You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The `values-secret.yaml` file is placed in your home directory so that it does not get pushed to your git repository. It is based on the `values-secrets.yaml.template` file provided by the pattern in the top level directory. When you create your own patterns you will add your secrets to this file and save. At the moment the focus is on getting started abd familiar with this base Multicloud GitOps pattern.
120
+
Putting the `values-secret.yaml` in your home directory ensures that it does not get pushed to your git repository. It is based on the `values-secrets.yaml.template` file provided by the pattern in the top level directory. When you create your own patterns you will add your secrets to this file and save. At the moment the focus is on getting started and familiar with this base Multicloud GitOps pattern.
121
121
====
122
122
123
123
. Create a new feature branch, for example `my-branch` from the `main` branch for your content:
@@ -127,28 +127,23 @@ The `values-secret.yaml` file is placed in your home directory so that it does n
127
127
$ git checkout -b my-branch main
128
128
----
129
129
130
-
. Push your local branch named `my-branch` to the remote repository specified by origin by running the following command:
130
+
. Create a local branch and push it to origin to gain the flexibility needed to customize the base Multicloud GitOps by running the following command:
131
131
+
132
132
[source,terminal]
133
133
----
134
134
$ git push origin my-branch
135
135
----
136
-
+
137
-
[NOTE]
138
-
====
139
-
The idea of creating a local branch and pushing this to origin allows you scope to customize the base Multicloud GitOps.
140
-
====
141
136
142
137
You can proceed to install the Multicloud GitOps pattern by using the web console or from command line by using the script `./pattern.sh` script.
143
138
144
-
To install the Multicloud GitOps pattern by using the the web console you must first install the Validated Patterns Operator. The Validated Patterns Operator installs and manages Validated Patterns.
139
+
To install the Multicloud GitOps pattern by using the web console you must first install the Validated Patterns Operator. The Validated Patterns Operator installs and manages Validated Patterns.
== Installing the {validated-patterns-op} using the web console
149
144
150
145
.Prerequisites
151
-
* Access to an {ocp} cluster using an account with `cluster-admin` permissions.
146
+
* Access to an {ocp} cluster by using an account with `cluster-admin` permissions.
152
147
153
148
.Procedure
154
149
@@ -202,7 +197,7 @@ The {validated-patterns-op} is successfully installed in the relevant namespace.
202
197
. Under the *Details* tab, in the *Provided APIs* section, in the
203
198
*Pattern* box, click *Create instance* that displays the *Create Pattern* page.
204
199
205
-
. On the the *Create Pattern* page, select *Form view* and enter information in the following fields:
200
+
. On the *Create Pattern* page, select *Form view* and enter information in the following fields:
206
201
207
202
** *Name* - A name for the pattern deployment that is used in the projects that you created.
208
203
** *Labels* - Apply any other labels you might need for deploying this pattern.
@@ -217,12 +212,12 @@ To know the cluster group name for the patterns that you want to deploy, check t
217
212
+
218
213
[NOTE]
219
214
====
220
-
A popup may throw up an error `"Oh no! Something went wrong`. It is safe to ignore this as the install of the Multicloud GitOps pattern appears unaffected. Watch the ArgoCD instances from the *Hub ArgoCD* UI in the nines menu. They will report progressing/healthy etc. on each of the apps they manage. The *Cluster Argo CD* will have the detailed status on each of the apps defined as such in the clustergroup values file.
215
+
A pop-up error with the message "Oh no! Something went wrong." might appear during the process. This error can be safely disregarded as it does not impact the installation of the Multicloud GitOps pattern. Use the Hub ArgoCD UI, accessible through the nines menu, to check the status of ArgoCD instances, which will display states such as progressing, healthy, and so on, for each managed application. The Cluster ArgoCD provides detailed status on each application, as defined in the clustergroup values file.
221
216
====
222
217
223
218
The {rh-gitops} Operator displays in list of *Installed Operators*. The {rh-gitops} Operator installs the remaining assets and artifacts for this pattern. To view the installation of these assets and artifacts, such as {rh-rhacm-first}, ensure that you switch to *Project:All Projects*.
224
219
225
-
The `config-demo` project when viewed through the *Hub ArgoCD* UI from the nines menu is stuck in a `Degraded` state. This is the expected behavior when installing using the OpenShift Container Platform console.
220
+
When viewing the `config-demo` project through the Hub `ArgoCD` UI from the nines menu, it appears stuck in a Degraded state. This is the expected behavior when installing using the OpenShift Container Platform console.
226
221
227
222
* To resolve this you need to run the following to load the secrets into the vault:
As part of installing by using the script `pattern.sh` pattern, HashiCorp Vault is installed. Running `./pattern.sh make install` also calls the `load-secrets` makefile target. This `load-secrets` target looks for a yaml file describing the secrets to be loaded into vault and in case it cannot find one it will use the `values-secret.yaml.template` file in the git repo to try and generate random secrets.
276
+
As part of installing by using the script `pattern.sh` pattern, HashiCorp Vault is installed. Running `./pattern.sh make install` also calls the `load-secrets` makefile target. This `load-secrets` target looks for a YAML file describing the secrets to be loaded into vault and in case it cannot find one it will use the `values-secret.yaml.template` file in the git repository to try to generate random secrets.
282
277
283
278
For more information, see section on https://validatedpatterns.io/secrets/vault/[Vault].
284
279
@@ -290,7 +285,7 @@ Verify that the *hello-world* application deployed successfully as follows:
290
285
291
286
. From the *Project:* drop down select the *hello-world* project.
292
287
293
-
. Click on the *Location URL*. This should reveal the following:
288
+
. Click the *Location URL*. This should reveal the following:
294
289
+
295
290
[source,terminal]
296
291
----
@@ -306,7 +301,7 @@ Verify that the *config-demo* application deployed successfully as follows:
306
301
307
302
. Select the *config-demo* *Project*.
308
303
309
-
. Click on the *Location URL*. This should reveal the following:
304
+
. Click the *Location URL*. This should reveal the following:
Secrets refer to any piece of sensitive information that should not be exposed publicly or handled insecurely. This can include passwords, private keys, certificates (particularly the private parts), database connection strings, and other confidential data.
17
+
Sensitive information referred to as secrets should not be exposed publicly or handled insecurely. This can include passwords, private keys, certificates (particularly the private parts), database connection strings, and other confidential data.
18
18
19
19
A simple way to think of secrets is as anything that security teams or responsible system administrators would ensure stays protected and not published in a public space.
20
20
21
-
Secrets are crucial for the functioning of applications for example database passwords or cache keys. Without access to these secrets, applications may fail or operate in a significantly impaired manner.
21
+
Secrets are crucial for the functioning of applications for example database passwords or cache keys. Without access to these secrets, applications might fail or operate in a significantly impaired manner.
22
22
23
23
Secrets often vary between different deployments of the same application for example separate load balancer certificates for different instances. Using the same secret across multiple deployments is generally discouraged as it increases the risk of exposure
24
24
25
25
Applications often need secrets to run correctly, making them indispensable. Removing or mishandling secrets can disrupt operations.
26
26
27
27
== How Validated Patterns implements secrets management
28
28
29
-
Validated Patterns supports the tokenization approach for secret management. Tokenization involves keeping actual secret values out of version control (for example git) by using tokens or references that can pull secrets from secure storage during runtime. The real secrets are pulled from an external storage system at runtime.
29
+
Validated Patterns supports the tokenization approach for secret management. Tokenization involves keeping actual secret values out of version control (for example git) by using tokens or references that can pull secrets from secure storage during runtime. An external storage system pulls the real secrets at runtime.
30
30
31
31
This approach requires integration with external secret management systems some examples of which are HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, and CyberArk's Conjur.
32
32
@@ -40,7 +40,7 @@ ESO
40
40
41
41
[NOTE]
42
42
====
43
-
As of December 12, 2023, ESO is not officially supported by Red Hat as a product.
43
+
As of November 15, 2024, ESO is not officially supported by Red Hat as a product.
44
44
====
45
45
46
46
ESO's custom file format and utilities streamlines secret management by allowing file references and supporting encrypted secret storage. The design prioritizes security through multi-layer encryption and simplifies key management. In particular the ini key type is especially helpful for handling AWS credentials, where mismanagement could lead to unauthorized use and potential financial or operational issues.
@@ -57,7 +57,7 @@ Secret management in validated patterns follows GitOps best practices while main
57
57
58
58
. Access the Vault instance deployed by the pattern.
59
59
60
-
.. Click on the nine box in the UI, choose the *Vault* and you are taken to the Vault’s UI.
60
+
.. Click the nine box in the UI, choose the *Vault* and you are taken to the Vault’s UI.
61
61
62
62
.. Log in with the root token from the vaultkeys secret in the imperative space. Retrieve this be running the following command:
This validated pattern quickstart offers a streamlined guide to deploying predefined, reliable configurations and applications, ensuring they meet established standards. It provides step-by-step instructions on setup, prerequisites, and configuration, enabling administrators to deploy tested, supportable patterns quickly. These patterns simplify complex deployments by applying reusable configurations suited to various infrastructure and application needs, allowing users to efficiently deploy, manage, and scale applications with GitOps. This approach also reduces the risks and time associated with custom configurations.
15
15
16
-
There are two ways to deploy validated patterns: through the OpenShift-based Validated Patterns framework or the Ansible GitOps Framework (AGOF). The OpenShift-based validated patterns framework is the most common method for deploying applications and infrastructure on the OpenShift Container Platform. It offers a set of predefined configurations and patterns that follow best practices and are validated by Red Hat.
16
+
Validated patterns can be deployed using either the OpenShift-based Validated Patterns framework or the Ansible GitOps Framework (AGOF). The OpenShift-based validated patterns framework is the most common method for deploying applications and infrastructure on the OpenShift Container Platform. It offers a set of predefined configurations and patterns that follow best practices and are validated by Red Hat.
Copy file name to clipboardExpand all lines: content/learn/vp_agof.adoc
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -256,7 +256,7 @@ This command invokes the `controller_configuration` `dispatch` role on the contr
256
256
257
257
.Verification
258
258
259
-
The default installation provides an AAP 2.4 installation deployed using the containerized installer, with services deployed this way:
259
+
The default installation provides an AAP 2.4 installation deployed by using the containerized installer, with services deployed this way:
260
260
261
261
.agof_vault settings
262
262
[cols="30%,70%",options="header"]
@@ -274,7 +274,7 @@ a| EDA Automation Controller
274
274
275
275
|===
276
276
277
-
Once the install completes, you will have a project, an inventory (consisting of the AAP controller), a credential (the private key from ec2), a job template (which runs a fact gather on the AAP controller) and a schedule that will run the job template every 5 minutes,
277
+
Once the install completes, you will have a project, an inventory (consisting of the AAP controller), a credential (the private key from ec2), a job template (which runs a fact gather on the AAP controller) and a schedule that will run the job template every 5 minutes.
278
278
279
279
. Log in to `https://aap.{{ ec2_name_prefix }}.{{ domain }}:8443` with the username `admin` and the password as configured in `admin_password` field of `agof_vault.yml`.
280
280
@@ -294,7 +294,7 @@ In this method, you provide an existing Ansible Automation Platform (AAP) Contro
294
294
295
295
You supply the manifest contents, endpoint hostname, admin username (defaults to "admin"), and admin password, and then the installation hands off to a `controller_config_dir` you define.
296
296
297
-
* Run the following command to install using this method:
297
+
* Run the following command to install by using this method:
0 commit comments