docs: core.316 include.istio

docs/deployment/configuration/files.md

@@ -3,6 +3,8 @@ title: Configuration files
 sidebar_label: Configuration files
 description: Onepanel provider specific configuration files
 ---
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
 
 There are two files generated after running `opctl init --provider <provider>`:
 
@@ -18,6 +20,11 @@ It is highly recommended that you commit `params.yaml` file into a private repos
 ## Content of configuration file `params.yaml`
 :::important
 The template below is automatically generated when your run `opctl init` for your provider.
+
+This particular one was generated by running 
+```shell script
+opctl init --provider aks --enable-https --enable-cert-manager --dns-provider route53
+```
 :::
 
 ```yaml
@@ -28,14 +35,12 @@ The template below is automatically generated when your run `opctl init` for you
 application:
   # First namespace that will be created in Onepanel, more can be added later
   defaultNamespace: default
-  # Domain or IP where Onepanel is hosted
-  # Use an IP address if running local, use `minikube ip` or `multipass list` to get this IP
-  # In the cloud, use a first-level or multi-level subdomain like example.com or sub.example.com
-  domain: <ip-or-domain>
+  # Domain where Onepanel is hosted
+  # Use a first-level or multi-level subdomain like example.com or sub.example.com
+  domain: <domain>
   # The Fully Qualified Domain (FQDN) where Onepanel will be hosted.
-  # Use the same IP address as `domain` above if running local, use `minikube ip` or `multipass list` to get this IP
-  # In the cloud, if `domain` above is set to example.com or sub.example.com, then your FQDN could be: app.example.com or app.sub.example.com respectively
-  fqdn: <ip-or-fqdn>
+  # If `domain` above is set to example.com or sub.example.com, then your FQDN could be: app.example.com or app.sub.example.com respectively
+  fqdn: <fully-qualified-domain-name>
   # HTTP or HTTPS - Do not change, determined by `opctl init --enable-https`
   # CLI flag: --enable-https
   insecure: false
@@ -53,6 +58,9 @@ application:
       value: <value-1>
     - name: 'Use friendly name 2'
       value: <value-2>
+  # The kubernetes cluster where Onepanel will be deployed.
+  # Valid values: minikube, microk8s, aks, eks, gke
+  provider: aks
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 # Component: Artifact repository
 # Description: S3 compatible object storage for storing files across Onepanel
@@ -71,6 +79,8 @@ artifactRepository:
     endpoint: s3.amazonaws.com
     # Change to true if endpoint does NOT support HTTPS
     insecure: false
+    # Key Format for objects stored by Workflows. This can reference Workflow variables
+    keyFormat: artifacts/{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}
     # Bucket region
     region: us-west-2
     # S3 secret key
@@ -82,44 +92,16 @@ artifactRepository:
 # CLI flag: --enable-cert-manager
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 certManager:
-  # - - - - - - - - - - - - Select Only One DNS Provider - - - - - - - - - - - - -
-
-  # DNS Provider: AzureDNS
-  # Docs: https://onepanelio.github.io/core-docs/docs/deployment/configuration/tls#azuredns
-  # CLI flag: --dns-provider=azuredns
-  azuredns:
-    clientId: <service-provider-app-id>
-    spPassword: <service-provider-password>
-    subscriptionId: <azure-subscription-id>
-    tenantId: <tenant-id>
-    resourceGroupName: <resource-group-name>
-    hostedZoneName: <hosted-zone-name>
-    environment: AzurePublicCloud
-  # DNS Provider: Google CloudDNS
-  # Docs: https://onepanelio.github.io/core-docs/docs/deployment/configuration/tls#google-clouddns
-  # CLI flag: --dns-provider=clouddns
-  clouddns:
-    projectId: <project-id>
-    serviceAccountKey: <key.json-file-data>
-  # DNS Provider: Cloudflare
-  # Docs: https://onepanelio.github.io/core-docs/docs/deployment/configuration/tls#cloudflare
-  # CLI flag: --dns-provider=cloudflare
-  cloudflare:
-    apiToken: <api-token>
-    email: <email>
+  # Enter certificate admin email
+  # Example: admin@example.com
+  email: <cert-admin-email>
   # DNS Provider: Amazon Route53
   # Docs: https://onepanelio.github.io/core-docs/docs/deployment/configuration/tls#route53
   # CLI flag: --dns-provider=route53
   route53:
-    region: <aws-region>
     access_key: <aws-access-key>
+    region: <aws-region>
     secret_key: <aws-secret-key>
-
-  # - - - - - - - - - - - - - End DNS Provider Selection - - - - - - - - - - - - - -
-
-  # Enter certificate admin email
-  # Example: admin@example.com
-  email: <cert-admin-email>
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 # Component: Database
 # Description: Database connection information
@@ -143,16 +125,6 @@ database:
   # If using an external production database, use the username for that database.
   # For in-cluster test database, use any username you like.
   username: <username>
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Component: Application and system logging
-# Description: ElasticSearch, Fluentd and Kibana (EFK) logging
-# CLI flag: --enable-efk-logging
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-logging:
-  # ElasticSearch container image
-  image: docker.elastic.co/elasticsearch/elasticsearch:7.6.0
-  # Volume size for EFK logging
-  volumeStorage: 100Gi
 ```
 
 ## Sections
@@ -161,16 +133,24 @@ What follows is a more detailed description of each section of the `params.yaml`
 ### application
 This is where you set the basic application configuration. 
 
-Below are the sections you will need to adjust.
+The `insecure` field is set to `true` by default and will be set to `false` if you add the `--enable-https` when running `opctl init`.
 
 #### defaultNamespace
 This is the first [Namespace](/docs/getting-started/concepts/namespaces) you want created. This could be a project name or a team name. It is set to `default` by default but we recommend you use something more meaningful.
 
 #### domain
 This is the domain for your Onepanel resources. Some resources like Workspaces create subdomains of this domain so they can be accessed by a browser. This can be a top level domain like `example.com` or a subdomain `sub.example.com`.
 
+:::important
+Domains, not ip addresses, are required with Istio.
+:::
+
 #### fqdn
-This is where Onepanel UI and API will be deployed. This should be a subdomain of the `domain` field mentioned above. Example: `app.example.com` or `app.sub.example.com`.
+This is where Onepanel UI and API will be deployed. This should be a subdomain of the `domain` field mentioned above. For example: `app.example.com` or `app.sub.example.com`.
+
+:::important
+Domains, not ip addresses, are required with Istio.
+:::
 
 #### insecure
 The `insecure` field is set to `true` by default and will be set to `false` if you add the `--enable-https` when running `opctl init`.
@@ -186,6 +166,17 @@ You can see all labels on your nodes by running:
 kubectl get nodes --show-labels
 ```
 
+:::note
+For minikube, you can use this configuration.
+```yaml
+nodePool:
+  label: minikube.k8s.io/minikube
+  options:
+  - name: 'Minikube'
+    value: minikube
+```
+:::
+
 Note that this lists many different labels, so you can pick and choose any label key/value that is unique to that node.
 
 For example after running the `kubectl` command above, you may get the following list of labels:
@@ -262,11 +253,101 @@ database:
 For a production environment, use a managed database service and set the configuration accordingly.
 :::
 
+### metalLB
+This is to configure a load balancer for local or bare-metal deployments.
+
+Example:
+```yaml
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Component: Application and kubernetes load balancing on non-cloud deployments.
+# Description: MetalLB, LoadBalancer
+# CLI flag: --enable-metallb
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+metalLb:
+  addresses:
+  - 10.1.31.1/24
+```
+
+Getting the address range
+<Tabs
+  defaultValue="minikube"
+  values={[
+    { label: 'Minikube', value: 'minikube', },
+    { label: 'Microk8s', value: 'microk8s', },
+  ]
+}>
+<TabItem value="minikube">
+
+First, find minikube's ip.
+
+```shell script
+minikube ip
+```
+
+For the first part of the range, use `minikube ip + 1`
+
+So if `minikube ip` gives us `192.168.64.64`
+
+We use `192.168.64.65`
+
+For the second part of the range, change the last part to `255`
+
+So we can use a range of `192.168.64.65` to `192.168.64.255`
+
+```yaml
+metalLb:
+  addresses:
+  - 192.168.64.65-192.168.64.255
+```
+</TabItem>
+
+<TabItem value="microk8s">
+
+Get inside the VM of multipass.
+
+```shell script
+multipass shell microk8s-vm
+```
+
+```shell script
+ifconfig -a
+```
+
+You'll get something like this
+```shell script
+cni0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
+        inet 10.1.31.1  netmask 255.255.255.0  broadcast 0.0.0.0
+        inet6 fe80::58ce:8dff:fe5e:2be5  prefixlen 64  scopeid 0x20<link>
+        ether 5a:ce:8d:5e:2b:e5  txqueuelen 1000  (Ethernet)
+        RX packets 37251  bytes 4363323 (4.3 MB)
+        RX errors 0  dropped 0  overruns 0  frame 0
+        TX packets 38095  bytes 9152263 (9.1 MB)
+        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
+[...Other output...]
+```
+
+We want CNI because it's the Container Network Interface.
+
+In our case, we have `10.1.31.1`
+
+So we can use `10.1.31.0/24` for a range of `10.1.31.0` to `10.1.31.255`
+
+```yaml
+metalLb:
+  addresses:
+  - 10.1.31.1/24
+# or
+# - 10.1.31.0 - 10.1.31.255
+```
+
+</TabItem>
+</Tabs>
+
 ### workflowEngine
 #### containerRuntimeExecutor
 The executor workflow engine uses to perform certain actions like monitoring pod logs, collecting artifacts, managing container lifecycles, etc.
 
 The possible values are `docker` and `pns`:
 
 - `docker` is more reliable, however it mounts the `docker.sock` of the host makes it less secure.
-- `pns` is more secure, however in some versions of Kubernetes, it tends to fail on tasks that take less than 15 seconds.
+- `pns` is more secure, however in some versions of Kubernetes, it tends to fail on tasks that take less than 15 seconds.

docs/deployment/overview.md

@@ -13,11 +13,12 @@ You can install Onepanel on:
 
 Follow these guides to install Onepanel in public cloud.
 
-- To install on Azure Kubernetes Engine (AKS) follow [AKS installation guide](/docs/deployment/public/aks)
-- To install on Google Kubernetes Engine (GKE) follow [GKE installation guide](/docs/deployment/public/gke)
-- To install on Elastic Kubernetes Service (EKS) follow [EKS installation guide](/docs/deployment/public/eks)
+- To deploy on Azure Kubernetes Engine (AKS) follow [AKS deployment guide](/docs/deployment/public/aks)
+- To deploy on Google Kubernetes Engine (GKE) follow [GKE deployment guide](/docs/deployment/public/gke)
+- To deploy on Elastic Kubernetes Service (EKS) follow [EKS deployment guide](/docs/deployment/public/eks)
 
 ## Installing on a single-node cluster
 
-Coming soon
+- To deploy on Minikube follow [Minikube deployment guide](/docs/deployment/single-node/minikube)
+- To deploy on MicroK8s follow [MicroK8s deployment guide](/docs/deployment/single-node/microk8s)