ENDOC-464 Update the OpenShift Operator tutorial #481
Conversation
nshaw
changed the title
| @@ -35,7 +35,7 @@ When choosing how to deploy your operator there are no right or wrong answers. T | |||
| - When teams are small and self managing from an operational perspective a namespace scoped deployment is a simpler architecture | |||
| - If you plan to have a small number of applications deployed in the cluster a namespace scoped deployment can be easier to manage | |||
|
|
|||
| [Click here for tutorials and instructions for deploying via operator hub](../../tutorials/getting-started/openshift-install-by-operator-hub.md) | |||
| [Click here for tutorials and instructions for deploying via the Operator](../../tutorials/getting-started/openshift-install-by-operator.md) | |||
There was a problem hiding this comment.
grammatically this is a little awkward, and not sure what the difference is between tutorials and instructions?? "for tutorials on"?
| @@ -53,7 +53,7 @@ expected to contain two files: tls.key and tls.crt. | |||
| If that property is set to `true` the Entando Operator will assume that the cluster has been configured with a valid CA and leave it to | |||
| @@ -53,7 +53,7 @@ expected to contain two files: tls.key and tls.crt. | |||
| If that property is set to `true` the Entando Operator will assume that the cluster has been configured with a valid CA and leave it to | |||
| the Ingress controller to generate its own certificates. | |||
|
|
|||
| [Click here for tutorials on creating secrets and setting up TLS in your Entando Apps.](../../tutorials/getting-started/openshift-install-by-operator-hub.md) | |||
| [Click here for tutorials on creating secrets and setting up TLS in your Entando Apps.](../../tutorials/getting-started/openshift-install-by-operator.md) | |||
| @@ -3,10 +3,10 @@ sidebarDepth: 2 | |||
| --- | |||
|
|
|||
| # Configure the Entando Operator | |||
| This tutorial demonstrates how to provide a ```ConfigMap``` for the Entando Operator to customize its behavior. | |||
| This tutorial demonstrates how to provide a ```ConfigMap``` for the Entando Operator to customize its behavior. See the template file below for possible settings related to timeouts, TLS/SSL configuration, or the default image repository. Some specific tutorials (e.g. [Plugin Configuration Profiles](./plugin-configuration.md)) also require updates to the Entando Operator configuration. | |||
There was a problem hiding this comment.
"...how to provide the Entando Operator with a ConfigMap to customize its behavior" is a little more clarified
"or" the default image repo, or "and" the default repo?
| ## Overview | ||
| The following tutorial shows how to install an Entando Application using the `Entando Operator` and covers a few common enterprise configurations. You may also find the alternative [manual instructions](./openshift-install.md) useful. | ||
|
|
||
| Scenario 1 is similar to the Entando quickstart style of deployment which can be applied in many environments, including on local developer laptops. The subsequent scenarios build on that initial setup but can be performed independently if desired. Unless otherwise noted, you have the freedom to keep or modify the default options when installing the `Entando Operator` and other resources in the tutorials. |
There was a problem hiding this comment.
"local developer laptops" reads like dev laptops in close proximity :P
be performed independently if desired -> also be performed independently
| - Keep the default `my-app` for your application name or select your own | ||
| - Select the EntandoApp version: `7.0` | ||
| - Set the `Ingress Host Name` as in Scenario 1 above. It should match the CN used to generate the cert in step 1. | ||
| - Keep the default `DBMS` as `postgresql` |
There was a problem hiding this comment.
same comment for this step as above
| 5. Click `Install` to install the operator into your target namespace | ||
| 6. The install may take a few minutes to complete after which you can click `View Operator` to see the operator in your namespace, or you can go to `Operators → Installed Operators` at any point and select it from there. | ||
| 7. Now go to `EntandoApp` and click `Create EntandoApp` | ||
| - Keep the default `my-app` for your application name or select your own |
|
|
||
| Now let's create a new application, this time using PostgreSQL. | ||
| 1. Go to `EntandoApp` and click `Create instance` | ||
| - Keep the default `my-app` for your application name or select your own |
| - Keep the default `DBMS` as `postgresql` | ||
| 12. Click `Create`. The `Entando Operator` will now proceed to deploy the appropriate resources. | ||
|
|
||
| Once the deployment is complete you can confirm that all routes use https with the self-signed certificate. You will still see security warnings in the browser. |
There was a problem hiding this comment.
complete you -> complete, you
https -> HTTPS
|
|
||
| ## Next Steps | ||
| Once you've completed any of the scenarios above, you have several options. | ||
| * Check out `Networking → Routes` to see the URLs for the running services. Common starting points include the `Entando App Builder` (e.g. `http://entando.apps-crc.testing/app-builder/`) or the `Entando Application` itself (e.g. `http://entando.apps-crc.testing/entando-de-app/`). |
|
|
||
| ## Scenario 1 - Embedded Database | ||
| The initial scenario is to deploy the operator and Entando Application in a single namespace. We'll start with the smallest application footprint by using an embedded database although this is not recommended for production use cases. | ||
| 1. Locate the `Entando Operator` in the `Operators → OperatorHub`. Make sure to select the appropriate version. |
There was a problem hiding this comment.
Operators → OperatorHub >> Operators → OperatorHub
| 3. Select `A specific namespace on the cluster` for the `Installation mode` | ||
| 4. Choose an empty namespace for `Installed Namespace`. You can create one from `Home → Projects` first, if needed, e.g. `entando-one`. | ||
| 5. Click `Install` to install the operator into your target namespace | ||
| 6. The install may take a few minutes to complete after which you can click `View Operator` to see the operator in your namespace, or you can go to `Operators → Installed Operators` at any point and select it from there. |
There was a problem hiding this comment.
maybe break up this long sentence into to make it more digestible? The second sentence can start with, "Or you can go to..."
| - Keep the default `my-app` for your application name or select your own | ||
| - Select the EntandoApp version: `7.0` | ||
| 8. Provide an `Ingress Host Name` specific to your namespace, e.g. `my-app.YOUR-BASE-OPENSHIFT-URL.` In CRC you can keep the default `entando.apps-crc.testing` for your first project. | ||
| 9. Change the `DBMS` to `embedded`. This is the lightest and quickest way to test a full Entando Application but your preferred relational database is strongly recommended for production use. |
There was a problem hiding this comment.
"This is the lightest and quickest way to test a full Entando Application but your preferred relational" >> This is the lightest and quickest way to test a full Entando Application, but a relational database is strongly ..."
comma before but
maybe change 'your' to 'a'>> paused on 'your' because it confused me, then realized the important point is not your but some un-embedded DB
| - Select the EntandoApp version: `7.0` | ||
| 2. Set the `Ingress Host Name` as in Scenario 1 above | ||
| 3. Keep the default `DBMS` as `postgresql` | ||
| 4. Click `Create`. The `Entando Operator` will now proceed to deploy the appropriate resources just as in Scenario 1 but with the addition of a PostgreSQL database deployment. |
There was a problem hiding this comment.
" just as in Scenario 1" >> maybe remove 'just' ? >>
"deploy the appropriate resources as in Scenario 1, but with the addition..."
| See the [Next Steps](#next-steps) below to continue your work with Entando. | ||
|
|
||
| ## Scenario 4 - PostgreSQL plus self-signed SSL | ||
| This scenario is similar to Scenario 3 but here you'll use a self-signed certificate rather than using OpenShift's Certificate Authority. As a starting point, you can either remove the EntandoApp and Provided Capabilities from the previous scenarios or prepare a new project per steps 1-5 in Scenario 1. |
There was a problem hiding this comment.
Or "This scenario uses a self-signed certificate..." << is it important to note that these steps are similar to scenario 3, if so leave the comparison at the beginning of the paragraph.
I was wondering if it was introductory information, in which case it can be left out. That way the focus on self-signed certificate comes quicker for the reader
|
|
||
| We'll start by creating a self-signed certificate and then prepare the Secrets and ConfigMap to match. There are various ways to create an X.509 self-signed certificate so you can use your preferred mechanism. | ||
|
|
||
| 1. Using [OpenSSL](https://www.openssl.org/) create a certificate for your application. You'll need to adjust the CN value to match the Ingress Host Name for your project. |
There was a problem hiding this comment.
Is CN common knowledge?
There was a problem hiding this comment.
It's actually the label on the field in the command (CN=entando.apps-crc.testing).
vuepress/docs/next/tutorials/getting-started/openshift-install-by-operator.md
Show resolved
Hide resolved
| ``` | ||
| 10. Click `Create` | ||
|
|
||
| Now let's create a new application, just like in Scenario 3 but with the self-signed SSL certificate. |
There was a problem hiding this comment.
Or Now, let's use the self-signed SSL certificate in a new application similar to scenario 3.
|
|
||
| ## Next Steps | ||
| Once you've completed any of the scenarios above, you have several options. | ||
| * Check out `Networking → Routes` to see the URLs for the running services. Common starting points include the `Entando App Builder` (e.g. `http://entando.apps-crc.testing/app-builder/`) or the `Entando Application` itself (e.g. `http://entando.apps-crc.testing/entando-de-app/`). |
There was a problem hiding this comment.
should Entando App Builder or Entando Application be backticked?
There was a problem hiding this comment.
Hmm, I thought we weren't in this case but now I've lost track. This tutorial wasn't consistent with it for Entando Operator either.
| @@ -3,34 +3,34 @@ sidebarDepth: 2 | |||
| --- | |||
|
|
|||
| # Configure the Entando Operator | |||
| This tutorial demonstrates how to provide a ```ConfigMap``` for the Entando Operator to customize its behavior. See the template file below for possible settings related to timeouts, TLS/SSL configuration, or the default image repository. Some specific tutorials (e.g. [Plugin Configuration Profiles](./plugin-configuration.md)) also require updates to the Entando Operator configuration. | |||
| This tutorial demonstrates how to provide the Entando Operator with a ConfigMapto customize its behavior. See the template file below for possible settings related to timeouts, TLS/SSL configuration, and default image repository. Some specific tutorials (e.g. [Plugin Configuration Profiles](./plugin-configuration.md)) also require updates to the Entando Operator configuration. | |||
There was a problem hiding this comment.
space needed between Map and to
| 7. Now go to `EntandoApp` and click `Create EntandoApp` | ||
| - Keep the default `my-app` for your application name or select your own | ||
| - Keep the default `my-app` as your application name or select your own | ||
| - Select the EntandoApp version: `7.0` | ||
| 8. Provide an `Ingress Host Name` specific to your namespace, e.g. `my-app.YOUR-BASE-OPENSHIFT-URL.` In CRC you can keep the default `entando.apps-crc.testing` for your first project. |
There was a problem hiding this comment.
the period should be outside the backtick for my-app.YOUR-BASE-OPENSHIFT-URL
| 5. Set the `Secret Name`, e.g. `entando-ca-cert-secret` | ||
| 6. Set the `Key`, e.g. `tls.crt` | ||
| 7. Set the `Value` by clicking `Browse...` and loading the cert file from Step 1, e.g. `tls.crt` | ||
| 8. Click `Create` | ||
| 9. Next go to `Workloads → ConfigMaps` and update or create a ConfigMap named `entando-operator-config.` This is the ConfigMap used by the Operator to configure the deployments. You can [download the Entando Operator template](../devops/entando-operator.md#add-a-new-configmap) as a starting point. Set the "data/entando.ca.secret.name" and "data/entando.tls.secret.name" to match the names from above. | ||
| 9. Next go to `Workloads` → `ConfigMaps` and update or create a ConfigMap named `entando-operator-config.` This is the ConfigMap used by the Operator to configure the deployments. You can [download the Entando Operator template](../devops/entando-operator.md#add-a-new-configmap) as a starting point. Set the "data/entando.ca.secret.name" and "data/entando.tls.secret.name" to match the names from above. |
|
|
||
| See the [Next Steps](#next-steps) below to continue your work with Entando. | ||
|
|
||
| ## Next Steps | ||
| Once you've completed any of the scenarios above, you have several options. | ||
| * Check out `Networking → Routes` to see the URLs for the running services. Common starting points include the `Entando App Builder` (e.g. `http://entando.apps-crc.testing/app-builder/`) or the `Entando Application` itself (e.g. `http://entando.apps-crc.testing/entando-de-app/`). | ||
| * Check out `Networking` → `Routes` to see the URLs for the running services. Common starting points include the `Entando App Builder` (e.g. `http://entando.apps-crc.testing/app-builder/`) or the `Entando Application` itself (e.g. `http://entando.apps-crc.testing/entando-de-app/`). |
There was a problem hiding this comment.
I meant they shouldn't have backticks
| @@ -3,34 +3,34 @@ sidebarDepth: 2 | |||
| --- | |||
|
|
|||
| # Configure the Entando Operator | |||
| This tutorial demonstrates how to provide a ```ConfigMap``` for the Entando Operator to customize its behavior. | |||
| This tutorial demonstrates how to provide the Entando Operator with a ConfigMapto customize its behavior. See the template file below for possible settings related to timeouts, TLS/SSL configuration, and default image repository. Some specific tutorials (e.g. [Plugin Configuration Profiles](./plugin-configuration.md)) also require updates to the Entando Operator configuration. | |||
There was a problem hiding this comment.
ConfigMapto -> ConfigMap to (add space)
related to timeouts, TLS/SSL configuration, and default image repository -> related to the TLS/SSL configuration, default image repository and timeouts (switch list order to avoid either missing prepositions or preposition overhead)
There was a problem hiding this comment.
I tweaked this one a bit differently.
|
|
||
| ## Prerequisites | ||
| The Entando Operator makes use of an optional ```ConfigMap``` named ```entando-operator-config```. It must be present in the same namespace. In a quickstart environment, you can check for its presence with this command: | ||
| The Entando Operator makes use of an optional `ConfigMap` named `entando-operator-config`. It must be present in the same namespace as the Operator. In a quickstart environment, you can check for its presence with this command: |
There was a problem hiding this comment.
ConfigMap -> ConfigMap (and isn't backticked above)
| ```sh | ||
| kubectl get configmap -n entando | ||
| ``` | ||
|
|
||
| ## Add a new ConfigMap | ||
| If the ```ConfigMap``` doesn't already exist, you can use a template as a starting point. | ||
| If the `ConfigMap` doesn't already exist, you can use a template as a starting point. |
There was a problem hiding this comment.
ConfigMap -> backticking??
|
|
||
| ```sh | ||
| kubectl apply -f entando-operator-config.yaml -n entando | ||
| ``` | ||
|
|
||
| The Entando Operator automatically reloads the settings from the new ```ConfigMap```. You can verify the reload by checking the logs in the operator pod. | ||
| The Entando Operator automatically reloads the settings from the new `ConfigMap`. You can verify the reload by checking the logs in the operator pod. |
There was a problem hiding this comment.
ConfigMap again... not sure if it should be backticked; i am sure it isn't on other pages
reloads the settings -> reloads with the settings
|
|
||
| ## Update an existing ConfigMap | ||
| If the ```ConfigMap``` already exists, you can edit the ```ConfigMap``` to adjust existing settings or add new ones. | ||
| If the `ConfigMap` already exists, you can edit the `ConfigMap` to adjust existing settings or add new ones. |
There was a problem hiding this comment.
backticking...
how about "You can edit an existing ConfigMap to adjust or add settings." ??
| @@ -35,7 +35,7 @@ When choosing how to deploy your operator there are no right or wrong answers. T | |||
| - When teams are small and self managing from an operational perspective a namespace scoped deployment is a simpler architecture | |||
| - If you plan to have a small number of applications deployed in the cluster a namespace scoped deployment can be easier to manage | |||
There was a problem hiding this comment.
If you plan to have a small number of applications deployed in the cluster a namespace scoped deployment can be easier to manage -> If you plan to have a small number of applications deployed in the cluster, a namespace-scoped deployment can be easier to manage
| @@ -50,17 +50,17 @@ determined. | |||
| expected to contain two files: tls.key and tls.crt. | |||
| - If a key pair is found in the folder specified, it will revert to the keypair found. | |||
There was a problem hiding this comment.
If a key pair is found in the folder specified, it will revert to the keypair found. -> If a key pair is found in the folder specified folder, it will revert to the key pair found
still not worded well :( "it will be found" -- what will be found?
| @@ -50,17 +50,17 @@ determined. | |||
| expected to contain two files: tls.key and tls.crt. | |||
| - If a key pair is found in the folder specified, it will revert to the keypair found. | |||
| - If a key pair is not found the Entando Operator will evaluate the value of the `ENTANDO_USE_AUTO_CERT_GENERATION`. | |||
There was a problem hiding this comment.
not found the -> not found, the
| the Ingress controller to generate its own certificates. | ||
|
|
||
| [Click here for tutorials on creating secrets and setting up TLS in your Entando Apps.](../../tutorials/getting-started/openshift-install-by-operator-hub.md) | ||
| [Click here for tutorials setting up TLS in your Entando Apps.](../../tutorials/getting-started/openshift-install-by-operator.md) | ||
|
|
||
| ## Database Deployment | ||
|
|
||
| Some Entando components include the ability to select a database management system (DBMS) when deploying the component. |
There was a problem hiding this comment.
the components include the ability?
| the Ingress controller to generate its own certificates. | ||
|
|
||
| [Click here for tutorials on creating secrets and setting up TLS in your Entando Apps.](../../tutorials/getting-started/openshift-install-by-operator-hub.md) | ||
| [Click here for tutorials setting up TLS in your Entando Apps.](../../tutorials/getting-started/openshift-install-by-operator.md) |
There was a problem hiding this comment.
tutorials on
end with period like bullet directly above
| - If you plan to have a small number of applications deployed in the cluster a namespace scoped deployment can be easier to manage | ||
|
|
||
| [Click here for tutorials on deploying via the Operator](../../tutorials/getting-started/openshift-install-by-operator.md) | ||
| For details on the individual custom resources and their configuration check out the [custom resources documentation](./custom-resources.md). [See the for instructions here on deploying via the Operator](../../tutorials/getting-started/openshift-install-by-operator.md) |
There was a problem hiding this comment.
Sorry... the second sentence
[See the for instructions here >> [See the instructions here
while we're here,
For details on the individual custom resources and their configuration check >> For details on the individual custom resources and their configuration, check
| - If you plan to have a small number of applications deployed in the cluster a namespace scoped deployment can be easier to manage | ||
|
|
||
| [Click here for tutorials and instructions for deploying via operator hub](../../tutorials/getting-started/openshift-install-by-operator-hub.md) | ||
| For details on the individual custom resources and their configuration, check out the [custom resources documentation](./custom-resources.md). [See the instructions here on deploying via the Operator](../../tutorials/getting-started/openshift-install-by-operator.md) |
There was a problem hiding this comment.
this last sentence needs a period
operator not capitalized unless Entando Operator or Operator Hub
| - If a key pair is found in the folder specified, it will revert to the keypair found. | ||
| - If a key pair is not found the Entando Operator will evaluate the value of the `ENTANDO_USE_AUTO_CERT_GENERATION`. | ||
| If that property is set to `true` the Entando Operator will assume that the cluster has been configured with a valid CA and leave it to | ||
| - If a secret isn't provided the Entando Operator will evaluate the value of the `ENTANDO_PATH_TO_TLS_KEYPAIR` which is expected to contain two files: tls.key and tls.crt. |
There was a problem hiding this comment.
Secret
isn't provided the -> isn't provided, the
...KEYPAIR which -> ...KEYPAIR, which
"evaluate the value of" sounds so repetitive... any way to rephrase this?
There was a problem hiding this comment.
This whole doc needs to be updated/reviewed with Eng. I'll make the simple changes but it may even be wrong now.
| the Ingress controller to generate its own certificates. | ||
|
|
||
| [Click here for tutorials on creating secrets and setting up TLS in your Entando Apps.](../../tutorials/getting-started/openshift-install-by-operator-hub.md) | ||
| [Click here for instructions on setting up TLS in your Entando Apps.](../../tutorials/getting-started/openshift-install-by-operator.md). |
There was a problem hiding this comment.
looks like there are two periods here... remove the inner one
| If that property is set to `true` the Entando Operator will assume that the cluster has been configured with a valid CA and leave it to | ||
| - If a secret isn't provided the Entando Operator will evaluate the value of the `ENTANDO_PATH_TO_TLS_KEYPAIR` which is expected to contain two files: tls.key and tls.crt. | ||
| - If a key pair is found in the folder specified, it will revert to the key pair found. | ||
| - If a key pair is not found, the Entando Operator will evaluate the value of the `ENTANDO_USE_AUTO_CERT_GENERATION`. |
There was a problem hiding this comment.
there's that pesky "evaluate the value of" again...
| - If a key pair is not found the Entando Operator will evaluate the value of the `ENTANDO_USE_AUTO_CERT_GENERATION`. | ||
| If that property is set to `true` the Entando Operator will assume that the cluster has been configured with a valid CA and leave it to | ||
| - If a secret isn't provided the Entando Operator will evaluate the value of the `ENTANDO_PATH_TO_TLS_KEYPAIR` which is expected to contain two files: tls.key and tls.crt. | ||
| - If a key pair is found in the folder specified, it will revert to the key pair found. |
There was a problem hiding this comment.
"it will revert to the key pair found" is pretty awkward here.. and what is "it"?
|
|
||
| - If an EntandoDatabaseService has been deployed in the component's namespace, and the DBMS specified on this EntandoDatabaseService | ||
| is the same as the DBMS specified on this EntandoApp, the Entando Operator will create dedicated | ||
| - If an EntandoDatabaseService has been deployed in the component's namespace and the DBMS specified on this EntandoDatabaseService is the same as the DBMS specified on this EntandoApp, then the Entando Operator will create dedicated |
vuepress/docs/next/tutorials/getting-started/openshift-install-by-operator.md
Show resolved
Hide resolved
vuepress/docs/next/tutorials/getting-started/openshift-install-by-operator.md
Show resolved
Hide resolved
| See the [Next Steps](#next-steps) below to continue your work with Entando. | ||
|
|
||
| ## Scenario 3 - PostgreSQL plus OpenShift SSL | ||
| This scenario sets up PostgreSQL, like Scenario 2, but also enables SSL using OpenShift's internal Certificate Authority (CA). As a starting point, you can either remove the EntandoApp and ProvidedCapabilities using the Operator or you can prepare a new project per steps 1-5 in Scenario 1. |
| 6. Set the `Key`, e.g. `tls.crt` | ||
| 7. Set the `Value` by clicking `Browse...` and loading the cert file from Step 1, e.g. `tls.crt` | ||
| 8. Click `Create` | ||
| 9. Next, go to `Workloads` → `ConfigMaps` and update or create a ConfigMap named `entando-operator-config.` This is the ConfigMap used by the Operator to configure the deployments. You can [download the Entando Operator template](../devops/entando-operator.md#add-a-new-configmap) as a starting point. Set the "data/entando.ca.secret.name" and "data/entando.tls.secret.name" to match the names from above. |
| - If a key pair is found in the folder specified, it will revert to the keypair found. | ||
| - If a key pair is not found the Entando Operator will evaluate the value of the `ENTANDO_USE_AUTO_CERT_GENERATION`. | ||
| If that property is set to `true` the Entando Operator will assume that the cluster has been configured with a valid CA and leave it to | ||
| - If a secret isn't provided the Entando Operator will evaluate the value of the `ENTANDO_PATH_TO_TLS_KEYPAIR` which is expected to contain two files: tls.key and tls.crt. |
There was a problem hiding this comment.
This whole doc needs to be updated/reviewed with Eng. I'll make the simple changes but it may even be wrong now.
vuepress/docs/next/tutorials/getting-started/openshift-install-by-operator.md
Show resolved
Hide resolved
| ``` | ||
|
|
||
| ## Scenario 1 - Embedded Database | ||
| The initial scenario deploys the operator and Entando Application in a single namespace. We'll start with the smallest application footprint by using an embedded database, although this is not recommended for production use cases. |
There was a problem hiding this comment.
Either is okay, but into sounds 10% better. :)
vuepress/docs/next/tutorials/getting-started/openshift-install-by-operator.md
Show resolved
Hide resolved
|
|
||
| ## TLS Secret Creation | ||
|
|
||
| When configuring and deploying Entando via the operator you will be asked to provide a secret for some of the components in the architecture. A few things to be aware of when creating and configuring a secret: | ||
| When configuring and deploying Entando via the operator you will be asked to provide a secret for some of the components in the architecture. A few things to be aware of when creating and configuring a Secret: |
There was a problem hiding this comment.
add comma >> When configuring and deploying Entando via the operator, you will be
| - For an EntandoApp three schemas/database will be created: the Entando Port DB, tne Entando Serv DB and a database for | ||
| the Entando Component Manager. | ||
| will automatically deploy the appropriate container to host the DBMS specified. This last option is not yet supported for Oracle. | ||
| - For an EntandoApp three schemas/database will be created: the Entando Port DB, tne Entando Serv DB and a database for the Entando Component Manager. |
There was a problem hiding this comment.
add comma & 's' >> For an EntandoApp, three schemas/databases will be created:
| - Refer to the 'ingressHostname' property in the custom resource for more information on how the hostname is determined. | ||
| - If a Secret isn't provided, the Entando Operator will evaluate the value of the `ENTANDO_PATH_TO_TLS_KEYPAIR`, which is expected to contain two files: tls.key and tls.crt. | ||
| - If a key pair is found in the folder specified, the operator will use that key pair. | ||
| - If a key pair is not found, the Entando Operator will evaluate the value of the `ENTANDO_USE_AUTO_CERT_GENERATION`. If that property is set to `true`, the Entando Operator will assume that the cluster has been configured with a valid CA and leave it to the Ingress controller to generate its own certificates. |
There was a problem hiding this comment.
CA >> Certificate Authority (CA)
|
|
||
| Start by creating a self-signed certificate and then prepare the Secrets and ConfigMap to match. There are various ways to create an X.509 self-signed certificate, so you can use your preferred mechanism. | ||
|
|
||
| 1. Using [OpenSSL](https://www.openssl.org/), create a certificate for your application. You'll need to adjust the CN value to match the `Ingress Host Name` for your project. |
There was a problem hiding this comment.
Is CN common knowledge?
| tls.crt: '' | ||
| type: kubernetes.io/tls | ||
| ``` | ||
| 3. Click on `Actions` → `Edit Secret` and use the `Browse...` buttons to upload the key and cert files |
There was a problem hiding this comment.
Period after 'cert files'
| 6. Set the `Key`, e.g. `tls.crt` | ||
| 7. Set the `Value` by clicking `Browse...` and loading the cert file from Step 1, e.g. `tls.crt` | ||
| 8. Click `Create` | ||
| 9. Next, go to `Workloads` → `ConfigMaps` and update or create a ConfigMap named `entando-operator-config.` This is the ConfigMap used by the operator to configure the deployments. You can [download the Entando Operator template](../devops/entando-operator.md#add-a-new-configmap) as a starting point. Set the "data/entando.ca.secret.name" and "data/entando.tls.secret.name" to match the names from above. |
There was a problem hiding this comment.
move period and add '.yaml'? >> ConfigMap named entando-operator-config.yaml.
There was a problem hiding this comment.
The name is entando-operator-config, without the .yaml.
No description provided.