-pinniped-concierge (everything concierge related, including
the crds). This works fine for install, but not uninstall. Instead we
should use a separate yaml file that contains everything in
install-pinniped-concierge but *not* in install-pinniped-concierge-crds.

We have been generating this file in CI since a5ced4286b6febc7474b7adee34eeb1b62ec82b7
but we haven't released since then so we haven't been able to recommend
its use.
2022-01-21 10:26:45 -08:00
Margo Crawford
62a8967db1 Request offline_access in the concierge with supervisor demo
It's a generic config and not OIDC provider specific
but since most providers require it it seems like the
best default.
2022-01-21 09:58:04 -08:00
Monis Khan
1e1789f6d1
Allow configuration of supervisor endpoints
This change allows configuration of the http and https listeners
used by the supervisor.

TCP (IPv4 and IPv6 with any interface and port) and Unix domain
socket based listeners are supported.  Listeners may also be
disabled.

Binding the http listener to TCP addresses other than 127.0.0.1 or
::1 is deprecated.

The deployment now uses https health checks.  The supervisor is
always able to complete a TLS connection with the use of a bootstrap
certificate that is signed by an in-memory certificate authority.

To support sidecar containers used by service meshes, Unix domain
socket based listeners include ACLs that allow writes to the socket
file from any runAsUser specified in the pod's containers.

Signed-off-by: Monis Khan <mok@vmware.com>
2022-01-18 17:43:45 -05:00
Ryan Richard
aa361a70a7 clarifications to code walkthrough doc 2021-12-03 10:50:02 -08:00
Ryan Richard
7b6bdd8129 fix link to blog and add another in doc 2021-12-03 10:32:16 -08:00
Ryan Richard
2736c3603a fix typo in doc 2021-12-03 09:17:17 -08:00
Ryan Richard
3ea90467b7 add first draft of code walk-through doc 2021-12-02 17:18:50 -08:00
Anjali Telang
59256264ec Changing the architecture.md weight back to 100
Signed-off-by: Anjali Telang <atelang@vmware.com>
2021-10-26 16:34:32 -04:00
Anjali Telang
f93cdcb9c5 Merge remote-tracking branch 'upstream/main' into main 2021-10-26 15:29:56 -04:00
Ryan Richard
dec43289f6 Lots of small updates based on PR feedback 2021-10-20 15:53:25 -07:00
Anjali Telang
a22507f835 Architecture should be on top of the docs page
Signed-off-by: Anjali Telang <atelang@vmware.com>
2021-10-19 13:46:30 -04:00
Ryan Richard
d3ade82f3f Update docs 2021-10-19 09:48:40 -07:00
Ryan Richard
d68bebeb49 Merge branch 'main' into upstream_refresh 2021-10-18 15:35:46 -07:00
Ryan Richard
ddb23bd2ed Add upstream refresh related config to OIDCIdentityProvider CRD
Also update related docs.
2021-10-14 15:49:44 -07:00
Margo Crawford
4aa66b9667
Update site/content/docs/reference/supported-clusters.md
Co-authored-by: Mo Khan <i@monis.app>
2021-10-06 11:23:29 -07:00
Margo Crawford
11797db866 Change description of impersonation proxy strategy in supported clusters.
This was wrong, since you don't need a LoadBalancer to run the
impersonation proxy if you specify spec.service.type = "None" or
"ClusterIP" on the CredentialIssuer.
2021-10-06 11:08:17 -07:00
Pinny
abf19f649d Update CLI docs for v0.11.0 release 2021-08-31 23:40:00 +00:00
Pinny
0a2a716796 Update CLI docs for v0.10.0 release 2021-08-31 23:21:54 +00:00
Ryan Richard
883007aa1b
Merge pull request #756 from vmware-tanzu/ad-identity-provider-docs
Document how to configure the ActiveDirectoryIdentityProvider
2021-08-31 10:48:25 -07:00
Margo Crawford
44e5e9d8c9 Add sentence about api docs 2021-08-26 17:02:56 -07:00
Ryan Richard
86bfd4f5e4 Number each install step using "1." 2021-08-25 16:37:36 -07:00
Ryan Richard
399737e7c6 Install docs use more GitOps-friendly style 2021-08-25 14:33:48 -07:00
Margo Crawford
cec3c2133a Update with new default values 2021-08-19 16:27:43 -07:00
Ryan Richard
42d31a7085 Update login.md doc to mention OIDC CLI-based flow 2021-08-19 09:59:47 -07:00
Matt Moyer
c3e037b24e
Fix a broken link in .../docs/howto/configure-supervisor.md.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-07-29 09:56:00 -05:00
Matt Moyer
62afb34877
Fix command typo and expand description of values.yaml a bit.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-07-29 08:45:19 -05:00
Matt Moyer
fd5ed2e5da
Rework "install" sections of our docs.
- Remove all the "latest" links and replace them with our new shortcode so they point at the latest release in a more explicit way.
  This also eliminates one of the sections in our Concierge and Supervisor install guides, since you're always installing a specific version.

- Provide instructions for installing with both kapp (one step) and kubectl (two steps for the Concierge).

- Minor wording changes. Mainly we are now a bit less verbose about reminding people they can choose a different version (once per page instead of in each step).

- When we give an example `kapp deploy` command, don't suggest `--yes` and `--diff-changes`.
  Users can still use these but it seems overly verbose for an example command.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-07-29 08:45:19 -05:00
Matt Moyer
ca82609d1a
Create a site parameter and shortcode for "latestversion".
This gives us a single line of YAML to edit when we want to bump our docs to the latest version number.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-07-29 08:45:18 -05:00
Margo Crawford
a6dc5b912f Document how to configure the ActiveDirectoryIdentityProvider 2021-07-28 14:35:29 -07:00
Ryan Richard
f4829178b3 Use sentence case for headers in docs
Following some common developer style guides such as
Google
https://developers.google.com/style/capitalization#capitalization-in-titles-and-headings
and Microsoft
https://docs.microsoft.com/en-us/style-guide/scannable-content/headings#formatting-headings
2021-07-26 17:18:44 -07:00
Ryan Richard
e30cf6e51a
Merge branch 'main' into cli_username_password_env_vars 2021-07-22 09:29:03 -07:00
Ryan Richard
64aba7e703 Add new howto guide login.md 2021-07-21 12:10:47 -07:00
Radoslav Dimitrov
f6273b0604 Update the Prerequisites section and add a note about the groups scope
Add Dex to the prerequisites and add a note that to query for the groups
scope the user must set the organizations Dex should search against.
Otherwise the groups claim would be empty. This is because of the format
group claims are represented, i.e. "org:team".

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>
2021-07-20 13:49:45 +03:00
Radoslav Dimitrov
0bdd1bc68f Add documentation for configuring Supervisor with Dex and Github
The following guide describes the process of configuring Supervisor
with Dex and identify users through their Github account. Issue #415

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>
2021-07-19 16:00:43 +03:00