From ab4f3c6b0a676c5fa4d8e9aa49ffe712abdd762e Mon Sep 17 00:00:00 2001 From: Lauri Date: Mon, 7 Aug 2023 11:08:38 +0200 Subject: [PATCH 01/22] add azure install guide --- .../install-enterprise-azure.mdx | 276 ++++++++++++++++++ 1 file changed, 276 insertions(+) create mode 100644 website/docs/enterprise/getting-started/install-enterprise-azure.mdx diff --git a/website/docs/enterprise/getting-started/install-enterprise-azure.mdx b/website/docs/enterprise/getting-started/install-enterprise-azure.mdx new file mode 100644 index 0000000000..57990583e8 --- /dev/null +++ b/website/docs/enterprise/getting-started/install-enterprise-azure.mdx @@ -0,0 +1,276 @@ +--- +title: Azure and Weave GitOps Enterprise Installation +hide_title: true +--- + +import TierLabel from "../_components/TierLabel"; + +# Azure and Weave GitOps Enterprise Installation + +Once you successfully create your Kuberbetes cluster in Azure Marketplace, follow these steps to Install Weave GitOps Enterprise. + +## 1. Choose the “GitOps” option in the Marketplace + +Search for Weave GitOps Enterprise in the "Extensions + Applications" of the [Azure Marketplace](https://portal.azure.com/signin/index/). Click the "GitOps" option. This will take you to a screen that presents a first-class item called `Type: Flux v2`. + +Click GitOps => Create. + +Add the config name, namespace (default), scope: cluster, type (Flux v2), and continuous reconciliation option. Your entries should look like this: +- Configuration: flux-system +- Namespace: flux-system +- Scope: Cluster + +All of the displayed properties for the Flux objects screen are the same as what you'd supply to Flux bootstrap. + +Click "Next", then add: +- Source Kind: Git repository +- Repository URL: [your repository URL here] +- Reference Type: Branch +- Repository Type: Private + +And under the "Authentication" section: +- Authentication Source: Provide Authentication here +- SSH Key Authentication: Let the operator generate SSH Keys +- HTTPS User: YOUR_GITHUB_USERNAME +- HTTPS Key: YOUR_GITHUB_USER_PAT (Get one at [this link](https://github.com/settings/tokens). It's not the most secure method, but the easiest to get going.) + +Click "Next". You'll see an option to create a Kustomisation, which is optional. To create one: +- Click Create +- Instance name: flux-system +- Path: clusters/default/demo3-azure-flux +- Prune: Ticked + +Click "Save". Then clicking "Next", which will give you a summary so you can review your input. Then click "Create". It will take about five minutes to deploy. + +You'll get to a new screen, which at the top-right shows "Notifications" and will display creation of the Flux configuration. When your deployment succeeds, go to the resource and pin to your dashboard. Then go to your terminal to see if it works in kubectl. In the terminal you'll get the GitRepository and Kustomizations. You should then get a green "succeeded" checkmark. + +The Kustomisations screen does not provide an option to inspect the path/target namespace—you have to supply the target Namespace in the Kustomization object. + +## 2. Install CAPZ, the CAPI Provider + +The installation wizard in the Azure Marketplace UI offers a checkbox where you can select to do this. + +## 3. Apply the Entitlements Secret + +Contact sales@weave.works for a valid entitlements secret. This will come in the form of a file “entitlements.yaml”. Apply it to the cluster: + +``` +kubectl apply -f entitlements.yaml +``` + +## 4. Configure Access for Writing to Git from the UI + +*(This section is the same as what you'll find in the main WGE install documentation.)* + +Here we provide guidance for GitHub, GitLab, BitBucket Server, and Azure DevOps. + + + +GitHub requires no additional configuration for OAuth git access + + + +Create a GitLab OAuth application that will request `api` permissions to create pull requests on your behalf. + +Follow the [GitLab docs](https://docs.gitlab.com/ee/integration/oauth_provider.html). + +The application should have at least these scopes: + +- `api` +- `openid` +- `email` +- `profile` + +Add callback URLs to the application for each address the UI will be exposed on, e.g.: + +- `https://localhost:8000/oauth/gitlab` for port-forwarding and testing +- `https://git.example.com/oauth/gitlab` for production use + +Save your application, taking note of the **Client ID** and **Client Secret**. Save +them into the `git-provider-credentials` secret, along with: + +- `GIT_HOST_TYPES` to tell WGE that the host is gitlab +- `GITLAB_HOSTNAME` where the OAuth app is hosted + +**Replace values** in this snippet and run: + +```bash +kubectl create secret generic git-provider-credentials --namespace=flux-system \ + --from-literal="GITLAB_CLIENT_ID=13457" \ + --from-literal="GITLAB_CLIENT_SECRET=24680" \ + --from-literal="GITLAB_HOSTNAME=git.example.com" \ + --from-literal="GIT_HOST_TYPES=git.example.com=gitlab" +``` + + + + +Create a new [incoming application link](https://confluence.atlassian.com/bitbucketserver/configure-an-incoming-link-1108483657.html) from +the BitBucket administration dashboard. You will be asked to enter a unique name and the redirect URL for the external application. The redirect URL +should be set to `/oauth/bitbucketserver`. You will also need to select permissions for the application. The minimum set of +permissions needed for WGE to create pull requests on behalf of users is `Repositories - Write`. An example of configuring these settings is shown below. + +
+ + + +
Configuring a new incoming application link
+
+ + +Save your application and take note of the **Client ID** and **Client Secret**. Save +them into the `git-provider-credentials` secret, along with: + +- `GIT_HOST_TYPES` to tell WGE that the host is bitbucket-server +- `BITBUCKET_SERVER_HOSTNAME` where the OAuth app is hosted + +**Replace values** in this snippet and run: + +```bash +kubectl create secret generic git-provider-credentials --namespace=flux-system \ + --from-literal="BITBUCKET_SERVER_CLIENT_ID=13457" \ + --from-literal="BITBUCKET_SERVER_CLIENT_SECRET=24680" \ + --from-literal="BITBUCKET_SERVER_HOSTNAME=git.example.com" \ + --from-literal="GIT_HOST_TYPES=git.example.com=bitbucket-server" +``` + +If the secret is already present, use the following command to update it using your default editor: + +```bash +kubectl edit secret generic git-provider-credentials --namespace=flux-system +``` + +:::info + +If BitBucket Server is running on the default port (7990), make sure you include the port number in the values of the secret. For example: `GIT_HOST_TYPES=git.example.com:7990=bitbucket-server` + +::: + + + + + +Navigate to [VisualStudio](https://app.vsaex.visualstudio.com/app/register) and register a new application, as explained in the [docs](https://learn.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/oauth?view=azure-devops#1-register-your-app). Set the authorization callback URL and select which scopes to grant. Set the callback URL to `/oauth/azuredevops`. + +Select the `Code (read and write)` scope from the list. This is necessary so that WGE can create pull requests on behalf of users. An example of configuring these settings is shown below. + +
+ +
Creating a new application
+
+ +After creating your application, you will be presented with the application settings. Take note of the `App ID` and `Client Secret` values—you will use them to configure WGE. + +
+ +
Application settings
+
+ +In your cluster, create a secret named `git-provider-credentials` that contains the `App ID` and `Client Secret` values from the newly created application. + +**Replace values** in this snippet and run: + +```bash +kubectl create secret generic git-provider-credentials --namespace=flux-system \ + --from-literal="AZURE_DEVOPS_CLIENT_ID=" \ + --from-literal="AZURE_DEVOPS_CLIENT_SECRET=" +``` + +WGE is now configured to ask users for authorization the next time a pull request must be created as part of using a template. Note that each user can view and manage which applications they have authorized by navigating to https://app.vsaex.visualstudio.com/me. + + + + + +## 5. Configure Your Password + +First, install the Weave GitOps Enterprise CLI tool. To do this, you can use either brew or curl. + + + + +```bash +brew install weaveworks/tap/gitops-ee +``` + + + + + +```bash +curl --silent --location "https://artifacts.wge.dev.weave.works/releases/bin/0.27.0/gitops-$(uname)-$(uname -m).tar.gz" | tar xz -C /tmp +sudo mv /tmp/gitops /usr/local/bin +gitops version +``` + + + + +Now, to login to the WGE UI, generate a bcrypt hash for your chosen password and store it as a secret in the Kubernetes cluster. There are several different ways to generate a bcrypt hash. Here, we'll use `gitops get bcrypt-hash` from our GitOps CLI. + +```bash +PASSWORD="" +echo -n $PASSWORD | gitops get bcrypt-hash | kubectl create secret generic cluster-user-auth -n flux-system --from-literal=username=wego-admin --from-file=password=/dev/stdin +``` + +A validation to know it’s working: + +```bash +kubectl get secret -n flux-system cluster-user-auth +``` + +## 6. Install Weave GitOps Enterprise to Your Cluster + +First, you'll get taken to the Weaveworks portal on the Azure platform, which provides your subscription details. + +Search for Weave GitOps. Pick "View private products" and choose WGE. Fill out the forms, selecting your cluster, then choose "Review and Create". + +If you've not yet installed cert-manager, your deployment will fail. You will have cert-manager if you installed CAPI already. If you've not installed CAPI, install cert-manager using Helm and kubectl. + +## 7. Apply Extra Configuration + +Additional configuration is done through an optional ConfigMap: + +``` +apiVersion: v1 +kind: ConfigMap +metadata: + name: cluster-service-extra-config + namespace: flux-system +data: + # disable TLS +NO_TLS: "true" +``` + +Apply the configuration with: + +``` +kubectl apply -f cluster-service-extra-config.yaml + +# restart the clusters-service for changes to take effect +kubectl -n flux-system rollout restart deploy/weave-gitops-enterprise-mccp-cluster-service +``` + +### Available Configuration Options + +| value | default | description | +|---|---|---| +| `NO_TLS` | `"false"` | disable TLS | +| `CLUSTER_NAME` | `"management"` | name of the management cluster | +| `AUTH_METHODS` | `"token-passthrough,user-account"` | Which auth methods to use, valid values are 'oidc', 'token-pass-through' and 'user-account' | +| `OIDC_ISSUER_URL` | `"token-passthrough,user-account"` | The URL of the OpenID Connect issuer | +| `OIDC_CLIENT_ID` | `"token-passthrough,user-account"` | The client ID for the OpenID Connect client | +| `OIDC_CLIENT_SECRET` | `"token-passthrough,user-account"` | The client secret to use with OpenID Connect issuer | +| `OIDC_REDIRECT_URL` | `"token-passthrough,user-account"` | The OAuth2 redirect URL | +| `OIDC_TOKEN_DURATION` | `"1h"` | The duration of the ID token. It should be set in the format: number + time unit (s,m,h) e.g., 20m | +| `OIDC_CLAIM_USERNAME` | `"email"` | JWT claim to use as the user name. By default email, which is expected to be a unique identifier of the end user. Admins can choose other claims, such as sub or name, depending on their provider | +| `OIDC_CLAIM_GROUPS` | `"groups"` | JWT claim to use as the user's group. If the claim is present it must be an array of strings | +| `CUSTOM_OIDC_SCOPES` | `"groups, openid, email, profile"` | Customise the requested scopes for then OIDC authentication flow - openid will always be requested | + +## 8. Check That It Works + +Go to the "services and ingresses" tab in the Azure portal and look for signs that the UI installed. + +## Next Steps + +From this point, you can follow our generalized WGE installation instructions to [configure TLS](./install-enterprise.mdx#tls-configuration) and log into the UI. Installing the Azure Marketplace product installs the Helm chart. \ No newline at end of file From 2c8e03fc6b8dee362930ac23b4e324790d1a66f7 Mon Sep 17 00:00:00 2001 From: Lauri Date: Mon, 7 Aug 2023 11:09:08 +0200 Subject: [PATCH 02/22] add join azure and flux page --- .../join-cluster-azure-flux.mdx | 204 ++++++++++++++++++ 1 file changed, 204 insertions(+) create mode 100644 website/docs/enterprise/getting-started/join-cluster-azure-flux.mdx diff --git a/website/docs/enterprise/getting-started/join-cluster-azure-flux.mdx b/website/docs/enterprise/getting-started/join-cluster-azure-flux.mdx new file mode 100644 index 0000000000..0d63d80b7d --- /dev/null +++ b/website/docs/enterprise/getting-started/join-cluster-azure-flux.mdx @@ -0,0 +1,204 @@ +--- +title: Join a Cluster with Azure Flux +hide_title: true +--- + +import TierLabel from "../../_components/TierLabel"; + +# Joining a Cluster with Azure Flux + +## Prerequisites + +See our [guide to installing Weave GitOps Enterprise on AKS](install-enterprise-azure.mdx) +- An Azure cluster deployed with either the Azure Portal or Azure CLI tools. +- Azure Flux add-on deployed by adding a GitOps configuration, either via the Azure Portal or the CLI tool. + +## Initial Status + +The AKS cluster already has the Azure Flux add-on installed. This differs from [CNCF Flux](https://fluxcd.io/) in that there are two additional controllers: +- fluxconfig-agent +- fluxconfig-controller + +These controllers have CRDs that define the version of Flux and any Flux Kustomizations that are managed via the [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli). + +The CRDs are all apiVersion: clusterconfig.azure.com/v1beta1. + +The Kinds are: +- FluxConfig +- FluxConfigSyncStatus + +The FluxConfig Kind configures Flux itself and creates any Kustomizations that refer to a single-source GitRepository. This guide assumes that this process is already completed and that a top-level Kustomization has been configured for the fleet repo cluster directory already set up at +`clusters/default/CLUSTER_NAME/manifests`. + +The CRDs that this FluxConfig generates are Flux CRDs, as follows: +- GitRepositories +- Kustomizations + +These generated resources are viewable through Weave GitOps Enterprise. + +Weave GitOps itself is deployed by Flux using a HelmRelease that pulls the Helm Chart. It doesn’t need to install Flux, as it is assumed that Flux is already deployed. Therefore it can use the Azure Flux add-on, which poses no conflicts with WGE itself. + +Incompatibilities exist between the Azure Flux add-on and CNCF Flux. They should not be run at the same time, on the same cluster, due to conflicts in the CRD management. If the Flux bootstrapping process IS run on a cluster with Azure Flux add-on, it will override the Azure Flux add-on with the Flux version used in the bootstrap. Also, it would add Flux manifests to the source Git repository. This would be undesirable. + +Azure Flux add-on-enabled clusters keep the Azure Flux add-on in place. + +## Joining a Cluster to WGE + +### Setting up a Service Account + +To join a cluster, you'll set up a service account with permissions and create a kubeconfig for the service account. This service account does not need cluster admin permissions unless you are bootstrapping Flux into the cluster. The bootstrapping process will either be A) carried out before joining the cluster to WGE; or B) configured specifically for Flux to be bootstrapped into the cluster from WGE. + +If you already have Flux running, you can create the service account in your fleet repo: + +1. Create a service account file: + +
Expand to see role manifests +```yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: wgesa + namespace: default +--- +apiVersion: v1 +kind: Secret +type: kubernetes.io/service-account-token +metadata: + name: wgesa-secret + namespace: default + annotations: + kubernetes.io/service-account.name: "wgesa" +``` +
+ +2. Create a roles file: +
Expand to see role manifests +```yaml +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: impersonate-user-groups +subjects: + - kind: ServiceAccount + name: wgesa + namespace: default +roleRef: + kind: ClusterRole + name: user-groups-impersonator + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: user-groups-impersonator +rules: + - apiGroups: [""] + resources: ["users", "groups"] + verbs: ["impersonate"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] +``` +
+ +3. Commit to your fleet repo to sync. + +4. Create a secret to store the kubeconfig, and a GitopsCluster object in the WGE management cluster that points to the kubeconfig secret. This allows you to connect to the target cluster and read various Kubernetes objects—including the Flux objects, such as: +- GitRepositories +- HelmReleases +- Kustomizations +- Providers +- Alerts +- Receivers + +Kubernetes 1.24+ [will not create secrets for Service Accounts for you](https://stackoverflow.com/questions/75692230/secret-for-a-kubernetes-service-accounts-is-not-getting-created), so you have to add it yourself. + +5. Add a new secret for the service account by adding to the service account yaml file in step 1. + +6. Create a kubeconfig secret. We'll use a helper script to generate the kubeconfig, and then save it into `static-kubeconfig.sh`: + +
Expand to see script + + ```bash title="static-kubeconfig.sh" + #!/bin/bash + + if [[ -z "$CLUSTER_NAME" ]]; then + echo "Ensure CLUSTER_NAME has been set" + exit 1 + fi + + if [[ -z "$CA_CERTIFICATE" ]]; then + echo "Ensure CA_CERTIFICATE has been set to the path of the CA certificate" + exit 1 + fi + + if [[ -z "$ENDPOINT" ]]; then + echo "Ensure ENDPOINT has been set" + exit 1 + fi + + if [[ -z "$TOKEN" ]]; then + echo "Ensure TOKEN has been set" + exit 1 + fi + + export CLUSTER_CA_CERTIFICATE=$(cat "$CA_CERTIFICATE" | base64) + + envsubst < + +7. Create a secret for the generated kubeconfig in the WGE management cluster: + + ```bash + kubectl create secret generic demo-01-kubeconfig \ + --from-file=value=./demo-01-kubeconfig + ``` +You can also take care of this step in WGE's [Secrets UI](https://docs.gitops.weave.works/docs/next/secrets/intro/), setting up a a secret in [SOPS](https://docs.gitops.weave.works/docs/next/secrets/setup-sops/) or [ESO](https://docs.gitops.weave.works/docs/next/secrets/setup-eso/). + +Flux CRDs are compatible with the Azure Flux Configuration CRDs. This means that there are no compatibility issues between WGE and Azure Flux. + +8. Create a GitopsCluster object. It must NOT be bootstrapped. Remove the annotation for bootstrap so it will not deploy Flux. + +9. Commit to your fleet repo and sync. + +10. Log in to your WGE management cluster to see if the cluster has appeared. + +## Using WGE to Deploy Clusters + +### With Cluster API + +MSFT maintains CAPZ, the Azure CAPI provider. Currently there is no support for Azure Flux. A CAPI-based cluster will continue to run the Flux bootstrap process on cluster creation when managed by WGE, because there is no Azure Flux option. + +### With Terraform Provider + +WGE uses [TF-controller](https://github.com/weaveworks/tf-controller) to deploy Terraform resources. For WGE to use the cluster as a target requires A) a resource created in the management cluster and B) a kubeconfig that maps to a service account in the target cluster. The Terraform cluster build typically creates this service account and then outputs to a secret store or local secret so that WGE can use it as a cluster. The Flux bootstrap process can be initiated directly with the Flux Terraform module, which deploys CNCF Flux to the target cluster. + +Alternatively, you can apply an Azure Policy to provide the Azure Flux add-on. This is an example of how you can use the policy controls. This means you could come across clusters that are deployed with Terraform with the Azure Flux add-on already installed and would not run the Flux bootstrap process. + +Either way, it is typical that Terraform-deployed clusters do not run the Flux bootstrap process at all, because it is usually already installed. + +### With Crossplane + +The Azure Flux add-on is supported under [Crossplane](https://www.crossplane.io/)-deployed AKS clusters. Any clusters deployed with Crossplane that have the Azure Flux add-on enabled would also be added to WGE without running the bootstrap process. From 70775d3df6ce9452b7fa12e25179cfcb9e6a7fd3 Mon Sep 17 00:00:00 2001 From: Lauri Date: Mon, 7 Aug 2023 11:10:19 +0200 Subject: [PATCH 03/22] Fix line in install OSS guide --- website/docs/open-source/getting-started/install-OSS.mdx | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/website/docs/open-source/getting-started/install-OSS.mdx b/website/docs/open-source/getting-started/install-OSS.mdx index 7760f3aae2..db5ad439ce 100644 --- a/website/docs/open-source/getting-started/install-OSS.mdx +++ b/website/docs/open-source/getting-started/install-OSS.mdx @@ -7,7 +7,7 @@ pagination_next: open-source/getting-started/ui-OSS # Step 1: Install Weave GitOps Open Source on Your Cluster :::tip -These instructions only apply to Weave GitOps Open Source. To install Weave GitOps Enterprise, [go here][ee-install]. +These instructions only apply to Weave GitOps Open Source. To install Weave GitOps Enterprise, [go here](../../enterprise/getting-started/install-enterprise.mdx). ::: This page covers Weave GitOps Open Source installation and is adapted from the [Flux - Getting Started](https://fluxcd.io/docs/get-started/) guide. @@ -17,7 +17,7 @@ If you haven't already, please check out our [Introduction to Weave GitOps](../. ## Prerequisites Before you can install Weave GitOps Open Source, you will need: -- A [GitHub][github] account and [personal access token with repo permissions](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) +- An account with a Git provider like GitHub or GitLab, along with a personal access token with repo permissions; if you're using GitHub, for example, [go here](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) - Your Git client configured properly (if using GitHub, for example, then review their docs on [setting your username](https://docs.github.com/en/get-started/getting-started-with-git/setting-your-username-in-git#setting-your-git-username-for-every-repository-on-your-computer) and [your email address](https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address#setting-your-email-address-for-every-repository-on-your-computer)) @@ -176,7 +176,7 @@ Run the following command, which will create a `HelmRepository` and `HelmRelease This command stores a hash of a password. This is relatively safe for demo and testing purposes, but we strongly recommend using a more secure method of storing secrets (such as [Flux's SOPS integration][sops]) for production systems. -Our docs on [securing access to the dashboard][dash-access] provide additional guidance and alternative login methods. +Our docs on [installing Weave GitOps Enterprise](../../enterprise/getting-started/install-enterprise.mdx) provide additional guidance and alternative login methods. ::: You will use the password you've just created when you've finished Weave GitOps Open Source installation and are ready to login to the dashboard UI. @@ -218,13 +218,11 @@ Find the full Chart reference [here](../../references/helm-reference.md). Now let's [explore the Weave GitOps Open Source UI](./ui-OSS.mdx). Then, we'll deploy an application. -[ee-install]: ../../enterprise/getting-started/install-enterprise.mdx [kind]: https://kind.sigs.k8s.io/docs/user/quick-start/ [github]: https://github.com [pat]: https://help.github.com/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line [kubectl]: https://kubernetes.io/docs/tasks/tools/#kubectl [fl-install]: https://fluxcd.io/docs/installation/ -[dash-access]: ../../configuration/securing-access-to-the-dashboard.mdx [sops]: https://fluxcd.io/docs/guides/mozilla-sops/ [helm-repo]: https://fluxcd.io/flux/components/source/helmrepositories/#writing-a-helmrepository-spec [helm-rel]: https://fluxcd.io/flux/components/helm/helmreleases/ From fb709fe9921b042725f0ed5c7480f2453a6932ee Mon Sep 17 00:00:00 2001 From: Lauri Date: Mon, 7 Aug 2023 11:12:35 +0200 Subject: [PATCH 04/22] Fix link --- website/versioned_docs/version-0.29.0/guides/cert-manager.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/versioned_docs/version-0.29.0/guides/cert-manager.md b/website/versioned_docs/version-0.29.0/guides/cert-manager.md index 40aa760de3..3317b926a6 100644 --- a/website/versioned_docs/version-0.29.0/guides/cert-manager.md +++ b/website/versioned_docs/version-0.29.0/guides/cert-manager.md @@ -103,4 +103,4 @@ spec: Once this `ClusterIssuer` resource is installed, the cluster is now configured to request and use certificates generated by cert-manager. -This could be manually requested through the creation of a [Certificate resource](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources) or configured to be automatic, as shown in our [Configuring OIDC with Dex and GitHub](./setting-up-dex.md) guide. +This could be manually requested through the creation of a [Certificate resource](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources) or configured to be automatic, as shown in our [WGE installation](../enterprise/getting-started/install-enterprise.mdx#securing-access-to-the-dashboard) guide. From 90fb97310696346dbbd949fba8bd17f924eb5da7 Mon Sep 17 00:00:00 2001 From: Lauri Date: Mon, 7 Aug 2023 11:12:44 +0200 Subject: [PATCH 05/22] Fix link --- website/docs/guides/cert-manager.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/guides/cert-manager.md b/website/docs/guides/cert-manager.md index 40aa760de3..521a0293a2 100644 --- a/website/docs/guides/cert-manager.md +++ b/website/docs/guides/cert-manager.md @@ -103,4 +103,4 @@ spec: Once this `ClusterIssuer` resource is installed, the cluster is now configured to request and use certificates generated by cert-manager. -This could be manually requested through the creation of a [Certificate resource](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources) or configured to be automatic, as shown in our [Configuring OIDC with Dex and GitHub](./setting-up-dex.md) guide. +This could be manually requested through the creation of a [Certificate resource](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources) or configured to be automatic, as shown in our [WGE installation](../enterprise/getting-started/install-enterprise.mdx#securing-access-to-the-dashboard)) guide. From fa6deec41c16941e9a5b429f0b8b182e310e3741 Mon Sep 17 00:00:00 2001 From: Lauri Date: Mon, 7 Aug 2023 11:13:38 +0200 Subject: [PATCH 06/22] Update sidebars.js with new pages --- website/sidebars.js | 34 ++++++---------------------------- 1 file changed, 6 insertions(+), 28 deletions(-) diff --git a/website/sidebars.js b/website/sidebars.js index e3434b12eb..7a189cf05f 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -42,8 +42,12 @@ 'enterprise/getting-started/install-enterprise', 'enterprise/getting-started/install-enterprise-airgap', 'enterprise/getting-started/releases-enterprise', - ], - }, + 'enterprise/getting-started/install-enterprise-azure', + 'enterprise/getting-started/join-cluster-azure-flux', + 'enterprise/getting-started/deploying-capa-eks', + 'enterprise/getting-started/management-cluster-setup-eks-capa', + ], + }, { type: 'link', label: 'Version Archives', @@ -51,29 +55,6 @@ }, ], }, - { - type: 'category', - label: 'Access Configuration', - items: [ - 'configuration/recommended-rbac-configuration', - { - type: 'category', - label: 'Securing Access to the Dashboard', - collapsed: false, - link: { - type: 'doc', - id:'configuration/securing-access-to-the-dashboard', - }, - items: [ - 'configuration/oidc-access', - 'configuration/emergency-user', - ], - }, - 'configuration/service-account-permissions', - 'configuration/user-permissions', - 'configuration/tls', - ], - }, { type: 'category', label: 'Cluster Management', @@ -83,7 +64,6 @@ }, items: [ 'cluster-management/managing-clusters-without-capi', - 'cluster-management/deploying-capa-eks', 'cluster-management/profiles', 'cluster-management/cluster-management-troubleshooting', { @@ -135,8 +115,6 @@ type: 'category', label: 'Guides', items: [ - 'guides/setting-up-dex', - 'guides/cert-manager', 'guides/displaying-custom-metadata', 'guides/fluxga-upgrade', ], From 4758a8f2130ea1c94017276481a65a4a5dc1058e Mon Sep 17 00:00:00 2001 From: Lauri Apple Date: Mon, 21 Aug 2023 14:47:46 +0200 Subject: [PATCH 07/22] Makes CAPZ installation optional --- .../install-enterprise-azure.mdx | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/website/docs/enterprise/getting-started/install-enterprise-azure.mdx b/website/docs/enterprise/getting-started/install-enterprise-azure.mdx index 57990583e8..ac936dbc4d 100644 --- a/website/docs/enterprise/getting-started/install-enterprise-azure.mdx +++ b/website/docs/enterprise/getting-started/install-enterprise-azure.mdx @@ -46,11 +46,11 @@ You'll get to a new screen, which at the top-right shows "Notifications" and wil The Kustomisations screen does not provide an option to inspect the path/target namespace—you have to supply the target Namespace in the Kustomization object. -## 2. Install CAPZ, the CAPI Provider +### Optional: Install CAPZ, the CAPI Provider -The installation wizard in the Azure Marketplace UI offers a checkbox where you can select to do this. +If you are planning to manage or connect CAPI clusters to the WE service make sure you first install the CAPI provider. Then during the WE installation process be sure to select the "Enable CAPI support" checkbox. -## 3. Apply the Entitlements Secret +## 2. Apply the Entitlements Secret Contact sales@weave.works for a valid entitlements secret. This will come in the form of a file “entitlements.yaml”. Apply it to the cluster: @@ -58,7 +58,7 @@ Contact sales@weave.works for a valid entitlements secret. This will come in the kubectl apply -f entitlements.yaml ``` -## 4. Configure Access for Writing to Git from the UI +## 3. Configure Access for Writing to Git from the UI *(This section is the same as what you'll find in the main WGE install documentation.)* @@ -181,8 +181,7 @@ WGE is now configured to ask users for authorization the next time a pull reques - -## 5. Configure Your Password +## 4. Configure Your Password First, install the Weave GitOps Enterprise CLI tool. To do this, you can use either brew or curl. @@ -219,7 +218,7 @@ A validation to know it’s working: kubectl get secret -n flux-system cluster-user-auth ``` -## 6. Install Weave GitOps Enterprise to Your Cluster +## 5. Install Weave GitOps Enterprise to Your Cluster First, you'll get taken to the Weaveworks portal on the Azure platform, which provides your subscription details. @@ -227,7 +226,7 @@ Search for Weave GitOps. Pick "View private products" and choose WGE. Fill out t If you've not yet installed cert-manager, your deployment will fail. You will have cert-manager if you installed CAPI already. If you've not installed CAPI, install cert-manager using Helm and kubectl. -## 7. Apply Extra Configuration +## 6. Apply Extra Configuration Additional configuration is done through an optional ConfigMap: @@ -267,10 +266,10 @@ kubectl -n flux-system rollout restart deploy/weave-gitops-enterprise-mccp-clust | `OIDC_CLAIM_GROUPS` | `"groups"` | JWT claim to use as the user's group. If the claim is present it must be an array of strings | | `CUSTOM_OIDC_SCOPES` | `"groups, openid, email, profile"` | Customise the requested scopes for then OIDC authentication flow - openid will always be requested | -## 8. Check That It Works +## 7. Check That It Works Go to the "services and ingresses" tab in the Azure portal and look for signs that the UI installed. ## Next Steps -From this point, you can follow our generalized WGE installation instructions to [configure TLS](./install-enterprise.mdx#tls-configuration) and log into the UI. Installing the Azure Marketplace product installs the Helm chart. \ No newline at end of file +From this point, you can follow our generalized WGE installation instructions to [configure TLS](./install-enterprise.mdx#tls-configuration) and log into the UI. Installing the Azure Marketplace product installs the Helm chart. From 386f739450638217a4ae7d8f2130f7f5878dcf86 Mon Sep 17 00:00:00 2001 From: Lauri Apple Date: Mon, 21 Aug 2023 14:51:27 +0200 Subject: [PATCH 08/22] Removes cert-manager reference --- .../enterprise/getting-started/install-enterprise-azure.mdx | 2 -- 1 file changed, 2 deletions(-) diff --git a/website/docs/enterprise/getting-started/install-enterprise-azure.mdx b/website/docs/enterprise/getting-started/install-enterprise-azure.mdx index ac936dbc4d..3fca9c7221 100644 --- a/website/docs/enterprise/getting-started/install-enterprise-azure.mdx +++ b/website/docs/enterprise/getting-started/install-enterprise-azure.mdx @@ -224,8 +224,6 @@ First, you'll get taken to the Weaveworks portal on the Azure platform, which pr Search for Weave GitOps. Pick "View private products" and choose WGE. Fill out the forms, selecting your cluster, then choose "Review and Create". -If you've not yet installed cert-manager, your deployment will fail. You will have cert-manager if you installed CAPI already. If you've not installed CAPI, install cert-manager using Helm and kubectl. - ## 6. Apply Extra Configuration Additional configuration is done through an optional ConfigMap: From 586c69fd1a628638ded3ff8f8552ab820a7a77c7 Mon Sep 17 00:00:00 2001 From: Lauri Apple Date: Mon, 21 Aug 2023 15:26:22 +0200 Subject: [PATCH 09/22] Reframes Lines 26-29 --- .../enterprise/getting-started/install-enterprise-azure.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/enterprise/getting-started/install-enterprise-azure.mdx b/website/docs/enterprise/getting-started/install-enterprise-azure.mdx index 3fca9c7221..e1900a72bd 100644 --- a/website/docs/enterprise/getting-started/install-enterprise-azure.mdx +++ b/website/docs/enterprise/getting-started/install-enterprise-azure.mdx @@ -22,7 +22,7 @@ Add the config name, namespace (default), scope: cluster, type (Flux v2), and co All of the displayed properties for the Flux objects screen are the same as what you'd supply to Flux bootstrap. -Click "Next", then add: +WGE won't install if the Flux auto-installation fails. If that happens, click "Next" and add: - Source Kind: Git repository - Repository URL: [your repository URL here] - Reference Type: Branch From 43f1bc76e45bc4e379c25eefa11b25ef10db205f Mon Sep 17 00:00:00 2001 From: Lauri Apple Date: Tue, 22 Aug 2023 09:25:51 +0200 Subject: [PATCH 10/22] Adds Troubleshooting section --- .../install-enterprise-azure.mdx | 52 ++++++++++--------- 1 file changed, 28 insertions(+), 24 deletions(-) diff --git a/website/docs/enterprise/getting-started/install-enterprise-azure.mdx b/website/docs/enterprise/getting-started/install-enterprise-azure.mdx index e1900a72bd..92f27efa73 100644 --- a/website/docs/enterprise/getting-started/install-enterprise-azure.mdx +++ b/website/docs/enterprise/getting-started/install-enterprise-azure.mdx @@ -22,30 +22,6 @@ Add the config name, namespace (default), scope: cluster, type (Flux v2), and co All of the displayed properties for the Flux objects screen are the same as what you'd supply to Flux bootstrap. -WGE won't install if the Flux auto-installation fails. If that happens, click "Next" and add: -- Source Kind: Git repository -- Repository URL: [your repository URL here] -- Reference Type: Branch -- Repository Type: Private - -And under the "Authentication" section: -- Authentication Source: Provide Authentication here -- SSH Key Authentication: Let the operator generate SSH Keys -- HTTPS User: YOUR_GITHUB_USERNAME -- HTTPS Key: YOUR_GITHUB_USER_PAT (Get one at [this link](https://github.com/settings/tokens). It's not the most secure method, but the easiest to get going.) - -Click "Next". You'll see an option to create a Kustomisation, which is optional. To create one: -- Click Create -- Instance name: flux-system -- Path: clusters/default/demo3-azure-flux -- Prune: Ticked - -Click "Save". Then clicking "Next", which will give you a summary so you can review your input. Then click "Create". It will take about five minutes to deploy. - -You'll get to a new screen, which at the top-right shows "Notifications" and will display creation of the Flux configuration. When your deployment succeeds, go to the resource and pin to your dashboard. Then go to your terminal to see if it works in kubectl. In the terminal you'll get the GitRepository and Kustomizations. You should then get a green "succeeded" checkmark. - -The Kustomisations screen does not provide an option to inspect the path/target namespace—you have to supply the target Namespace in the Kustomization object. - ### Optional: Install CAPZ, the CAPI Provider If you are planning to manage or connect CAPI clusters to the WE service make sure you first install the CAPI provider. Then during the WE installation process be sure to select the "Enable CAPI support" checkbox. @@ -268,6 +244,34 @@ kubectl -n flux-system rollout restart deploy/weave-gitops-enterprise-mccp-clust Go to the "services and ingresses" tab in the Azure portal and look for signs that the UI installed. +## Troubleshooting + +WGE will try and automatically install Flux on a new cluster. If this fails for some reason, or if you need a custom Flux installation, you can manually install it before installing WGE. + +Click "Next" and add: +- Source Kind: Git repository +- Repository URL: [your repository URL here] +- Reference Type: Branch +- Repository Type: Private + +And under the "Authentication" section: +- Authentication Source: Provide Authentication here +- SSH Key Authentication: Let the operator generate SSH Keys +- HTTPS User: YOUR_GITHUB_USERNAME +- HTTPS Key: YOUR_GITHUB_USER_PAT (Get one at [this link](https://github.com/settings/tokens). It's not the most secure method, but the easiest to get going.) + +Click "Next". You'll see an option to create a Kustomisation, which is optional. To create one: +- Click Create +- Instance name: flux-system +- Path: clusters/default/demo3-azure-flux +- Prune: Ticked + +Click "Save". Then clicking "Next", which will give you a summary so you can review your input. Then click "Create". It will take about five minutes to deploy. + +You'll get to a new screen, which at the top-right shows "Notifications" and will display creation of the Flux configuration. When your deployment succeeds, go to the resource and pin to your dashboard. Then go to your terminal to see if it works in kubectl. In the terminal you'll get the GitRepository and Kustomizations. You should then get a green "succeeded" checkmark. + +The Kustomisations screen does not provide an option to inspect the path/target namespace—you have to supply the target Namespace in the Kustomization object. + ## Next Steps From this point, you can follow our generalized WGE installation instructions to [configure TLS](./install-enterprise.mdx#tls-configuration) and log into the UI. Installing the Azure Marketplace product installs the Helm chart. From 7c623ab2e8323b9f927a01e629e029ca12f492cd Mon Sep 17 00:00:00 2001 From: Lauri Apple Date: Tue, 22 Aug 2023 10:42:34 +0200 Subject: [PATCH 11/22] Adds ARC cluster reference to docs --- .../enterprise/getting-started/install-enterprise-azure.mdx | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/website/docs/enterprise/getting-started/install-enterprise-azure.mdx b/website/docs/enterprise/getting-started/install-enterprise-azure.mdx index 92f27efa73..18fed692c8 100644 --- a/website/docs/enterprise/getting-started/install-enterprise-azure.mdx +++ b/website/docs/enterprise/getting-started/install-enterprise-azure.mdx @@ -7,7 +7,11 @@ import TierLabel from "../_components/TierLabel"; # Azure and Weave GitOps Enterprise Installation -Once you successfully create your Kuberbetes cluster in Azure Marketplace, follow these steps to Install Weave GitOps Enterprise. +Once you successfully create your Kuberbetes cluster in Azure Marketplace, follow these steps to Install Weave GitOps Enterprise. These instructions apply to both Azure AKS and Azure ARC clusters—they'll behave in the same way. + +:::tip +If you have already installed [Flux](https://fluxcd.io/flux/cmd/), then Azure Flux will refuse to install. +::: ## 1. Choose the “GitOps” option in the Marketplace From bffe5a8af04709d7e4d7153357de6a5cff38aa09 Mon Sep 17 00:00:00 2001 From: Lauri Apple Date: Tue, 22 Aug 2023 10:44:38 +0200 Subject: [PATCH 12/22] Adds reference to ARC clusters --- .../getting-started/join-cluster-azure-flux.mdx | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/website/docs/enterprise/getting-started/join-cluster-azure-flux.mdx b/website/docs/enterprise/getting-started/join-cluster-azure-flux.mdx index 0d63d80b7d..4a51f2667b 100644 --- a/website/docs/enterprise/getting-started/join-cluster-azure-flux.mdx +++ b/website/docs/enterprise/getting-started/join-cluster-azure-flux.mdx @@ -9,13 +9,15 @@ import TierLabel from "../../_components/TierLabel"; ## Prerequisites -See our [guide to installing Weave GitOps Enterprise on AKS](install-enterprise-azure.mdx) +See also our [guide to installing Weave GitOps Enterprise on Azure](install-enterprise-azure.mdx): - An Azure cluster deployed with either the Azure Portal or Azure CLI tools. - Azure Flux add-on deployed by adding a GitOps configuration, either via the Azure Portal or the CLI tool. +Note that this documentation applies to both Azure AKS and Azure ARC clusters. + ## Initial Status -The AKS cluster already has the Azure Flux add-on installed. This differs from [CNCF Flux](https://fluxcd.io/) in that there are two additional controllers: +The Azure cluster already has the Azure Flux add-on installed. This differs from [CNCF Flux](https://fluxcd.io/) in that there are two additional controllers: - fluxconfig-agent - fluxconfig-controller @@ -201,4 +203,4 @@ Either way, it is typical that Terraform-deployed clusters do not run the Flux b ### With Crossplane -The Azure Flux add-on is supported under [Crossplane](https://www.crossplane.io/)-deployed AKS clusters. Any clusters deployed with Crossplane that have the Azure Flux add-on enabled would also be added to WGE without running the bootstrap process. +The Azure Flux add-on is supported under [Crossplane](https://www.crossplane.io/)-deployed Azure clusters. Any clusters deployed with Crossplane that have the Azure Flux add-on enabled would also be added to WGE without running the bootstrap process. From 0b23d11a98dbd3aafa2ae506697eaebf2bbbf336 Mon Sep 17 00:00:00 2001 From: Lauri Apple Date: Wed, 23 Aug 2023 11:34:09 +0200 Subject: [PATCH 13/22] Updates sidebars.js to fix failure --- website/sidebars.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/sidebars.js b/website/sidebars.js index 8ceed14160..39ccd096a4 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -44,8 +44,6 @@ 'enterprise/getting-started/releases-enterprise', 'enterprise/getting-started/install-enterprise-azure', 'enterprise/getting-started/join-cluster-azure-flux', - 'enterprise/getting-started/deploying-capa-eks', - 'enterprise/getting-started/management-cluster-setup-eks-capa', ], }, { @@ -71,7 +69,9 @@ }, items: [ 'cluster-management/managing-clusters-without-capi', + 'cluster-management/deploying-capa-eks', 'cluster-management/profiles', + 'cluster-management/management-cluster-setup-eks-capa', 'cluster-management/cluster-management-troubleshooting', { type: 'category', From 7b3f0f4b91acfde4c47f10d913ffb26bad3b27e2 Mon Sep 17 00:00:00 2001 From: Lauri Apple Date: Wed, 23 Aug 2023 11:44:56 +0200 Subject: [PATCH 14/22] Updates sidebars.js to resolve failure --- website/sidebars.js | 1 - 1 file changed, 1 deletion(-) diff --git a/website/sidebars.js b/website/sidebars.js index 39ccd096a4..a020f2dbe4 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -71,7 +71,6 @@ 'cluster-management/managing-clusters-without-capi', 'cluster-management/deploying-capa-eks', 'cluster-management/profiles', - 'cluster-management/management-cluster-setup-eks-capa', 'cluster-management/cluster-management-troubleshooting', { type: 'category', From e91f4da521a992abba25eeb6fbdbe2d6e6a44397 Mon Sep 17 00:00:00 2001 From: Lauri Apple Date: Wed, 23 Aug 2023 12:15:13 +0200 Subject: [PATCH 15/22] Adjusts component ref in line 6 --- .../docs/enterprise/getting-started/join-cluster-azure-flux.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/enterprise/getting-started/join-cluster-azure-flux.mdx b/website/docs/enterprise/getting-started/join-cluster-azure-flux.mdx index 4a51f2667b..3fa20e385b 100644 --- a/website/docs/enterprise/getting-started/join-cluster-azure-flux.mdx +++ b/website/docs/enterprise/getting-started/join-cluster-azure-flux.mdx @@ -3,7 +3,7 @@ title: Join a Cluster with Azure Flux hide_title: true --- -import TierLabel from "../../_components/TierLabel"; +import TierLabel from "@site/docs/_components/TierLabel"; # Joining a Cluster with Azure Flux From 382071cdecf0ec7cee8c65df59f2590f5b9756fd Mon Sep 17 00:00:00 2001 From: Lauri Apple Date: Wed, 23 Aug 2023 13:31:46 +0200 Subject: [PATCH 16/22] Adjusts component reference to resolve failure --- .../enterprise/getting-started/install-enterprise-azure.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/enterprise/getting-started/install-enterprise-azure.mdx b/website/docs/enterprise/getting-started/install-enterprise-azure.mdx index 18fed692c8..b4dcc624dd 100644 --- a/website/docs/enterprise/getting-started/install-enterprise-azure.mdx +++ b/website/docs/enterprise/getting-started/install-enterprise-azure.mdx @@ -3,7 +3,7 @@ title: Azure and Weave GitOps Enterprise Installation hide_title: true --- -import TierLabel from "../_components/TierLabel"; +import TierLabel from "@site/docs/_components/TierLabel"; # Azure and Weave GitOps Enterprise Installation From 6c01a2c7d93addbde7ac0b2e675b82d9837d952d Mon Sep 17 00:00:00 2001 From: Lauri Apple Date: Wed, 23 Aug 2023 13:57:22 +0200 Subject: [PATCH 17/22] adds return to line 74 --- .../docs/enterprise/getting-started/join-cluster-azure-flux.mdx | 1 + 1 file changed, 1 insertion(+) diff --git a/website/docs/enterprise/getting-started/join-cluster-azure-flux.mdx b/website/docs/enterprise/getting-started/join-cluster-azure-flux.mdx index 3fa20e385b..cc0b255f41 100644 --- a/website/docs/enterprise/getting-started/join-cluster-azure-flux.mdx +++ b/website/docs/enterprise/getting-started/join-cluster-azure-flux.mdx @@ -71,6 +71,7 @@ metadata: annotations: kubernetes.io/service-account.name: "wgesa" ``` +
2. Create a roles file: From 64925b44dddeb4e9b5dabeb33455353d09417e32 Mon Sep 17 00:00:00 2001 From: Lauri Apple Date: Wed, 23 Aug 2023 15:05:15 +0200 Subject: [PATCH 18/22] Adding spaces to overcome test fail --- .../enterprise/getting-started/join-cluster-azure-flux.mdx | 3 +++ 1 file changed, 3 insertions(+) diff --git a/website/docs/enterprise/getting-started/join-cluster-azure-flux.mdx b/website/docs/enterprise/getting-started/join-cluster-azure-flux.mdx index cc0b255f41..1eb7b53122 100644 --- a/website/docs/enterprise/getting-started/join-cluster-azure-flux.mdx +++ b/website/docs/enterprise/getting-started/join-cluster-azure-flux.mdx @@ -55,6 +55,7 @@ If you already have Flux running, you can create the service account in your fle 1. Create a service account file:
Expand to see role manifests + ```yaml apiVersion: v1 kind: ServiceAccount @@ -76,6 +77,7 @@ metadata: 2. Create a roles file:
Expand to see role manifests + ```yaml --- apiVersion: rbac.authorization.k8s.io/v1 @@ -103,6 +105,7 @@ rules: resources: ["namespaces"] verbs: ["get", "list"] ``` +
3. Commit to your fleet repo to sync. From f24661188b6e0959739677e8e87eff8bbe8073bc Mon Sep 17 00:00:00 2001 From: Lauri Apple Date: Wed, 23 Aug 2023 17:47:42 +0200 Subject: [PATCH 19/22] Added another space in line 184 --- .../docs/enterprise/getting-started/join-cluster-azure-flux.mdx | 1 + 1 file changed, 1 insertion(+) diff --git a/website/docs/enterprise/getting-started/join-cluster-azure-flux.mdx b/website/docs/enterprise/getting-started/join-cluster-azure-flux.mdx index 1eb7b53122..8071144539 100644 --- a/website/docs/enterprise/getting-started/join-cluster-azure-flux.mdx +++ b/website/docs/enterprise/getting-started/join-cluster-azure-flux.mdx @@ -181,6 +181,7 @@ Kubernetes 1.24+ [will not create secrets for Service Accounts for you](https:// kubectl create secret generic demo-01-kubeconfig \ --from-file=value=./demo-01-kubeconfig ``` + You can also take care of this step in WGE's [Secrets UI](https://docs.gitops.weave.works/docs/next/secrets/intro/), setting up a a secret in [SOPS](https://docs.gitops.weave.works/docs/next/secrets/setup-sops/) or [ESO](https://docs.gitops.weave.works/docs/next/secrets/setup-eso/). Flux CRDs are compatible with the Azure Flux Configuration CRDs. This means that there are no compatibility issues between WGE and Azure Flux. From 86e6a9c4c67de6d040ba16c8b8fb9f4ab703c69c Mon Sep 17 00:00:00 2001 From: Lauri Apple Date: Wed, 23 Aug 2023 18:07:04 +0200 Subject: [PATCH 20/22] Adjusts lines to overcome failing test --- .../getting-started/join-cluster-azure-flux.mdx | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/website/docs/enterprise/getting-started/join-cluster-azure-flux.mdx b/website/docs/enterprise/getting-started/join-cluster-azure-flux.mdx index 8071144539..a567f4e095 100644 --- a/website/docs/enterprise/getting-started/join-cluster-azure-flux.mdx +++ b/website/docs/enterprise/getting-started/join-cluster-azure-flux.mdx @@ -62,7 +62,9 @@ kind: ServiceAccount metadata: name: wgesa namespace: default ---- +``` + +``` apiVersion: v1 kind: Secret type: kubernetes.io/service-account-token @@ -76,10 +78,10 @@ metadata:
2. Create a roles file: +
Expand to see role manifests ```yaml ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -92,7 +94,9 @@ roleRef: kind: ClusterRole name: user-groups-impersonator apiGroup: rbac.authorization.k8s.io ---- +``` + +``` apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: From 87375e2244e0b63d875e4dad48e088362e6f0278 Mon Sep 17 00:00:00 2001 From: Lauri Apple Date: Wed, 23 Aug 2023 18:41:52 +0200 Subject: [PATCH 21/22] Includes reference to image --- .../enterprise/getting-started/install-enterprise-azure.mdx | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/website/docs/enterprise/getting-started/install-enterprise-azure.mdx b/website/docs/enterprise/getting-started/install-enterprise-azure.mdx index b4dcc624dd..758112cb51 100644 --- a/website/docs/enterprise/getting-started/install-enterprise-azure.mdx +++ b/website/docs/enterprise/getting-started/install-enterprise-azure.mdx @@ -4,10 +4,11 @@ hide_title: true --- import TierLabel from "@site/docs/_components/TierLabel"; +import oauthBitbucket from '/img/oauth-bitbucket.png'; # Azure and Weave GitOps Enterprise Installation -Once you successfully create your Kuberbetes cluster in Azure Marketplace, follow these steps to Install Weave GitOps Enterprise. These instructions apply to both Azure AKS and Azure ARC clusters—they'll behave in the same way. +Once you successfully create your Kubernetes cluster in Azure Marketplace, follow these steps to Install Weave GitOps Enterprise. These instructions apply to both Azure AKS and Azure ARC clusters—they'll behave in the same way. :::tip If you have already installed [Flux](https://fluxcd.io/flux/cmd/), then Azure Flux will refuse to install. @@ -46,7 +47,7 @@ Here we provide guidance for GitHub, GitLab, BitBucket Server, and Azure DevOps. -GitHub requires no additional configuration for OAuth git access +GitHub requires no additional configuration for OAuth Git access From 814cbcbc2fa6a4f95e318778986997e7d3aa36ee Mon Sep 17 00:00:00 2001 From: Lauri Apple Date: Wed, 23 Aug 2023 18:57:16 +0200 Subject: [PATCH 22/22] Includes other images from WGE install --- .../enterprise/getting-started/install-enterprise-azure.mdx | 2 ++ 1 file changed, 2 insertions(+) diff --git a/website/docs/enterprise/getting-started/install-enterprise-azure.mdx b/website/docs/enterprise/getting-started/install-enterprise-azure.mdx index 758112cb51..e0f7351bea 100644 --- a/website/docs/enterprise/getting-started/install-enterprise-azure.mdx +++ b/website/docs/enterprise/getting-started/install-enterprise-azure.mdx @@ -5,6 +5,8 @@ hide_title: true import TierLabel from "@site/docs/_components/TierLabel"; import oauthBitbucket from '/img/oauth-bitbucket.png'; +import oauthAzureDevOps from '/img/oauth-azure-devops.png'; +import oauthAzureDevOpsSuccess from '/img/oauth-azure-devops-success.png'; # Azure and Weave GitOps Enterprise Installation