From 0cb3b138af1de55e7b55bb9ff4536dd4dea58e4e Mon Sep 17 00:00:00 2001 From: Kevin Quinn Date: Thu, 31 Oct 2024 14:28:01 +0000 Subject: [PATCH 01/28] TELCODOCS-2082 VP Quick start guide redo --- content/learn/quickstart.adoc | 8 ++++++-- content/learn/validated_patterns_frameworks.adoc | 7 ++----- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/content/learn/quickstart.adoc b/content/learn/quickstart.adoc index da96fa531..6818a7d73 100644 --- a/content/learn/quickstart.adoc +++ b/content/learn/quickstart.adoc @@ -2,14 +2,18 @@ layout: default title: Patterns quick start menu: learn -weight: 40 +weight: 20 --- :toc: :_content-type: ASSEMBLY include::modules/comm-attributes.adoc[] -== Patterns quick start +== Patterns quick start overview + +This validated pattern quickstart offers a streamlined guide to deploying predefined, reliable configurations and applications in OpenShift Container Platform, ensuring they meet established standards. It provides step-by-step instructions on setup, prerequisites, and configuration, enabling administrators to deploy tested, supportable patterns quickly. These patterns simplify complex deployments by applying reusable configurations suited to various infrastructure and application needs, allowing users to efficiently deploy, manage, and scale applications with GitOps. This approach also reduces the risks and time associated with custom configurations. + +There are two ways to deploy validated patterns using the OpenShift-based Validated Patterns framework or the Ansible GitOps Framework (AGOF). The OpenShift-based validated patterns framework is the most common method for deploying applications and infrastructure on the OpenShift Container Platform. It offers a set of predefined configurations and patterns that follow best practices and are validated by Red Hat. Each pattern can be deployed using the command line. The only requirement is to have `git` and `podman` installed. See the <> for more information. diff --git a/content/learn/validated_patterns_frameworks.adoc b/content/learn/validated_patterns_frameworks.adoc index 6198e5d49..5dde427c8 100644 --- a/content/learn/validated_patterns_frameworks.adoc +++ b/content/learn/validated_patterns_frameworks.adoc @@ -1,7 +1,7 @@ --- menu: learn title: Validated patterns frameworks -weight: 20 +weight: 30 aliases: /validated-patterns-frameworks/ --- @@ -18,7 +18,4 @@ The OpenShift-based validated patterns framework is the most common method for d Ansible GitOps Framework (AGOF) is an alternative framework, designed to provide a framework for GitOps without Kubernetes. AGOF is not a pattern itself; it is a framework for installing Ansible Automation Platform (AAP), and then using that as the GitOps engine to drive other pattern work. AGOF comes with code to install VMs in AWS, if desired, or else it can work with previously provisioned VMs, or a functional AAP Controller endpoint. -The goal with either framework, is that developers, operators, security, and architects build a secure and repeatable day one deployment mechanism and maintenance automation for day two operations. - - - +The goal with either framework, is that developers, operators, security, and architects build a secure and repeatable day one deployment mechanism and maintenance automation for day two operations. \ No newline at end of file From a5768137af23abb5414c51e9d4b5d03c9e5e6dbf Mon Sep 17 00:00:00 2001 From: Kevin Quinn Date: Fri, 1 Nov 2024 10:20:23 +0000 Subject: [PATCH 02/28] Adding some more content --- content/learn/quickstart.adoc | 187 ++++++++++++++++++++++++++-------- 1 file changed, 142 insertions(+), 45 deletions(-) diff --git a/content/learn/quickstart.adoc b/content/learn/quickstart.adoc index 6818a7d73..7b348542d 100644 --- a/content/learn/quickstart.adoc +++ b/content/learn/quickstart.adoc @@ -11,79 +11,176 @@ include::modules/comm-attributes.adoc[] == Patterns quick start overview -This validated pattern quickstart offers a streamlined guide to deploying predefined, reliable configurations and applications in OpenShift Container Platform, ensuring they meet established standards. It provides step-by-step instructions on setup, prerequisites, and configuration, enabling administrators to deploy tested, supportable patterns quickly. These patterns simplify complex deployments by applying reusable configurations suited to various infrastructure and application needs, allowing users to efficiently deploy, manage, and scale applications with GitOps. This approach also reduces the risks and time associated with custom configurations. +This validated pattern quickstart offers a streamlined guide to deploying predefined, reliable configurations and applications, ensuring they meet established standards. It provides step-by-step instructions on setup, prerequisites, and configuration, enabling administrators to deploy tested, supportable patterns quickly. These patterns simplify complex deployments by applying reusable configurations suited to various infrastructure and application needs, allowing users to efficiently deploy, manage, and scale applications with GitOps. This approach also reduces the risks and time associated with custom configurations. -There are two ways to deploy validated patterns using the OpenShift-based Validated Patterns framework or the Ansible GitOps Framework (AGOF). The OpenShift-based validated patterns framework is the most common method for deploying applications and infrastructure on the OpenShift Container Platform. It offers a set of predefined configurations and patterns that follow best practices and are validated by Red Hat. +There are two ways to deploy validated patterns: through the OpenShift-based Validated Patterns framework or the Ansible GitOps Framework (AGOF). The OpenShift-based validated patterns framework is the most common method for deploying applications and infrastructure on the OpenShift Container Platform. It offers a set of predefined configurations and patterns that follow best practices and are validated by Red Hat. -Each pattern can be deployed using the command line. The only requirement is to have `git` and `podman` installed. See the <> for more information. +== Getting Started with Validated Patterns -Patterns deployment requires several tools including Helm to install. However, the validated patterns framework removes the need to install and maintain these tools. The `pattern.sh` script uses a container which includes the necessary tools. The use of that container is why you need to install `podman`. +This guide steps you through the process of deploying your first validated pattern on an OpenShift cluster. By the end of this guide, you'll have a working instance of the Multicloud GitOps pattern, which serves as an excellent foundation for exploring other patterns. -Check the `values-\*.yaml` for changes that are needed before deployment. After changing the `values-*.yaml` files where needed and pushing them to your git repository, you can run `./pattern.sh make install` from your local repository directory and that will deploy the datacenter/hub cluster for a pattern. Edge clusters are deployed by joining/importing them into ACM on the hub. +=== What You'll Learn -Alternatively to the `./pattern.sh make install` method, you can use the https://operatorhub.io/operator/patterns-operator[validated pattern operator] available in the OpenShift console. +. Setting up prerequisites for validated patterns +. Installing and configuring the Validated Patterns Operator +. Deploying the Multicloud GitOps pattern +. Managing secrets and configurations -For information on using the Validated Patterns Operator, see link:/infrastructure/using-validated-pattern-operator/[Using the Validated Pattern Operator]. +== Prerequisites -Follow any other post-install instructions for the pattern on that pattern’s Getting started page. +Before beginning, ensure you have the following: +=== OpenShift Cluster Requirements -== Prerequisite installation instructions [[installation_prerequisites]] +* A running OpenShift 4.12 or later +* Cluster-admin privileges +* At least 8 CPU cores available +* Minimum 16GB RAM available -== Tested Operating systems -The following instructions have been tested on the following operating systems: +=== Storage Requirements -* Red Hat Enterprise Linux 8 and 9 -* CentOS 8 and 9 -* Fedora 36 and onwards -* Debian Bookworm -* Ubuntu 22.04 -* Mac OSX Big Sur and onwards +* A default storage class configured for dynamic provisioning +* At least 10GB of available storage -=== Red Hat Enterprise Linux 8 and 9 -Make sure that you have both the `appstream` and the `baseos` repositories configured. -For example on RHEL 8 you will get the following: +=== Network Requirements -[source,terminal] +.For connected environments: +* Access to public container registries +* Access to GitHub repositories + +.For disconnected environments: +* Local registry with mirrored operator catalogs +* Local Git repository with pattern manifests +* Proper network policies configured + +== Getting Started with Multicloud GitOps + +=== What is Multicloud GitOps? + +Multicloud GitOps is a foundational pattern that demonstrates GitOps principles for managing applications across multiple clusters. It provides: + +* A GitOps framework using ArgoCD +* Infrastructure-as-Code practices +* Multi-cluster management capabilities +* Template for secure secret management + +=== Why Start with this Pattern? + +The Multicloud GitOps pattern is recommended as your first pattern because: + +. It establishes core GitOps practices +. Provides a minimal but complete implementation +. Serves as a foundation for other patterns +. Demonstrates key validated patterns concepts + +[NOTE] +==== +Other patterns build upon these concepts, making this an ideal starting point for your validated patterns journey. +==== + +== Installing the Validated Patterns Operator + +. Navigate to the OpenShift OperatorHub +. Search for "Validated Patterns Operator" +. Click "Install" +. Select installation mode: ++ +[source,yaml] ---- -sudo dnf repolist -Updating Subscription Management repositories. -repo id repo name -rhel-8-for-x86_64-appstream-rpms Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) -rhel-8-for-x86_64-baseos-rpms Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) +Installation Mode: All namespaces +Installed Namespace: openshift-operators +Update Channel: stable +Approval Strategy: Automatic ---- -Install `podman` and `git`: +== Installing the Multicloud GitOps Pattern + +=== Creating the Pattern Custom Resource -[source,terminal] +. Create a new YAML file named `pattern-cr.yaml`: ++ +[source,yaml] ---- -sudo dnf install -y podman git +apiVersion: ran.openshift.io/v1beta1 +kind: Pattern +metadata: + name: multicloud-gitops + namespace: patterns +spec: + version: latest + gitSpec: + targetRepo: https://github.com/validatedpatterns/multicloud-gitops + targetBranch: main ---- -=== Fedora -Install `podman` and `git`: +. Apply the Custom Resource: ++ +[source,bash] +---- +oc apply -f pattern-cr.yaml +---- + +=== Verifying the Installation + +Monitor the deployment: -[source,terminal] +[source,bash] ---- -sudo dnf install -y podman git +oc get pods -n patterns +oc get applications -n openshift-gitops ---- -=== Debian and derivatives -Install `podman` and `git`: +== Configuring Secrets -[source,terminal] +Secret management in validated patterns follows GitOps best practices while maintaining security. Here's how to configure your secrets: + +=== Using Vault for Secret Management + +. Access the Vault instance deployed by the pattern +. Initialize Vault and obtain root tokens +. Configure secret engines: ++ +[source,bash] ---- -sudo apt-get install -y podman git +vault secrets enable -path=secret kv-v2 ---- -=== Mac OSX -Install `podman` and `git`: +=== Storing Pattern Secrets + +. Create a new secret: ++ +[source,bash] +---- +vault kv put secret/pattern-name/credentials \ + username="admin" \ + password="secure-password" +---- -[source,terminal] +. Reference secrets in your GitOps configurations: ++ +[source,yaml] ---- -/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" -brew install podman git -# Containers on MacOSX run in a VM which is managed by "podman machine" commands -podman machine init -v ${HOME}:${HOME} -v /private/tmp/:/private/tmp -podman machine start +apiVersion: v1 +kind: Secret +metadata: + name: pattern-secret +stringData: + credentials: ${vault:secret/data/pattern-name/credentials} ---- + +[TIP] +==== +For more detailed information about secret management, refer to the comprehensive guide at https://validatedpatterns.io/learn/ +==== + +== Next Steps + +* Explore the deployed components in your OpenShift console +* Review the GitOps repositories created by the pattern +* Try modifying the configuration to understand the GitOps workflow +* Consider exploring other validated patterns that build on this foundation + +[IMPORTANT] +==== +Remember to consult the official documentation at validatedpatterns.io for detailed information about specific features and advanced configurations. +==== From a4f5e974586fdcc9f3bbf8cbf5bde5569879dc76 Mon Sep 17 00:00:00 2001 From: Kevin Quinn Date: Fri, 1 Nov 2024 10:47:58 +0000 Subject: [PATCH 03/28] Adding some more content 2 --- content/learn/using-validated-pattern-operator.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/learn/using-validated-pattern-operator.adoc b/content/learn/using-validated-pattern-operator.adoc index f477822a8..4f3b0c7a0 100644 --- a/content/learn/using-validated-pattern-operator.adoc +++ b/content/learn/using-validated-pattern-operator.adoc @@ -1,10 +1,10 @@ --- menu: learn: - parent: Infrastructure + parent: Patterns quick start title: Using the Validated Patterns Operator aliases: /infrastructure/using-validated-pattern-operator/ -weight: 50 +weight: 20 --- :toc: From 584101f2e9d6a9b9d4ce66761b93e7de5ff16fab Mon Sep 17 00:00:00 2001 From: Kevin Quinn Date: Fri, 1 Nov 2024 15:28:07 +0000 Subject: [PATCH 04/28] Adding content about installing MCG --- content/learn/quickstart.adoc | 77 ------------------- .../using-validated-pattern-operator.adoc | 4 +- 2 files changed, 2 insertions(+), 79 deletions(-) diff --git a/content/learn/quickstart.adoc b/content/learn/quickstart.adoc index 7b348542d..15b5ee331 100644 --- a/content/learn/quickstart.adoc +++ b/content/learn/quickstart.adoc @@ -53,83 +53,6 @@ Before beginning, ensure you have the following: * Local Git repository with pattern manifests * Proper network policies configured -== Getting Started with Multicloud GitOps - -=== What is Multicloud GitOps? - -Multicloud GitOps is a foundational pattern that demonstrates GitOps principles for managing applications across multiple clusters. It provides: - -* A GitOps framework using ArgoCD -* Infrastructure-as-Code practices -* Multi-cluster management capabilities -* Template for secure secret management - -=== Why Start with this Pattern? - -The Multicloud GitOps pattern is recommended as your first pattern because: - -. It establishes core GitOps practices -. Provides a minimal but complete implementation -. Serves as a foundation for other patterns -. Demonstrates key validated patterns concepts - -[NOTE] -==== -Other patterns build upon these concepts, making this an ideal starting point for your validated patterns journey. -==== - -== Installing the Validated Patterns Operator - -. Navigate to the OpenShift OperatorHub -. Search for "Validated Patterns Operator" -. Click "Install" -. Select installation mode: -+ -[source,yaml] ----- -Installation Mode: All namespaces -Installed Namespace: openshift-operators -Update Channel: stable -Approval Strategy: Automatic ----- - -== Installing the Multicloud GitOps Pattern - -=== Creating the Pattern Custom Resource - -. Create a new YAML file named `pattern-cr.yaml`: -+ -[source,yaml] ----- -apiVersion: ran.openshift.io/v1beta1 -kind: Pattern -metadata: - name: multicloud-gitops - namespace: patterns -spec: - version: latest - gitSpec: - targetRepo: https://github.com/validatedpatterns/multicloud-gitops - targetBranch: main ----- - -. Apply the Custom Resource: -+ -[source,bash] ----- -oc apply -f pattern-cr.yaml ----- - -=== Verifying the Installation - -Monitor the deployment: - -[source,bash] ----- -oc get pods -n patterns -oc get applications -n openshift-gitops ----- - == Configuring Secrets Secret management in validated patterns follows GitOps best practices while maintaining security. Here's how to configure your secrets: diff --git a/content/learn/using-validated-pattern-operator.adoc b/content/learn/using-validated-pattern-operator.adoc index 4f3b0c7a0..f477822a8 100644 --- a/content/learn/using-validated-pattern-operator.adoc +++ b/content/learn/using-validated-pattern-operator.adoc @@ -1,10 +1,10 @@ --- menu: learn: - parent: Patterns quick start + parent: Infrastructure title: Using the Validated Patterns Operator aliases: /infrastructure/using-validated-pattern-operator/ -weight: 20 +weight: 50 --- :toc: From 76abdc11723b238517982ba69b487613442c0ef7 Mon Sep 17 00:00:00 2001 From: Kevin Quinn Date: Fri, 1 Nov 2024 15:28:16 +0000 Subject: [PATCH 05/28] Adding content about installing MCG 2 --- .../getting-started-multi-cloud-gitops.adoc | 238 ++++++++++++++++++ 1 file changed, 238 insertions(+) create mode 100644 content/learn/getting-started-multi-cloud-gitops.adoc diff --git a/content/learn/getting-started-multi-cloud-gitops.adoc b/content/learn/getting-started-multi-cloud-gitops.adoc new file mode 100644 index 000000000..e4b42f8b6 --- /dev/null +++ b/content/learn/getting-started-multi-cloud-gitops.adoc @@ -0,0 +1,238 @@ +--- +menu: + learn: + parent: Patterns quick start +title: Getting Started with Multicloud GitOps +aliases: /infrastructure/using-validated-pattern-operator/ +weight: 20 +--- + +:toc: +:imagesdir: /images +:_content-type: ASSEMBLY +include::modules/comm-attributes.adoc[] + +== Getting Started with Multicloud GitOps + +Multicloud GitOps is a foundational pattern that demonstrates GitOps principles for managing applications across multiple clusters. It provides: + +* A GitOps framework using ArgoCD +* Infrastructure-as-Code practices +* Multi-cluster management capabilities +* Template for secure secret management + +The Multicloud GitOps pattern is recommended as your first pattern because: + +. It establishes core GitOps practices +. Provides a minimal but complete implementation +. Serves as a foundation for other patterns +. Demonstrates key validated patterns concepts + +[NOTE] +==== +Other patterns build upon these concepts, making this an ideal starting point for your validated patterns journey. +==== + +== Deploying the Multicloud GitOps pattern + +.Prerequisites + +* An OpenShift cluster + ** To create an OpenShift cluster, go to the https://console.redhat.com/[Red Hat Hybrid Cloud console]. + ** Select *Services \-> Containers \-> Create cluster*. + ** The cluster must have a dynamic `StorageClass` to provision `PersistentVolumes`. Verify that a dynamic `StorageClass` exists before creating one by running the following command: ++ +[source,terminal] +---- +oc get storageclass -o custom-columns=NAME:.metadata.name,PROVISIONER:.provisioner,DEFAULT:.metadata.annotations."storageclass\.kubernetes\.io/is-default-class" +---- ++ +* Optional: A second OpenShift cluster for multicloud demonstration. +//Replaced git and podman prereqs with the tooling dependencies page +* https://validatedpatterns.io/learn/quickstart/[Install the tooling dependencies]. + +The use of this pattern depends on having at least one running Red Hat OpenShift cluster. However, consider creating a cluster for deploying the GitOps management hub assets and a separate cluster for the managed cluster. + +If you do not have a running Red Hat OpenShift cluster, you can start one on a +public or private cloud by using https://console.redhat.com/openshift/create[Red Hat Hybrid Cloud Console]. + +.Procedure + +. Fork the https://github.com/validatedpatterns/multicloud-gitops[multicloud-gitops] repository on GitHub. +. Clone the forked copy of this repository. ++ +[source,terminal] +---- +$ git clone git@github.com:your-username/multicloud-gitops.git +---- + +. Create a local copy of the secret values file that can safely include credentials. Run the following commands: ++ +[source,terminal] +---- +$ cp values-secret.yaml.template ~/values-secret-multicloud-gitops.yaml +---- ++ +[source,terminal] +---- +$ vi ~/values-secret-multicloud-gitops.yaml +---- ++ +[WARNING] +==== +Do not commit this file. You do not want to push personal credentials to GitHub. If you do not want to customize the secrets, these steps are not needed. The framework generates a random password for the `config-demo` application. +==== + +. Customize the deployment for your cluster. Run the following command: ++ +[source,terminal] +---- +$ git checkout -b my-branch +---- ++ +[source,terminal] +---- +$ vi values-global.yaml +---- ++ +[source,terminal] +---- +$ git add values-global.yaml +---- ++ +[source,terminal] +---- +$ git commit values-global.yaml +---- ++ +[source,terminal] +---- +$ git push origin my-branch +---- + +You can install the Multicloud GitOps pattern by using the web console or from command line. + +To install the Multicloud GitOps pattern by using the the web console you must first install the Validated Patterns Operator. The Validated Patterns Operator installs and manages Validated Patterns. + +//Include Procedure module here +[id="installing-validated-patterns-operator_{context}"] +== Installing the {validated-patterns-op} + +.Prerequisites +* Access to an {ocp} cluster using an account with cluster-admin permissions. + +.Procedure + +. Navigate in the {hybrid-console-first} to the *Operators* → *OperatorHub* page. + +. Scroll or type a keyword into the *Filter by keyword* box to find the Operator you want. For example, type `validated patterns` to find the {validated-patterns-op}. + +. Select the Operator to display additional information. ++ +[NOTE] +==== +Choosing a Community Operator warns that Red Hat does not certify Community Operators; you must acknowledge the warning before continuing. +==== + +. Read the information about the Operator and click *Install*. + +. On the *Install Operator* page: + +.. Select an *Update channel* (if more than one is available). + +.. Select a *Version* (if more than one is available). + +.. Select an *Installation mode*: +*** *All namespaces on the cluster (default)* installs the Operator in the default `openshift-operators` namespace to watch and be made available to all namespaces in the cluster. This option is not always available. +*** *A specific namespace on the cluster* allows you to choose a specific, single namespace in which to install the Operator. The Operator will only watch and be made available for use in this single namespace. + +.. Select *Automatic* or *Manual* approval strategy. + +. Click *Install* to make the Operator available to the selected namespaces on this {ocp} cluster. + +.Verification +To confirm that the installation is successful: + +. Navigate to the *Operators* → *Installed Operators* page. + +. Check that the Operator is installed in the selected namespace and its status is `Succeeded`. + +//Include Procedure module here +[id="create-pattern-instance_{context}"] +== Creating the Multicloud GitOps instance + +.Prerequisites +The {validated-patterns-op} is successfully installed in the relevant namespace. + +.Procedure + +. Navigate to the *Operators* → *Installed Operators* page. + +. Click the installed *{validated-patterns-op}*. + +. Under the *Details* tab, in the *Provided APIs* section, in the +*Pattern* box, click *Create Instance* that displays the *Create Pattern* page. + +. On the the *Create Pattern* page, select *Form view* and enter information in the following fields: + +** *Name* - A name for the pattern deployment that is used in the projects that you created. +** *Labels* - Apply any other labels you might need for deploying this pattern. +** *Cluster Group Name* - Select a cluster group name to identify the type of cluster where this pattern is being deployed. For example, if you are deploying the {ie-pattern}, the cluster group name is `datacenter`. If you are deploying the {mcg-pattern}, the cluster group name is `hub`. ++ +To know the cluster group name for the patterns that you want to deploy, check the relevant pattern-specific requirements. +. Expand the *Git Config* section to reveal the options and enter the required information. +. Leave *In Cluster Git Server* unchanged. +.. Change the *Target Repo* URL to your forked repository URL. For example, change `+https://github.com/validatedpatterns/+` to `+https://github.com//+` +.. Optional: You might need to change the *Target Revision* field. The default value is `HEAD`. However, you can also provide a value for a branch, tag, or commit that you want to deploy. For example, `v2.1`, `main`, or a branch that you created, `my-branch`. +. Ensure that you have made any required changes to your `values-*.yaml` files locally and pushed them to your forked repository on the correct branch or target that you chose in the previous step. +. Click *Create*. + +.Verification + +The {rh-gitops} Operator displays in list of *Installed Operators*. The {rh-gitops} Operator installs the remaining assets and artifacts for this pattern. To view the installation of these assets and artifacts, such as {rh-rhacm-first}, ensure that you switch to *Project:All Projects*. + +For more information about post-installation instructions for a pattern, see its _Getting started_ page. + + +. Deploy the pattern by running `./pattern.sh make install` or by using the link:/infrastructure/using-validated-pattern-operator/[Validated Patterns Operator]. + +[id="deploying-cluster-using-patternsh-file"] +== Deploying the cluster by using the pattern.sh file + +To deploy the cluster by using the `pattern.sh` file, complete the following steps: + +. Login to your cluster by running the following command: ++ +[source,terminal] +---- + oc login +---- ++ +Optional: Set the `KUBECONFIG` variable for the `kubeconfig` file path: ++ +[source,terminal] +---- + export KUBECONFIG=~/ +---- + +. Deploy the pattern to your cluster. Run the following command: ++ +[source,terminal] +---- + ./pattern.sh make install +---- + +. Verify that the Operators have been installed. + .. To verify, in the OpenShift Container Platform web console, navigate to *Operators → Installed Operators* page. + .. Check that the Operator is installed in the `openshift-operators` namespace and its status is `Succeeded`. +. Verify that all applications are synchronized. Under the project `multicloud-gitops-hub` click the URL for the `hub` gitops `server`. The Vault application is not synched. ++ +image::multicloud-gitops/multicloud-gitops-argocd.png[Multicloud GitOps Hub] + + +As part of this pattern, HashiCorp Vault has been installed. Refer to the section on https://validatedpatterns.io/secrets/vault/[Vault]. + + +You can use the {validated-patterns-op} to install and manage {solution-name-upstream}. Use the {hybrid-console-first} to install the {validated-patterns-op}. After installing the Operator, you can create an instance where you can specify the details for your pattern. The {validated-patterns-op} then installs and manages the required assets and artifacts that the pattern requires. + + From de6aeac164b4db2f27add398a303e239c610caec Mon Sep 17 00:00:00 2001 From: Kevin Quinn Date: Fri, 1 Nov 2024 15:58:43 +0000 Subject: [PATCH 06/28] Adding some more content 3 --- content/learn/getting-started-multi-cloud-gitops.adoc | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/content/learn/getting-started-multi-cloud-gitops.adoc b/content/learn/getting-started-multi-cloud-gitops.adoc index e4b42f8b6..3efde34fe 100644 --- a/content/learn/getting-started-multi-cloud-gitops.adoc +++ b/content/learn/getting-started-multi-cloud-gitops.adoc @@ -191,8 +191,19 @@ To know the cluster group name for the patterns that you want to deploy, check t The {rh-gitops} Operator displays in list of *Installed Operators*. The {rh-gitops} Operator installs the remaining assets and artifacts for this pattern. To view the installation of these assets and artifacts, such as {rh-rhacm-first}, ensure that you switch to *Project:All Projects*. +The deployment will not take long but it should deploy successfully. + +Verify that the *hello-world* application deployed successfully as follows: + +. Navigate to the *Networking* -> *Routes* menu options. + +. Select the *hello-world* *Project*. + +. Click on the *Location URL*. THis should reveal the *Hello World!* + For more information about post-installation instructions for a pattern, see its _Getting started_ page. +Alternatively you can deploy the Multicloud GitOps pattern usung the command line script `pattern.sh` . Deploy the pattern by running `./pattern.sh make install` or by using the link:/infrastructure/using-validated-pattern-operator/[Validated Patterns Operator]. From 6601b90df118466c9e05b4dbb43b7642088d023c Mon Sep 17 00:00:00 2001 From: Kevin Quinn Date: Mon, 4 Nov 2024 11:40:14 +0000 Subject: [PATCH 07/28] Adding some more content 4 --- .../learn/getting-started-multi-cloud-gitops.adoc | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/content/learn/getting-started-multi-cloud-gitops.adoc b/content/learn/getting-started-multi-cloud-gitops.adoc index 3efde34fe..25eb564ef 100644 --- a/content/learn/getting-started-multi-cloud-gitops.adoc +++ b/content/learn/getting-started-multi-cloud-gitops.adoc @@ -171,7 +171,7 @@ The {validated-patterns-op} is successfully installed in the relevant namespace. . Click the installed *{validated-patterns-op}*. . Under the *Details* tab, in the *Provided APIs* section, in the -*Pattern* box, click *Create Instance* that displays the *Create Pattern* page. +*Pattern* box, click *Create instance* that displays the *Create Pattern* page. . On the the *Create Pattern* page, select *Form view* and enter information in the following fields: @@ -199,11 +199,19 @@ Verify that the *hello-world* application deployed successfully as follows: . Select the *hello-world* *Project*. -. Click on the *Location URL*. THis should reveal the *Hello World!* +. Click on the *Location URL*. THis should reveal: ++ +[source,terminal] +---- +Hello World! +Hub Cluster domain is 'apps.aws-hub-cluster.openshift.org' +Pod is running on Local Cluster Domain 'apps.aws-hub-cluster.openshift.org' +---- ++ For more information about post-installation instructions for a pattern, see its _Getting started_ page. -Alternatively you can deploy the Multicloud GitOps pattern usung the command line script `pattern.sh` +Alternatively you can deploy the Multicloud GitOps pattern by using the command line script `pattern.sh` . Deploy the pattern by running `./pattern.sh make install` or by using the link:/infrastructure/using-validated-pattern-operator/[Validated Patterns Operator]. From 86af2ad8d26c210214e53fc273736c010af1efe0 Mon Sep 17 00:00:00 2001 From: Kevin Quinn Date: Mon, 4 Nov 2024 14:56:19 +0000 Subject: [PATCH 08/28] Adding some more content 5 --- .../getting-started-multi-cloud-gitops.adoc | 60 +++++++++---------- 1 file changed, 27 insertions(+), 33 deletions(-) diff --git a/content/learn/getting-started-multi-cloud-gitops.adoc b/content/learn/getting-started-multi-cloud-gitops.adoc index 25eb564ef..fad99b432 100644 --- a/content/learn/getting-started-multi-cloud-gitops.adoc +++ b/content/learn/getting-started-multi-cloud-gitops.adoc @@ -44,7 +44,7 @@ Other patterns build upon these concepts, making this an ideal starting point fo + [source,terminal] ---- -oc get storageclass -o custom-columns=NAME:.metadata.name,PROVISIONER:.provisioner,DEFAULT:.metadata.annotations."storageclass\.kubernetes\.io/is-default-class" +$ oc get storageclass -o custom-columns=NAME:.metadata.name,PROVISIONER:.provisioner,DEFAULT:.metadata.annotations."storageclass\.kubernetes\.io/is-default-class" ---- + * Optional: A second OpenShift cluster for multicloud demonstration. @@ -58,59 +58,59 @@ public or private cloud by using https://console.redhat.com/openshift/create[Red .Procedure -. Fork the https://github.com/validatedpatterns/multicloud-gitops[multicloud-gitops] repository on GitHub. -. Clone the forked copy of this repository. -+ -[source,terminal] ----- -$ git clone git@github.com:your-username/multicloud-gitops.git ----- +. From the https://github.com/validatedpatterns/multicloud-gitops[multicloud-gitops] repository on GitHub, click the Fork button. -. Create a local copy of the secret values file that can safely include credentials. Run the following commands: +. Clone the forked copy of this repository by running the following command. + [source,terminal] ---- -$ cp values-secret.yaml.template ~/values-secret-multicloud-gitops.yaml +$ git clone git@github.com:/multicloud-gitops.git ---- + +. Run the following command to set the upstream repository: + [source,terminal] ---- -$ vi ~/values-secret-multicloud-gitops.yaml +$ git remote add -f upstream git@github.com/validatedpatterns/multicloud-gitops.git ---- -+ -[WARNING] -==== -Do not commit this file. You do not want to push personal credentials to GitHub. If you do not want to customize the secrets, these steps are not needed. The framework generates a random password for the `config-demo` application. -==== -. Customize the deployment for your cluster. Run the following command: +. Verify the setup of your remote repositories by running the following command: + [source,terminal] ---- -$ git checkout -b my-branch +$ git remote -v ---- + -[source,terminal] ----- -$ vi values-global.yaml ----- +.Example output + [source,terminal] ---- -$ git add values-global.yaml +origin git@github.com:/multicloud-gitops.git (fetch) +origin git@github.com:/multicloud-gitops.git (push) +upstream https://github.com/validatedpatterns/multicloud-gitops.git (fetch) +upstream https://github.com/validatedpatterns/multicloud-gitops.git (push) ---- + +. Create a local copy of the secret values file that can safely include credentials. Run the following commands: + [source,terminal] ---- -$ git commit values-global.yaml +$ cp values-secret.yaml.template ~/values-secret-multicloud-gitops.yaml ---- + +. Push your local branch named `my-branch` to the remote repository specified by origin by running the following command: + [source,terminal] ---- $ git push origin my-branch ---- ++ +[NOTE] +==== +The idea of creating a local branch and pushing this to origin allows you scope to customize the base Multicloud GitOps. +==== -You can install the Multicloud GitOps pattern by using the web console or from command line. +You can proceed to install the Multicloud GitOps pattern by using the web console or from command line. To install the Multicloud GitOps pattern by using the the web console you must first install the Validated Patterns Operator. The Validated Patterns Operator installs and manages Validated Patterns. @@ -119,7 +119,7 @@ To install the Multicloud GitOps pattern by using the the web console you must f == Installing the {validated-patterns-op} .Prerequisites -* Access to an {ocp} cluster using an account with cluster-admin permissions. +* Access to an {ocp} cluster using an account with `cluster-admin` permissions. .Procedure @@ -184,7 +184,6 @@ To know the cluster group name for the patterns that you want to deploy, check t . Leave *In Cluster Git Server* unchanged. .. Change the *Target Repo* URL to your forked repository URL. For example, change `+https://github.com/validatedpatterns/+` to `+https://github.com//+` .. Optional: You might need to change the *Target Revision* field. The default value is `HEAD`. However, you can also provide a value for a branch, tag, or commit that you want to deploy. For example, `v2.1`, `main`, or a branch that you created, `my-branch`. -. Ensure that you have made any required changes to your `values-*.yaml` files locally and pushed them to your forked repository on the correct branch or target that you chose in the previous step. . Click *Create*. .Verification @@ -199,7 +198,7 @@ Verify that the *hello-world* application deployed successfully as follows: . Select the *hello-world* *Project*. -. Click on the *Location URL*. THis should reveal: +. Click on the *Location URL*. This should reveal the following: + [source,terminal] ---- @@ -250,8 +249,3 @@ image::multicloud-gitops/multicloud-gitops-argocd.png[Multicloud GitOps Hub] As part of this pattern, HashiCorp Vault has been installed. Refer to the section on https://validatedpatterns.io/secrets/vault/[Vault]. - - -You can use the {validated-patterns-op} to install and manage {solution-name-upstream}. Use the {hybrid-console-first} to install the {validated-patterns-op}. After installing the Operator, you can create an instance where you can specify the details for your pattern. The {validated-patterns-op} then installs and manages the required assets and artifacts that the pattern requires. - - From 97be2b51e5237357cbd7518c642de11d62b8b359 Mon Sep 17 00:00:00 2001 From: Kevin Quinn Date: Mon, 4 Nov 2024 17:44:16 +0000 Subject: [PATCH 09/28] Adding secrets 1 --- .../getting-started-secret-management.adoc | 70 +++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 content/learn/getting-started-secret-management.adoc diff --git a/content/learn/getting-started-secret-management.adoc b/content/learn/getting-started-secret-management.adoc new file mode 100644 index 000000000..912049439 --- /dev/null +++ b/content/learn/getting-started-secret-management.adoc @@ -0,0 +1,70 @@ +--- +menu: + learn: + parent: Patterns quick start +title: Configuring secrets +aliases: /infrastructure/using-validated-pattern-operator/ +weight: 21 +--- + +:toc: +:imagesdir: /images +:_content-type: ASSEMBLY +include::modules/comm-attributes.adoc[] + +== What are secrets + +Secrets refer to any piece of sensitive information that should not be exposed publicly or handled insecurely. This can include passwords, private keys, certificates (particularly the private parts), database connection strings, and other confidential data. + +A simple way to think of secrets is as anything that security teams or responsible system administrators would ensure stays protected and not published in a public space. + +== Characteristics and Importance +Secrets are crucial for the functioning of applications for example database passwords or cache keys. Without access to these secrets, applications may fail or operate in a significantly impaired manner. + +Secrets often vary between different deployments of the same application for example separate load balancer certificates for different instances. Using the same secret across multiple deployments is generally discouraged as it increases the risk of exposure + +Applications often need secrets to run correctly, making them indispensable. Removing or mishandling secrets can disrupt operations. + +== Security and Management Concerns +Directly storing secrets in Git repositories is problematic as this can lead to accidental exposure. Secrets should be managed securely and kept out of source control systems. +Secrets can come in many formats and may have various naming conventions (e.g., usernames and passwords might have different labels). Applications can have strict or specific requirements for how secrets are presented, necessitating flexibility in their management. + +== Challenges in Handling Secrets +Secrets must be handled carefully to prevent exposure, especially in a GitOps framework where the desired state is stored as code. While storing non-sensitive information (e.g., container images, version numbers) in a Git repository is safe, secrets require additional security measures. +Administrators must ensure that different secret formats are managed properly and can be adapted to meet the specific needs of various applications. + +== Configuring secrets + +Multicloud GitOps is a foundational pattern that demonstrates GitOps principles for managing applications across multiple clusters. It provides: + +* A GitOps framework using ArgoCD +* Infrastructure-as-Code practices +* Multi-cluster management capabilities +* Template for secure secret management + +The Multicloud GitOps pattern is recommended as your first pattern because: + +. It establishes core GitOps practices +. Provides a minimal but complete implementation +. Serves as a foundation for other patterns +. Demonstrates key validated patterns concepts + +[NOTE] +==== +Other patterns build upon these concepts, making this an ideal starting point for your validated patterns journey. +==== + +== Deploying the Multicloud GitOps pattern + + + +//Include Procedure module here +[id="installing-validated-patterns-operator_{context}"] +== Installing the {validated-patterns-op} + + +//Include Procedure module here +[id="create-pattern-instance_{context}"] +== Creating the Multicloud GitOps instance + +. \ No newline at end of file From 2d2ab7fb2fdf6b218303963defb0db4ae4af2b2c Mon Sep 17 00:00:00 2001 From: Kevin Quinn Date: Tue, 5 Nov 2024 14:12:23 +0000 Subject: [PATCH 10/28] Adding secret content --- .../getting-started-secret-management.adoc | 91 +++++++++++++------ content/learn/quickstart.adoc | 55 +---------- 2 files changed, 64 insertions(+), 82 deletions(-) diff --git a/content/learn/getting-started-secret-management.adoc b/content/learn/getting-started-secret-management.adoc index 912049439..6fb0881a6 100644 --- a/content/learn/getting-started-secret-management.adoc +++ b/content/learn/getting-started-secret-management.adoc @@ -18,53 +18,88 @@ Secrets refer to any piece of sensitive information that should not be exposed p A simple way to think of secrets is as anything that security teams or responsible system administrators would ensure stays protected and not published in a public space. -== Characteristics and Importance Secrets are crucial for the functioning of applications for example database passwords or cache keys. Without access to these secrets, applications may fail or operate in a significantly impaired manner. Secrets often vary between different deployments of the same application for example separate load balancer certificates for different instances. Using the same secret across multiple deployments is generally discouraged as it increases the risk of exposure Applications often need secrets to run correctly, making them indispensable. Removing or mishandling secrets can disrupt operations. -== Security and Management Concerns -Directly storing secrets in Git repositories is problematic as this can lead to accidental exposure. Secrets should be managed securely and kept out of source control systems. -Secrets can come in many formats and may have various naming conventions (e.g., usernames and passwords might have different labels). Applications can have strict or specific requirements for how secrets are presented, necessitating flexibility in their management. +== How Validated Patterns implements secrets management -== Challenges in Handling Secrets -Secrets must be handled carefully to prevent exposure, especially in a GitOps framework where the desired state is stored as code. While storing non-sensitive information (e.g., container images, version numbers) in a Git repository is safe, secrets require additional security measures. -Administrators must ensure that different secret formats are managed properly and can be adapted to meet the specific needs of various applications. +Validated Patterns supports the tokenization approach for secret management. Tokenization involves keeping actual secret values out of version control (for example git) by using tokens or references that can pull secrets from secure storage during runtime. The real secrets are pulled from an external storage system at runtime. -== Configuring secrets +This approach requires integration with external secret management systems some examples of which are HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, and CyberArk's Conjur. -Multicloud GitOps is a foundational pattern that demonstrates GitOps principles for managing applications across multiple clusters. It provides: +The External Secrets Operator (ESO) is integral to the validated patterns framework, enabling secure secret management by fetching secrets from various secret stores and projecting them into Kubernetes namespaces. ESO supports integration with providers such as HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, GCP, IBM Secrets Manager, and others. -* A GitOps framework using ArgoCD -* Infrastructure-as-Code practices -* Multi-cluster management capabilities -* Template for secure secret management +ESO -The Multicloud GitOps pattern is recommended as your first pattern because: - -. It establishes core GitOps practices -. Provides a minimal but complete implementation -. Serves as a foundation for other patterns -. Demonstrates key validated patterns concepts +* Supports a range of secret providers, ensuring no vendor lock-in. +* Keeps secrets out of version-controlled repositories, using token references in Git instead. +* Allows teams to manage secrets securely while maintaining efficient Git workflows. [NOTE] ==== -Other patterns build upon these concepts, making this an ideal starting point for your validated patterns journey. +As of December 12, 2023, ESO is not officially supported by Red Hat as a product. ==== -== Deploying the Multicloud GitOps pattern +ESO's custom file format and utilities streamlines secret management by allowing file references and supporting encrypted secret storage. The design prioritizes security through multi-layer encryption and simplifies key management. In particular the ini key type is especially helpful for handling AWS credentials, where mismanagement could lead to unauthorized use and potential financial or operational issues. + +Validated Patterns primary backend secret store is HashiCorp Vault It acts as a centralized service for securely managing secrets, such as passwords, API keys, and certificates. + +Unlike other secret management systems tied to specific cloud providers for example AWS Secrets Manager or Azure Key Vault, Vault can be deployed across different clouds, on bare-metal systems, and in hybrid environments. This cross-platform support made it a popular and practical choice for maintaining a consistent secrets management strategy. +== Configuring Secrets +Secret management in validated patterns follows GitOps best practices while maintaining security. Here's how to configure your secrets: -//Include Procedure module here -[id="installing-validated-patterns-operator_{context}"] -== Installing the {validated-patterns-op} +=== Using Vault for Secret Management +. Access the Vault instance deployed by the pattern +. Initialize Vault and obtain root tokens +. Configure secret engines: ++ +[source,bash] +---- +vault secrets enable -path=secret kv-v2 +---- -//Include Procedure module here -[id="create-pattern-instance_{context}"] -== Creating the Multicloud GitOps instance +=== Storing Pattern Secrets -. \ No newline at end of file +. Create a new secret: ++ +[source,bash] +---- +vault kv put secret/pattern-name/credentials \ + username="admin" \ + password="secure-password" +---- + +. Reference secrets in your GitOps configurations: ++ +[source,yaml] +---- +apiVersion: v1 +kind: Secret +metadata: + name: pattern-secret +stringData: + credentials: ${vault:secret/data/pattern-name/credentials} +---- + +[TIP] +==== +For more detailed information about secret management, refer to the comprehensive guide at https://validatedpatterns.io/learn/ +==== + +== Next Steps + +* Explore the deployed components in your OpenShift console +* Review the GitOps repositories created by the pattern +* Try modifying the configuration to understand the GitOps workflow +* Consider exploring other validated patterns that build on this foundation + +[IMPORTANT] +==== +Remember to consult the official documentation at validatedpatterns.io for detailed information about specific features and advanced configurations. +==== \ No newline at end of file diff --git a/content/learn/quickstart.adoc b/content/learn/quickstart.adoc index 15b5ee331..484b29bca 100644 --- a/content/learn/quickstart.adoc +++ b/content/learn/quickstart.adoc @@ -53,57 +53,4 @@ Before beginning, ensure you have the following: * Local Git repository with pattern manifests * Proper network policies configured -== Configuring Secrets - -Secret management in validated patterns follows GitOps best practices while maintaining security. Here's how to configure your secrets: - -=== Using Vault for Secret Management - -. Access the Vault instance deployed by the pattern -. Initialize Vault and obtain root tokens -. Configure secret engines: -+ -[source,bash] ----- -vault secrets enable -path=secret kv-v2 ----- - -=== Storing Pattern Secrets - -. Create a new secret: -+ -[source,bash] ----- -vault kv put secret/pattern-name/credentials \ - username="admin" \ - password="secure-password" ----- - -. Reference secrets in your GitOps configurations: -+ -[source,yaml] ----- -apiVersion: v1 -kind: Secret -metadata: - name: pattern-secret -stringData: - credentials: ${vault:secret/data/pattern-name/credentials} ----- - -[TIP] -==== -For more detailed information about secret management, refer to the comprehensive guide at https://validatedpatterns.io/learn/ -==== - -== Next Steps - -* Explore the deployed components in your OpenShift console -* Review the GitOps repositories created by the pattern -* Try modifying the configuration to understand the GitOps workflow -* Consider exploring other validated patterns that build on this foundation - -[IMPORTANT] -==== -Remember to consult the official documentation at validatedpatterns.io for detailed information about specific features and advanced configurations. -==== + From 6d60263908bfb9fc1767bb83d24e99b0ed51d321 Mon Sep 17 00:00:00 2001 From: Kevin Quinn Date: Tue, 5 Nov 2024 17:09:14 +0000 Subject: [PATCH 11/28] Adding secret content 2 --- .../learn/getting-started-secret-management.adoc | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/content/learn/getting-started-secret-management.adoc b/content/learn/getting-started-secret-management.adoc index 6fb0881a6..7a7d22ec4 100644 --- a/content/learn/getting-started-secret-management.adoc +++ b/content/learn/getting-started-secret-management.adoc @@ -55,13 +55,22 @@ Secret management in validated patterns follows GitOps best practices while main === Using Vault for Secret Management -. Access the Vault instance deployed by the pattern -. Initialize Vault and obtain root tokens +. Access the Vault instance deployed by the pattern. + +.. Click on the nine box in the UI, choose the Vault and you are taken to the Vault’s UI. + +.. Log in with the root token from the vaultkeys secret in the imperative space. Retrieve this be running the following command: ++ +[source,bash] +---- +$ oc extract -n imperative secret/vaultkeys --to=- --keys=vault_data_json 2>/dev/null | jq -r ".root_token" +---- + . Configure secret engines: + [source,bash] ---- -vault secrets enable -path=secret kv-v2 +$ vault secrets enable -path=secret kv-v2 ---- === Storing Pattern Secrets From 1fad8f6804fbbde185d5c716a8c5a572cbc4b8ce Mon Sep 17 00:00:00 2001 From: Kevin Quinn Date: Wed, 6 Nov 2024 14:21:09 +0000 Subject: [PATCH 12/28] Adding secret content 3 --- .../getting-started-multi-cloud-gitops.adoc | 79 +++++++++++++------ 1 file changed, 55 insertions(+), 24 deletions(-) diff --git a/content/learn/getting-started-multi-cloud-gitops.adoc b/content/learn/getting-started-multi-cloud-gitops.adoc index fad99b432..1e166ba63 100644 --- a/content/learn/getting-started-multi-cloud-gitops.adoc +++ b/content/learn/getting-started-multi-cloud-gitops.adoc @@ -110,13 +110,13 @@ $ git push origin my-branch The idea of creating a local branch and pushing this to origin allows you scope to customize the base Multicloud GitOps. ==== -You can proceed to install the Multicloud GitOps pattern by using the web console or from command line. +You can proceed to install the Multicloud GitOps pattern by using the web console or from command line by using the script `./pattern.sh` script. To install the Multicloud GitOps pattern by using the the web console you must first install the Validated Patterns Operator. The Validated Patterns Operator installs and manages Validated Patterns. //Include Procedure module here [id="installing-validated-patterns-operator_{context}"] -== Installing the {validated-patterns-op} +== Installing the {validated-patterns-op} using the web console .Prerequisites * Access to an {ocp} cluster using an account with `cluster-admin` permissions. @@ -186,58 +186,55 @@ To know the cluster group name for the patterns that you want to deploy, check t .. Optional: You might need to change the *Target Revision* field. The default value is `HEAD`. However, you can also provide a value for a branch, tag, or commit that you want to deploy. For example, `v2.1`, `main`, or a branch that you created, `my-branch`. . Click *Create*. -.Verification - The {rh-gitops} Operator displays in list of *Installed Operators*. The {rh-gitops} Operator installs the remaining assets and artifacts for this pattern. To view the installation of these assets and artifacts, such as {rh-rhacm-first}, ensure that you switch to *Project:All Projects*. -The deployment will not take long but it should deploy successfully. - -Verify that the *hello-world* application deployed successfully as follows: - -. Navigate to the *Networking* -> *Routes* menu options. +The `config-demo` project when viewed through the *Hub ArgoCD* UI from the nines menu is stuck in a `Degraded` state. This is the expected behavior when installing using the OpenShift Container Platform console. -. Select the *hello-world* *Project*. - -. Click on the *Location URL*. This should reveal the following: +* Run the following command to load the secrets into the vault: + [source,terminal] ---- -Hello World! +$ /pattern.sh make load-secrets +---- ++ +[NOTE] +==== +You must have created a local copy of the secret values file by running the following command: -Hub Cluster domain is 'apps.aws-hub-cluster.openshift.org' -Pod is running on Local Cluster Domain 'apps.aws-hub-cluster.openshift.org' +[source,terminal] +---- +./pattern.sh make load-secrets ---- -+ -For more information about post-installation instructions for a pattern, see its _Getting started_ page. +==== -Alternatively you can deploy the Multicloud GitOps pattern by using the command line script `pattern.sh` +The deployment will not take long but it should deploy successfully. -. Deploy the pattern by running `./pattern.sh make install` or by using the link:/infrastructure/using-validated-pattern-operator/[Validated Patterns Operator]. +Alternatively you can deploy the Multicloud GitOps pattern by using the command line script `pattern.sh` [id="deploying-cluster-using-patternsh-file"] == Deploying the cluster by using the pattern.sh file To deploy the cluster by using the `pattern.sh` file, complete the following steps: -. Login to your cluster by running the following command: +. Log in to your cluster by running the following command: + [source,terminal] ---- - oc login +$ oc login ---- + Optional: Set the `KUBECONFIG` variable for the `kubeconfig` file path: + [source,terminal] ---- - export KUBECONFIG=~/ +$ export KUBECONFIG=~/ ---- . Deploy the pattern to your cluster. Run the following command: + [source,terminal] ---- - ./pattern.sh make install +$ ./pattern.sh make install ---- . Verify that the Operators have been installed. @@ -247,5 +244,39 @@ Optional: Set the `KUBECONFIG` variable for the `kubeconfig` file path: + image::multicloud-gitops/multicloud-gitops-argocd.png[Multicloud GitOps Hub] +As part of installing by using the script `pattern.sh` pattern, HashiCorp Vault is installed. the load-secrets makefile target. Running `./pattern.sh make install` also calls the `load-secrets` makefile target. This `load-secrets` target looks for a yaml file describing the secrets to be loaded into vault and in case it cannot find one it will use the `values-secret.yaml.template` file in the git repo to try and generate random secrets. + +For more information, see section on https://validatedpatterns.io/secrets/vault/[Vault]. + +.Verification -As part of this pattern, HashiCorp Vault has been installed. Refer to the section on https://validatedpatterns.io/secrets/vault/[Vault]. +Verify that the *hello-world* application deployed successfully as follows: + +. Navigate to the *Networking* -> *Routes* menu options. + +. Select the *hello-world* *Project*. + +. Click on the *Location URL*. This should reveal the following: ++ +[source,terminal] +---- +Hello World! + +Hub Cluster domain is 'apps.aws-hub-cluster.openshift.org' +Pod is running on Local Cluster Domain 'apps.aws-hub-cluster.openshift.org' +---- + +Verify that the *config-demo* application deployed successfully as follows: + +. Navigate to the *Networking* -> *Routes* menu options. + +. Select the *config-demo* *Project*. + +. Click on the *Location URL*. This should reveal the following: ++ +[source,terminal] +---- +Hub Cluster domain is 'apps.ci-ln-b7ib8bt-76ef8.aws-2.ci.openshift.org' +Pod is running on Local Cluster Domain 'apps.ci-ln-b7ib8bt-76ef8.aws-2.ci.openshift.org' +The secret is secret +---- From 25b94d0fc075d751b5cd9916c16be9c4d3f70b77 Mon Sep 17 00:00:00 2001 From: Kevin Quinn Date: Wed, 6 Nov 2024 15:08:45 +0000 Subject: [PATCH 13/28] Adding secret example configuration --- .../getting-started-multi-cloud-gitops.adoc | 4 +- .../getting-started-secret-management.adoc | 168 ++++++++++++++++-- 2 files changed, 151 insertions(+), 21 deletions(-) diff --git a/content/learn/getting-started-multi-cloud-gitops.adoc b/content/learn/getting-started-multi-cloud-gitops.adoc index 1e166ba63..d4a01764d 100644 --- a/content/learn/getting-started-multi-cloud-gitops.adoc +++ b/content/learn/getting-started-multi-cloud-gitops.adoc @@ -203,7 +203,7 @@ You must have created a local copy of the secret values file by running the foll [source,terminal] ---- -./pattern.sh make load-secrets +$ ./pattern.sh make load-secrets ---- ==== @@ -248,7 +248,7 @@ As part of installing by using the script `pattern.sh` pattern, HashiCorp Vault For more information, see section on https://validatedpatterns.io/secrets/vault/[Vault]. -.Verification +.Verification of test pages Verify that the *hello-world* application deployed successfully as follows: diff --git a/content/learn/getting-started-secret-management.adoc b/content/learn/getting-started-secret-management.adoc index 7a7d22ec4..493c738f9 100644 --- a/content/learn/getting-started-secret-management.adoc +++ b/content/learn/getting-started-secret-management.adoc @@ -66,40 +66,170 @@ Secret management in validated patterns follows GitOps best practices while main $ oc extract -n imperative secret/vaultkeys --to=- --keys=vault_data_json 2>/dev/null | jq -r ".root_token" ---- -. Configure secret engines: +=== Adding a Secret to the Multicloud GitOps Pattern + +Follow these steps to create a new branch clone of your fork of the Multicloud GitOps pattern and add a new secret to the configuration: + +. Navigate to the Multicloud GitOps pattern repositor. + -[source,bash] +[source,terminal] ---- -$ vault secrets enable -path=secret kv-v2 +$ cd ---- -=== Storing Pattern Secrets +. Create a new branch named `mysecret` by running the following command: ++ +[source,terminal] +---- +$ vi +---- -. Create a new secret: +. Edit the existing `~/values-secret-multicloud-gitops.yaml` + -[source,bash] +[source,terminal] ---- -vault kv put secret/pattern-name/credentials \ - username="admin" \ - password="secure-password" +$ vi ~/values-secret-multicloud-gitops.yaml ---- -. Reference secrets in your GitOps configurations: +. Add the following block to define a new top-level secret called `mysecret`: + [source,yaml] ---- -apiVersion: v1 -kind: Secret +secrets: + - name: mysecret + vaultPrefixes: + - global + fields: + - name: foo + onMissingValue: generate + - name: bar + onMissingValue: generate +---- + +. Load the secrets into the Vault by running the following command: ++ +[source,terminal] +---- +./pattern.sh make load-secrets +---- + +. Verify the secret in the Vault UI. + +.. Access the Vault's web UI. + +.. Navigate to the `global` namespace or prefix where your secrets are stored. + +.. Verify that the mysecret entry exists and contains the foo and bar fields with auto-generated values. + +. Push the Changes to Your Fork: + +.. Add the modified file to your Git repository: ++ +---- +$ git add -u +---- + +.. Commit your changes: ++ +---- +$ git commit -m "Added mysecret-external-secret to create mysecret-secret in config-demo" +---- + +.. Push your branch to the origin of your fork: ++ +---- +$ git push origin mysecret +---- + +=== Creating a new External Secret in OpenShift GitOps + +Follow these steps to create and deploy a new external secret in your GitOps repository. + +. Navigate to the `charts/all/config-demo/templates` directory in your repository: ++ +---- +$ cd charts/all/config-demo/templates +---- + +. Create a new YAML file named `mysecret-external-secret.yaml`: ++ +---- +$ touch mysecret-external-secret.yaml +---- + +. Open the file in your preferred text editor: ++ +---- +$ vi mysecret-external-secret.yaml +---- + +. Add the following content to define a new external secret using the format of the existing template: + +[source,yaml] +---- +--- +apiVersion: "external-secrets.io/v1beta1" +kind: ExternalSecret metadata: - name: pattern-secret -stringData: - credentials: ${vault:secret/data/pattern-name/credentials} + name: mysecret-secret <1> + namespace: config-demo +spec: + refreshInterval: 15s <2> + secretStoreRef: <3> + name: {{ .Values.secretStore.name }} + kind: {{ .Values.secretStore.kind }} + target: + name: mysecret-secret + template: + type: Opaque + dataFrom: <4> + - extract: + key: {{ .Values.mysecret.key }} ---- -[TIP] -==== -For more detailed information about secret management, refer to the comprehensive guide at https://validatedpatterns.io/learn/ -==== +<1> *`name: mysecret-secret`*: Specifies the name of the new secret to be created in the `config-demo` namespace. +<2> *`refreshInterval: 15s`*: Sets how frequently the external secret is refreshed. +<3> *`secretStoreRef`*: References the Vault or secret store as defined in the Helm values. +<4> *`dataFrom`*: Uses `extract` to source all key-value pairs from the specified key in the Vault. + +. Add the new file to Git: ++ +---- +$ git add charts/all/config-demo/templates/mysecret-external-secret.yaml +---- + +.. Commit your changes: ++ +---- +$ git commit -m "Added mysecret-external-secret to create mysecret-secret in config-demo" +---- + +.. Push your branch to the origin of your fork: ++ +---- +$ git push origin mysecret +---- + +== Step 3: Wait for ArgoCD to Apply the Changes +. Ensure that ArgoCD is monitoring the `charts/all/config-demo` directory. +. Wait for ArgoCD to synchronize and apply the new changes. You can observe the synchronization status in the ArgoCD web UI. + +== Step 4: Verify the Secret in the Cluster +. Once ArgoCD has applied the changes, verify that the `mysecret-secret` has been created in the `config-demo` namespace: ++ +---- +oc get secret mysecret-secret -n config-demo +---- + +. Check the contents of the secret if necessary: ++ +---- +oc describe secret mysecret-secret -n config-demo +---- + +== Outcome +After completing these steps, the new `mysecret-secret` should be created and visible in the `config-demo` namespace, populated with the relevant data extracted from the Vault. + == Next Steps From 95beb3ad8d019491b95fef4cb34d5d97e33f5708 Mon Sep 17 00:00:00 2001 From: Kevin Quinn Date: Wed, 6 Nov 2024 17:48:44 +0000 Subject: [PATCH 14/28] Adding secret example configuration 2 --- .../getting-started-multi-cloud-gitops.adoc | 8 ++--- .../getting-started-secret-management.adoc | 33 +++++++++++++------ 2 files changed, 27 insertions(+), 14 deletions(-) diff --git a/content/learn/getting-started-multi-cloud-gitops.adoc b/content/learn/getting-started-multi-cloud-gitops.adoc index d4a01764d..c6d1ab85b 100644 --- a/content/learn/getting-started-multi-cloud-gitops.adoc +++ b/content/learn/getting-started-multi-cloud-gitops.adoc @@ -209,7 +209,7 @@ $ ./pattern.sh make load-secrets The deployment will not take long but it should deploy successfully. -Alternatively you can deploy the Multicloud GitOps pattern by using the command line script `pattern.sh` +Alternatively you can deploy the Multicloud GitOps pattern by using the command line script `pattern.sh`. [id="deploying-cluster-using-patternsh-file"] == Deploying the cluster by using the pattern.sh file @@ -244,7 +244,7 @@ $ ./pattern.sh make install + image::multicloud-gitops/multicloud-gitops-argocd.png[Multicloud GitOps Hub] -As part of installing by using the script `pattern.sh` pattern, HashiCorp Vault is installed. the load-secrets makefile target. Running `./pattern.sh make install` also calls the `load-secrets` makefile target. This `load-secrets` target looks for a yaml file describing the secrets to be loaded into vault and in case it cannot find one it will use the `values-secret.yaml.template` file in the git repo to try and generate random secrets. +As part of installing by using the script `pattern.sh` pattern, HashiCorp Vault is installed. Running `./pattern.sh make install` also calls the `load-secrets` makefile target. This `load-secrets` target looks for a yaml file describing the secrets to be loaded into vault and in case it cannot find one it will use the `values-secret.yaml.template` file in the git repo to try and generate random secrets. For more information, see section on https://validatedpatterns.io/secrets/vault/[Vault]. @@ -276,7 +276,7 @@ Verify that the *config-demo* application deployed successfully as follows: + [source,terminal] ---- -Hub Cluster domain is 'apps.ci-ln-b7ib8bt-76ef8.aws-2.ci.openshift.org' -Pod is running on Local Cluster Domain 'apps.ci-ln-b7ib8bt-76ef8.aws-2.ci.openshift.org' +Hub Cluster domain is 'apps.aws-hub-cluster.openshift.org' +Pod is running on Local Cluster Domain 'apps.aws-hub-cluster.openshift.org' The secret is secret ---- diff --git a/content/learn/getting-started-secret-management.adoc b/content/learn/getting-started-secret-management.adoc index 493c738f9..c857ccdb7 100644 --- a/content/learn/getting-started-secret-management.adoc +++ b/content/learn/getting-started-secret-management.adoc @@ -45,7 +45,7 @@ As of December 12, 2023, ESO is not officially supported by Red Hat as a product ESO's custom file format and utilities streamlines secret management by allowing file references and supporting encrypted secret storage. The design prioritizes security through multi-layer encryption and simplifies key management. In particular the ini key type is especially helpful for handling AWS credentials, where mismanagement could lead to unauthorized use and potential financial or operational issues. -Validated Patterns primary backend secret store is HashiCorp Vault It acts as a centralized service for securely managing secrets, such as passwords, API keys, and certificates. +Validated Patterns primary backend secret store is HashiCorp Vault. HashiCorp Vault acts as a centralized service for securely managing secrets, such as passwords, API keys, and certificates. Unlike other secret management systems tied to specific cloud providers for example AWS Secrets Manager or Azure Key Vault, Vault can be deployed across different clouds, on bare-metal systems, and in hybrid environments. This cross-platform support made it a popular and practical choice for maintaining a consistent secrets management strategy. @@ -81,7 +81,7 @@ $ cd + [source,terminal] ---- -$ vi +$ git checkout -b mysecret ---- . Edit the existing `~/values-secret-multicloud-gitops.yaml` @@ -106,6 +106,7 @@ secrets: onMissingValue: generate ---- + . Load the secrets into the Vault by running the following command: + [source,terminal] @@ -125,40 +126,46 @@ secrets: .. Add the modified file to your Git repository: + +[source,terminal] ---- $ git add -u ---- .. Commit your changes: + +[source,terminal] ---- -$ git commit -m "Added mysecret-external-secret to create mysecret-secret in config-demo" +$ git commit -m "Adding a Secret to Multicloud GitOps Patternn in config-demo" ---- .. Push your branch to the origin of your fork: + +[source,terminal] ---- $ git push origin mysecret ---- -=== Creating a new External Secret in OpenShift GitOps +=== Creating a new external secret in OpenShift GitOps Follow these steps to create and deploy a new external secret in your GitOps repository. . Navigate to the `charts/all/config-demo/templates` directory in your repository: + +[source,terminal] ---- $ cd charts/all/config-demo/templates ---- . Create a new YAML file named `mysecret-external-secret.yaml`: + +[source,terminal] ---- $ touch mysecret-external-secret.yaml ---- . Open the file in your preferred text editor: + +[source,terminal] ---- $ vi mysecret-external-secret.yaml ---- @@ -194,37 +201,43 @@ spec: . Add the new file to Git: + +[source,terminal] ---- $ git add charts/all/config-demo/templates/mysecret-external-secret.yaml ---- .. Commit your changes: + +[source,terminal] ---- $ git commit -m "Added mysecret-external-secret to create mysecret-secret in config-demo" ---- .. Push your branch to the origin of your fork: + +[source,terminal] ---- $ git push origin mysecret ---- -== Step 3: Wait for ArgoCD to Apply the Changes . Ensure that ArgoCD is monitoring the `charts/all/config-demo` directory. + . Wait for ArgoCD to synchronize and apply the new changes. You can observe the synchronization status in the ArgoCD web UI. -== Step 4: Verify the Secret in the Cluster -. Once ArgoCD has applied the changes, verify that the `mysecret-secret` has been created in the `config-demo` namespace: +. Verify the Secret in the Cluster + +.. Once ArgoCD has applied the changes, verify that the `mysecret-secret` has been created in the `config-demo` namespace: + +[source,terminal] ---- -oc get secret mysecret-secret -n config-demo +$ oc get secret mysecret-secret -n config-demo ---- -. Check the contents of the secret if necessary: +.. Check the contents of the secret if necessary: + +[source,terminal] ---- -oc describe secret mysecret-secret -n config-demo +$ oc describe secret mysecret-secret -n config-demo ---- == Outcome From afe78c2d654a3bb5d2b6d68bfe1723fb95710d17 Mon Sep 17 00:00:00 2001 From: Kevin Quinn Date: Thu, 7 Nov 2024 14:44:42 +0000 Subject: [PATCH 15/28] Adding secret example configuration 4 --- .../getting-started-multi-cloud-gitops.adoc | 27 +++++++- .../getting-started-secret-management.adoc | 62 ++++++++++++------- 2 files changed, 64 insertions(+), 25 deletions(-) diff --git a/content/learn/getting-started-multi-cloud-gitops.adoc b/content/learn/getting-started-multi-cloud-gitops.adoc index c6d1ab85b..9a97c064a 100644 --- a/content/learn/getting-started-multi-cloud-gitops.adoc +++ b/content/learn/getting-started-multi-cloud-gitops.adoc @@ -67,6 +67,13 @@ public or private cloud by using https://console.redhat.com/openshift/create[Red $ git clone git@github.com:/multicloud-gitops.git ---- +. Navigate to your repository: Ensure you are in the root directory of your Git repository by using: ++ +[source,terminal] +---- +$ cd /path/to/your/repository +---- + . Run the following command to set the upstream repository: + [source,terminal] @@ -97,6 +104,17 @@ upstream https://github.com/validatedpatterns/multicloud-gitops.git (push) ---- $ cp values-secret.yaml.template ~/values-secret-multicloud-gitops.yaml ---- +[NOTE] +==== +The `values-secret.yaml` file is placed in your home directory so that it does not get pushed to your git repository. It is based on the `values-secrets.yaml.template` file provided by the pattern in the top level directory. When you create your own patterns you will add your secrets to this file and save. At the moment the focus is on getting started abd familiar with this base Multicloud GitOps pattern. +==== + +. Create a new feature branch, for example `my-branch` from the main branch for your content: ++ +[source,terminal] +---- +$ git checkout -b my-branch main +---- . Push your local branch named `my-branch` to the remote repository specified by origin by running the following command: + @@ -185,6 +203,11 @@ To know the cluster group name for the patterns that you want to deploy, check t .. Change the *Target Repo* URL to your forked repository URL. For example, change `+https://github.com/validatedpatterns/+` to `+https://github.com//+` .. Optional: You might need to change the *Target Revision* field. The default value is `HEAD`. However, you can also provide a value for a branch, tag, or commit that you want to deploy. For example, `v2.1`, `main`, or a branch that you created, `my-branch`. . Click *Create*. ++ +[NOTE] +==== +A pop up may throw up an error `"Oh no! Something went wrong`. It is safe to ignore this as the install of the Multicloud GitOps pattern appears unaffected. Watch the ArgoCD instances from the *Hub ArgoCD* UI in the nines menu. They will report progressing/healthy etc. on each of the apps they manage. The *Cluster Argo CD* will have the detailed status on each of the apps defined as such in the clustergroup values file. +==== The {rh-gitops} Operator displays in list of *Installed Operators*. The {rh-gitops} Operator installs the remaining assets and artifacts for this pattern. To view the installation of these assets and artifacts, such as {rh-rhacm-first}, ensure that you switch to *Project:All Projects*. @@ -194,7 +217,7 @@ The `config-demo` project when viewed through the *Hub ArgoCD* UI from the nines + [source,terminal] ---- -$ /pattern.sh make load-secrets +$ ./pattern.sh make load-secrets ---- + [NOTE] @@ -254,7 +277,7 @@ Verify that the *hello-world* application deployed successfully as follows: . Navigate to the *Networking* -> *Routes* menu options. -. Select the *hello-world* *Project*. +. From the *Project:* drop down select the *hello-world* project. . Click on the *Location URL*. This should reveal the following: + diff --git a/content/learn/getting-started-secret-management.adoc b/content/learn/getting-started-secret-management.adoc index c857ccdb7..a4c2066cd 100644 --- a/content/learn/getting-started-secret-management.adoc +++ b/content/learn/getting-started-secret-management.adoc @@ -57,7 +57,7 @@ Secret management in validated patterns follows GitOps best practices while main . Access the Vault instance deployed by the pattern. -.. Click on the nine box in the UI, choose the Vault and you are taken to the Vault’s UI. +.. Click on the nine box in the UI, choose the *Vault* and you are taken to the Vault’s UI. .. Log in with the root token from the vaultkeys secret in the imperative space. Retrieve this be running the following command: + @@ -68,20 +68,20 @@ $ oc extract -n imperative secret/vaultkeys --to=- --keys=vault_data_json 2>/dev === Adding a Secret to the Multicloud GitOps Pattern -Follow these steps to create a new branch clone of your fork of the Multicloud GitOps pattern and add a new secret to the configuration: +Follow these steps add a new secret to your forked local branch: -. Navigate to the Multicloud GitOps pattern repositor. +. Navigate to the Multicloud GitOps pattern repository by running the following command: + [source,terminal] ---- $ cd ---- -. Create a new branch named `mysecret` by running the following command: +. Switch to the branch you created in "Getting Started with Multicloud GitOps" by running the following command: + [source,terminal] ---- -$ git checkout -b mysecret +$ git checkout my-branch ---- . Edit the existing `~/values-secret-multicloud-gitops.yaml` @@ -106,7 +106,6 @@ secrets: onMissingValue: generate ---- - . Load the secrets into the Vault by running the following command: + [source,terminal] @@ -118,11 +117,13 @@ secrets: .. Access the Vault's web UI. -.. Navigate to the `global` namespace or prefix where your secrets are stored. +.. From the Dashboard menu navigate to the `secret/` secrets engine where your secrets are stored. + +.. Expand the `global` folder. -.. Verify that the mysecret entry exists and contains the foo and bar fields with auto-generated values. +.. Verify that the `mysecret` entry exists and contains the `foo` and `bar` fields with auto-generated values. -. Push the Changes to Your Fork: +. Push the changes to your Fork: .. Add the modified file to your Git repository: + @@ -135,14 +136,14 @@ $ git add -u + [source,terminal] ---- -$ git commit -m "Adding a Secret to Multicloud GitOps Patternn in config-demo" +$ git commit -m "Adding a Secret to Multicloud GitOps Pattern in config-demo" ---- .. Push your branch to the origin of your fork: + [source,terminal] ---- -$ git push origin mysecret +$ git push origin my-branch ---- === Creating a new external secret in OpenShift GitOps @@ -160,7 +161,7 @@ $ cd charts/all/config-demo/templates + [source,terminal] ---- -$ touch mysecret-external-secret.yaml +$ vi mysecret-external-secret.yaml ---- . Open the file in your preferred text editor: @@ -171,14 +172,14 @@ $ vi mysecret-external-secret.yaml ---- . Add the following content to define a new external secret using the format of the existing template: - ++ [source,yaml] ---- --- apiVersion: "external-secrets.io/v1beta1" kind: ExternalSecret metadata: - name: mysecret-secret <1> + name: config-demo-mysecret <1> namespace: config-demo spec: refreshInterval: 15s <2> @@ -186,24 +187,39 @@ spec: name: {{ .Values.secretStore.name }} kind: {{ .Values.secretStore.kind }} target: - name: mysecret-secret + name: config-demo-mysecret template: type: Opaque dataFrom: <4> - extract: - key: {{ .Values.mysecret.key }} + key: {{ .Values.configdemomysecret.key }} ---- ++ +<1> Specifies the name of the new secret to be created in the `config-demo` namespace. +<2> Sets how frequently the external secret is refreshed. +<3> References the Vault or secret store as defined in the Helm values. +<4> Uses `extract` to source all key-value pairs from the specified key in the Vault. -<1> *`name: mysecret-secret`*: Specifies the name of the new secret to be created in the `config-demo` namespace. -<2> *`refreshInterval: 15s`*: Sets how frequently the external secret is refreshed. -<3> *`secretStoreRef`*: References the Vault or secret store as defined in the Helm values. -<4> *`dataFrom`*: Uses `extract` to source all key-value pairs from the specified key in the Vault. +. Edit the chart's `values.yaml` file to reflect this new external secret: ++ +[source,terminal] +---- +$ vi ~/multicloud-gitops/charts/all/config-demo/values.yaml +---- + +.. Add the following content: ++ +[source,yaml] +---- +configdemomysecret: + key: secret/data/global/config-demo +---- -. Add the new file to Git: +. Add the new file to git: + [source,terminal] ---- -$ git add charts/all/config-demo/templates/mysecret-external-secret.yaml +$ git add . ---- .. Commit your changes: @@ -217,7 +233,7 @@ $ git commit -m "Added mysecret-external-secret to create mysecret-secret in con + [source,terminal] ---- -$ git push origin mysecret +$ git push origin my-branch ---- . Ensure that ArgoCD is monitoring the `charts/all/config-demo` directory. From c265ea668be609f865770901ed4f73388de55649 Mon Sep 17 00:00:00 2001 From: Kevin Quinn Date: Thu, 7 Nov 2024 14:49:13 +0000 Subject: [PATCH 16/28] Adding secret example configuration 5 --- content/learn/getting-started-secret-management.adoc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/content/learn/getting-started-secret-management.adoc b/content/learn/getting-started-secret-management.adoc index a4c2066cd..bbfdfeed9 100644 --- a/content/learn/getting-started-secret-management.adoc +++ b/content/learn/getting-started-secret-management.adoc @@ -242,22 +242,22 @@ $ git push origin my-branch . Verify the Secret in the Cluster -.. Once ArgoCD has applied the changes, verify that the `mysecret-secret` has been created in the `config-demo` namespace: +.. Once ArgoCD has applied the changes, verify that the `config-demo-mysecret` has been created in the `config-demo` namespace: + [source,terminal] ---- -$ oc get secret mysecret-secret -n config-demo +$ oc get secret config-demo-mysecret -n config-demo ---- .. Check the contents of the secret if necessary: + [source,terminal] ---- -$ oc describe secret mysecret-secret -n config-demo +$ oc describe secret config-demo-mysecret -n config-demo ---- == Outcome -After completing these steps, the new `mysecret-secret` should be created and visible in the `config-demo` namespace, populated with the relevant data extracted from the Vault. +After completing these steps, the new `config-demo-mysecret` should be created and visible in the `config-demo` namespace, populated with the relevant data extracted from the Vault. == Next Steps From b4a059c926ac543679dec2eb02b0a9959145c0a7 Mon Sep 17 00:00:00 2001 From: Kevin Quinn Date: Thu, 7 Nov 2024 17:05:54 +0000 Subject: [PATCH 17/28] Adding secret example configuration 6 --- .../getting-started-multi-cloud-gitops.adoc | 21 ++++++--- .../getting-started-secret-management.adoc | 43 +++++++------------ 2 files changed, 31 insertions(+), 33 deletions(-) diff --git a/content/learn/getting-started-multi-cloud-gitops.adoc b/content/learn/getting-started-multi-cloud-gitops.adoc index 9a97c064a..d7036931b 100644 --- a/content/learn/getting-started-multi-cloud-gitops.adoc +++ b/content/learn/getting-started-multi-cloud-gitops.adoc @@ -47,6 +47,16 @@ Other patterns build upon these concepts, making this an ideal starting point fo $ oc get storageclass -o custom-columns=NAME:.metadata.name,PROVISIONER:.provisioner,DEFAULT:.metadata.annotations."storageclass\.kubernetes\.io/is-default-class" ---- + +.Example output ++ +[source,terminal] +---- +NAME PROVISIONER DEFAULT +gp2-csi ebs.csi.aws.com +gp3-csi ebs.csi.aws.com true + +---- + * Optional: A second OpenShift cluster for multicloud demonstration. //Replaced git and podman prereqs with the tooling dependencies page * https://validatedpatterns.io/learn/quickstart/[Install the tooling dependencies]. @@ -104,12 +114,13 @@ upstream https://github.com/validatedpatterns/multicloud-gitops.git (push) ---- $ cp values-secret.yaml.template ~/values-secret-multicloud-gitops.yaml ---- ++ [NOTE] ==== The `values-secret.yaml` file is placed in your home directory so that it does not get pushed to your git repository. It is based on the `values-secrets.yaml.template` file provided by the pattern in the top level directory. When you create your own patterns you will add your secrets to this file and save. At the moment the focus is on getting started abd familiar with this base Multicloud GitOps pattern. ==== -. Create a new feature branch, for example `my-branch` from the main branch for your content: +. Create a new feature branch, for example `my-branch` from the `main` branch for your content: + [source,terminal] ---- @@ -211,9 +222,9 @@ A pop up may throw up an error `"Oh no! Something went wrong`. It is safe to ign The {rh-gitops} Operator displays in list of *Installed Operators*. The {rh-gitops} Operator installs the remaining assets and artifacts for this pattern. To view the installation of these assets and artifacts, such as {rh-rhacm-first}, ensure that you switch to *Project:All Projects*. -The `config-demo` project when viewed through the *Hub ArgoCD* UI from the nines menu is stuck in a `Degraded` state. This is the expected behavior when installing using the OpenShift Container Platform console. +The `config-demo` project when viewed through the *Hub ArgoCD* UI from the nines menu is stuck in a `Degraded` state. This is the expected behavior when installing using the OpenShift Container Platform console. -* Run the following command to load the secrets into the vault: +* To resolve this you need to run the following to load the secrets into the vault: + [source,terminal] ---- @@ -226,7 +237,7 @@ You must have created a local copy of the secret values file by running the foll [source,terminal] ---- -$ ./pattern.sh make load-secrets +$ cp values-secret.yaml.template ~/values-secret-multicloud-gitops.yaml ---- ==== @@ -301,5 +312,5 @@ Verify that the *config-demo* application deployed successfully as follows: ---- Hub Cluster domain is 'apps.aws-hub-cluster.openshift.org' Pod is running on Local Cluster Domain 'apps.aws-hub-cluster.openshift.org' -The secret is secret +The secret is `secret` ---- diff --git a/content/learn/getting-started-secret-management.adoc b/content/learn/getting-started-secret-management.adoc index bbfdfeed9..7215d6e62 100644 --- a/content/learn/getting-started-secret-management.adoc +++ b/content/learn/getting-started-secret-management.adoc @@ -110,7 +110,7 @@ secrets: + [source,terminal] ---- -./pattern.sh make load-secrets +$ ./pattern.sh make load-secrets ---- . Verify the secret in the Vault UI. @@ -123,29 +123,6 @@ secrets: .. Verify that the `mysecret` entry exists and contains the `foo` and `bar` fields with auto-generated values. -. Push the changes to your Fork: - -.. Add the modified file to your Git repository: -+ -[source,terminal] ----- -$ git add -u ----- - -.. Commit your changes: -+ -[source,terminal] ----- -$ git commit -m "Adding a Secret to Multicloud GitOps Pattern in config-demo" ----- - -.. Push your branch to the origin of your fork: -+ -[source,terminal] ----- -$ git push origin my-branch ----- - === Creating a new external secret in OpenShift GitOps Follow these steps to create and deploy a new external secret in your GitOps repository. @@ -239,8 +216,10 @@ $ git push origin my-branch . Ensure that ArgoCD is monitoring the `charts/all/config-demo` directory. . Wait for ArgoCD to synchronize and apply the new changes. You can observe the synchronization status in the ArgoCD web UI. ++ +The new `config-demo-mysecret` should be created and visible in the `config-demo` project, populated with the relevant data extracted from the Vault. -. Verify the Secret in the Cluster +. Verify the secret in the Cluster: .. Once ArgoCD has applied the changes, verify that the `config-demo-mysecret` has been created in the `config-demo` namespace: + @@ -255,10 +234,18 @@ $ oc get secret config-demo-mysecret -n config-demo ---- $ oc describe secret config-demo-mysecret -n config-demo ---- ++ +.Expected output ++ +[source,terminal] +---- +NAME TYPE DATA AGE +config-demo-mysecret Opaque 1 25s +---- -== Outcome -After completing these steps, the new `config-demo-mysecret` should be created and visible in the `config-demo` namespace, populated with the relevant data extracted from the Vault. +.. In the OpenShift Container Platform web console, select the *config-demo* *Project*. +.. Select the *config-demo-mysecret* to review the secret details. == Next Steps @@ -269,5 +256,5 @@ After completing these steps, the new `config-demo-mysecret` should be created a [IMPORTANT] ==== -Remember to consult the official documentation at validatedpatterns.io for detailed information about specific features and advanced configurations. +Remember to consult the official documentation at link:https://validatedpatterns.io/[Validated Patterns] for detailed information about specific features and advanced configurations. ==== \ No newline at end of file From eeafdc0a0aecbe34d9c3c7625c4c36bc1f16a515 Mon Sep 17 00:00:00 2001 From: Kevin Quinn Date: Thu, 7 Nov 2024 17:06:35 +0000 Subject: [PATCH 18/28] Adding secret example configuration 7 --- .../multicloud-gitops/config-demo-mysecret.png | Bin 0 -> 56286 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 static/images/multicloud-gitops/config-demo-mysecret.png diff --git a/static/images/multicloud-gitops/config-demo-mysecret.png b/static/images/multicloud-gitops/config-demo-mysecret.png new file mode 100644 index 0000000000000000000000000000000000000000..5f59407474b57b1ec5dc47677fccdaa601e5c5e3 GIT binary patch literal 56286 zcmdSBcT|(>w>9e4t!@>>1`1Lv6zN;4fPjjC0qF#!geaZRq=p_Vs5A{tx^zf@NC`+6 z5s+R3(osqvp?3%&_sNF+JO7+9ZW-VC?!6g~K@8!o>sf2gx#oJ`YHO-8o@6_D=+GfX z$b%WeHPxN&hC&78F-0Myz&J^!vjC9~#|uJPeM6{yP5HZ|La$+e3HmowYsq{OP4X;|@M$KlYsW;BC;| zPbc=@etmN0f9R{S+3%RE@O93?FWQszGt@?%=gQmL+v6mDAu}}R_ZspK4&Xjy?T*{h zr|0GFS8ohQuz(XDJ#`q>=k!F%Cb&wR5&cMkTchmnJnpb1TxY3_O zH~p#3V6h$Er_K22SY-}{iF2keZ)k9`!l)lN<~20+$No;tZXe?96f$~2*q^z zbl-S#Am+}VAI79KtRaLd(;#!~ z!M62<^(SS0b&qc@_H|x;nVKhUl<&a0oeRrxd!AK1gsM=WtXZ&zb|?e}_}BDwOsJ6K zaW&mO$pl%i$Kfgrms2O3BGl2*!c_I3({mrVDQt0)2>qB~byryVnRKC8@u9|Ma4^&D zNhx2&{}`<4hr?u1DfDx?`_kvcUPyC{AU2fTPcj|ncN`o~)8$eBJ~J^JtKmj$)gO;N z#4%iBQdL8;qM4>G%=RZYBJR+t2MfJlp62|S<^+>#ArPQxs-c~IZI|)LO-+xvPKCiQ z;I42CmPXLp9c3?isa@{N`%sE}{b&E4n9uqgr-j`s)ZQ9tKwc-G@t^zr?3J(J^UR2d zh&XBc)Rn2`W}6Wo$}&j89++ZE`owZrK=eld+Z4YB+L8#t56S<|W zO=Ejy8nQ&x&q0^+YV0cYShq$Rz7^X^)icC95w000hp>v<&Z3o#tNk+GT@cL4Y%|Vz zRFKLh>H4TRAVWQ-H~AC|jjYEY2<3_8p0nvPMVa>9ll&O%f_Jj+yZZjs^Lb(!>H{6K z6n`$fV~?7=@4A5tuA7ZU;bNnaZxQmL;-j+`>#|&*wfy;`3s_3cWgaM7GJ?8 z<&?R!^c2$lu|QGqWl&HxwWL%Q`Bugv|1Q<1+;=f4fPF23`iS<&%SdM(GfC&Z`{LH^ zeX3mk*>eN((AtW33yNM>AaT;p&!^i=&Mf+y)&#)d?j$xFiq=b1@662!3775*knVbL z@+B};U&`0#iZhM1O2uAHx{&TRlhWS&I=+>WnKYxK>6zAnB6ND*(60OV*So&SW3-Ri z&eeOmifgpxqgp$$xazqa@Jk8Xr8AU*yDx*X{mKeYa85M-L0#{8|73%B&TlnS7CE0X zp~|FE(OzsPUi`ERj!v&YE@CDclM%Ghk>)7-R84ugV}5CNeTaatoVO>mEzfQ9QkS*WSNR*>`Gh zOxAxoM1htX%)7fBKZ>GN%{XRVAJR;IE4TFLKX>D6{Ibg7Her*}9C*zi8)J*ZRanaA zV&lx_-x9r?)@tY&Lziu*Q3R8CTJEw@*3C54?>@q!xZlk&(%~geqnGBrz#53!p3Q9+ z%TTk6SY+}2xGn4D<#of?Q%e|LAlA3Rzok11B&%qRU!ffa8|@Ez{W^%nF7+cPOa;;rWgZ*|0^ zpEENPFv$#Ilgj3r_nJx5_O@=ZW)h;!syzKXJd!r1_w?y!-3&Dzh=4)voAzYd5T~_@ zQK{3*09I+00eN|gVya2O>$q33`z3-V?9AQCz{p4dH{WdUe!TEP==0w)3ll|VRW-Bc z7ds8GQ&VKfpePRU*XZeCk2hWZH1ZMvoJvDe{%Sndrnp=UPCD;yt6x_ z1zz>@RzqmsUbcl))hLm9YFk_H+>`xE{}t70GIC)?*>j76)m2`!z1;dhHb&@3ga!cBOS8Qlc+(QheFWcwA&>IT_ zS;(&4mOG)5&XV);Om{XBpHpPr&zQHCG7MU)0iapN|UXm z;^+LqT`(!KY18gXRgUD>Q;~G))n1)$M-Q;e*sZsZRG`xft(tFmAdqF{_kZE>x!VmWu7@9s=&!l7B7!Vuk>y(0wNA`;R2`FVGSde%9f zN(qad3vG$gitYVvaKg+@3uu|EvOh(`+3LsmRU}e+oiqSjtf2+GXxwt?JhM)%4v&*` z%$3N|Yv~a;2{ELqhOwnpdMk8hf2dnus4$A+akKWA?}o_xx>F3-;pKitdRc9qz5M5) zibfVR$S+dbtU@17Z#iZOuuM{;JMPa9LG}n90##?so}+rWZt%q zQbrd=OnY}2Kajnh1`46cemk!f_P$hkQYiEyOzLgIt=l<$G^#9?n;)IY3rfPsQq=qH~;^6ILtzNvme_G>S=j1yjEL*Sl zWQkkuJjrUMQmsh0Ac4bE=P89ZWn^l$?Rm9Hy$d^5!~v3HW9T6*&x?Eznr zHVztaKo2-*KBeVE@R1UcqY!Pl4e^yc4dgXMOigk^Vj_KsuWwJ2|Li~V&oz5S^M8BU zRyHfLU<6mV)Ars^TVHCBdx;VQNnu08gUW-*gb-gTavB{-(ZtN2jD@#(D zuB&I%ELKuX@-nA)72nCy;_QiTyR2WPs|@LGo>K3vhFzxO zpH>6LGjXdC5-XMgP)hdh_6lOBxM{H5+aed=mjhF;pqAQ~(mdCpxgrs|souIF!XcWk5`{w^yc$Jyuol&KFsSJ;{Sc)tCG2h#TOVu8CT8aLQOn z+jXbQ`goy2?0vnwYyl5k86siV6|jWd+4#h&{e1F_7I>dg!Z9Yir5suCu*$Hd*Sk7| zai>N5Q=p~hPVTdJ$v@sp#a|0F_%KC0CKinlsq@Xaez|Beroc?mXgVP0&7N7|LV}>x zTZZPyUgdH(X!MxL4^K~I!o(x3#rIZoLApQvjZ_F|t6FKX^p*E1kNk}q0@C07B3R0O z{vEa8Jh&E1lkF`w&Lee^)it)L(sZH*ZwS>P8wf}7dLVqcaKGz&v4%)V+n@UNRcid+ zE0#NjhD;FMcNawBq><6qtqFOzw@+g1`;!E8(?3&(0g1rqL`=v1?c$m+Fau7gRM+tVs-PAkTlMauUb1tIL9l_NKIWk}hpgYD+3rkyDQ%g88>~RqoMaKn6dCcc z{rzg$6^ZQWsM*aFt=TaiD%sAtS1%B!U=htdJ6@}V(JQT1i&^hO^QaSOLDkC&S)#t{ zopS?j(ENKmlJ;F{Oq{p_wr3B?Y`Sn*yA;-|toXT%j zVzPr&JVQIb)q`Xuu}hY6Wf~>#u{d`WjX@Ir8n?(2B?QxiyDwk>Prv|tGWey7UJ0YP z@pe7N*Hyy0=pgRwldi8^DBXw#Mji-PUyiV14To_V0)OqAkSsv-Dq(CET)s`+RvV~B z>Gt4a@P|r)rwt!JexGZA?aPN{+4twGYuUWXgd`g4Wokxn176VkyIy_0OVwk7y~CMu z`gLHS8rmS=IL)+dG<f>syD*COA zWF9ueRi&@Vq@N11f^9@NFgaDN<$2hS^>JFN9F50)vo4xln-!M@tS?#wmY=D?mZO)| zK@W@O1epkh?JqBlOC6jRQMB44Wtk6Ba*c`vu8dnIOc>`GP--SF6Zc*oU+#f9boH@y=OxZmtJ*iawFWK&7rXYIlB=g-CBe~)$f&wTzs>Z%Hk z7B=F>5-@KgGHtuy!4vWaIh5vm4ypI)LXMSqT)MAxDo3e&rLYW7FoW#k(H7aPAcrRf zmG}Hsotq})XGu9*qHC!x=1=5)3AUVoH$9F_xu?o1h~jNoxhm=b?z=eL%Hm2|S2h6Q zv)|u7vu$)9DbKTPLPO9ZW?!;vqJ;|{__P=vZxLD@CT{!A1nx&a6 zb3SeUTYYf3`)r|ciRMoRLaK7`Or0#AkZN`L_3PJkPy)qThkA7Y#2Kv@hE)Pc)LPYUtt#VA_+fD5}eq<3*!j0%XcIjm0>p+9lpCv#g&a`@nna&{y>u8iIMJrMIwfnj)&aEJ zbh{xvQvSZykub}EgYKiB6ER-h`vq+a{ytk=A}`3G z>WpZARW$xD7)~fyo2En<+P4$>CHMGOU@E_%V zZyx5MKC}@4Ju!{0*{Ki6^J@6e#ygbsS`1aHQ_>@6MaAM6>r)*&oV%<}t?@E?pqwe_vKbPq!!H;3!TkpVl{M zu~&{Qafh+A)laF1N-?w51-ww zg40|w7{JJ9ettN@CbwXy5i6^~Ea+oDv4bx^%bx2vv}?ANKxYVDX@P>T?N2J-eydIU zLvgTw{6IdSas7isPs|*wvqR3X)J4~Qkbme9?$rNQjr+fW&HoET_B~Zg5V|K&yP4O6 zHpqURtaN32wmZXj$cpDnkO*e56Ke@2LTQtDU z#Kgp-fxgeL`^A>+5bNpN_!gjA72F}d0#9vtXnfu8Xf>*p% zR${8LEY<91u|jMS1iFHKX~1QgYH`Vt<4mOPsTNnHThAb#JgWQpE2{s;**b2>5OU6M zC}STWOOJ;hiyLL-%ytPoli?EfrZleB+W!a`0G1Dci^P>05so0f*%w#p{ zpuO)9!!f1Gd6r;hmf)#S!oj8AHLUue@qAC?<8~#R(L#=Yz6s9VsV~<^ax&}gV3`FL z^gViOkN8S>G=IOuv}Dhn0ZVW$iX-DDq z=iRr)6%tR~&fo|zk@$py1M%YQqPKOC(fnXZ-#e>dkCpE_iML(!)nkNoSFJTH#bV9Z zPl;L`Vg(W$$&Smc`VE>6Y*LvNvgX2Z%zv1XNz zXABl=pRnm5!A3}Txh}lpmK4S%pDmshX5Vv+%YSvO%FH=M{!x1mO6@ChG36MyIqmGO2jv(KWE#Q*UPIt(3~*E^JH%nyB0+kmn;nw zt?PkIZ&@zMI|JR;gEXuGO4kQ&0@lzlO@$$%sK_msD($oaC5nu!Ej`Jmeq3zu@S#yR z-KUzN^czghZE1@y&4vYOSr$B!0Fi}93|t#6SC10G1*I@~Om+r9x*L=IM3Ozo^YgDy zGWV|8MWnq}?WjP}s!d@qkKgy7ftCTsBK|k%%YnZ?BWXW)t8W7+f>XcGZ8!TRFYefF zB$REGxX*Um^|j^z{nj~`xG;z}nU@Q|0L6DGTv@(xs8k8$E0&3bH-7~yP%0zXB(k#x z@rVXnkiHBnHn{BL$2M#mS3%{s)8pmW%M2;#I|ua1d0D^QPoLae6oR*U^Pzg@`9fln zM9!ZvnfKjT=y~%YP10>gpCax%+UFR6=qY(A#1af@Aa*Q(l@9_`GK~<*2fEBP@UoR8 zNuJqSK2I9Vh^XG)5%f(4O@P?84qo$QMOrDFv|~Qj5C_pZLIlMK`{dS+3k z)rgmcI62)+PUNOny(7m?M<*SNTlPl*ECD(!3%7>;Nk`8n)IdknZy>lJKi2N=xTwW= zVYO{DR{2{sTAN3ZO^?M|Bz;emSqclqOWwO%Bu5_XgWPPdVzo9P&KsR`r(&Q2_Jh3; zu}ci)p7U|M8cCS*e22kB&X>j8=NRO%`K(O7H7-U7qG<ZW%gLBas^*%itIhyKk=` zvM$%|0DT}Ox-VriIT3vFH#Z$-gRaY;K>F{kFe<|MmWnh-k^LdM zpbsM9G3X9t+HOvSMy$kLI-d>ikX z_s$N2x)c58uc?k?I2Y0(3xIRA?wXSl$3X_zm>*I@?^2O=gCVi9s6FQlPo&{G0!qL@ zPx)%^`hAK88jY~YPRz;4jw}#I5(`B5RE>QM=-6V6CGBT=v}Btdr0hp_7)e{pHXCGl z8ar}vG!4M?ndv+e0i)DcptZ+qV`F2KXTTb&GCw?vgG6MJ+7smj;MED`9`iy)1G(gW z99BQ}%Lqo$vSr6lhfIa9R zfAB?#_{-Ayn}VG8*RQp4VjjlDiyfmQAL9RD+;#bEkY{!sQaF$fIB3-xabIoRqnz_# z)L3L-`aOK;N8TNc3_n~*zT=+K^CCHAd-Y#Nri)VSsd9hBo6Adwy1fGF)a#cJVA^Qg zA6hRh|Gwl7+6*z*8?`W6WxrSx zP^aR*H^4^%?M7&hDMZrVpg&Ghp)22eZp(#$9eecT$rE&XT~PQBi>Jq-3gczloe(2B{*M-h=Sbz5U{pd8t}YNxN0q0wFOKS8K`B7G zTaAh`vcx?#cq2s2%F|sGX^2JN`9aCHByq!2d!~TDB(>?bM-Y$Do4^30!pb*32R-*; zYX&>YifW0u;gFupjvpU-`K?rHnp9^qI5@>@UetwCiQrx8e)|Nx=*pEL80FA+_>fOR17Lgsn!A-vA zk&4Z8yVQN)2(n2 zzBOcp`0e!uN_8X%lrV$>Y}5Vw8y)&l)644C7~cbQoP?7l+-Aip30iF9y7i!V?E1B9 zbICQ9!7SFK*^qW-!RxeRZnveUUnpK*PAAk}Nc-G-ujKi3v@+#oFmL@Z9*KCzAj z&_WV)xnBo1?1qKWsNt8!u)R4W&^%)(qX&mrWd>Ug}L>k$7$&FP;YB_a9PzrGP?LrGxeq(M|mVxb66#2)8G|@SDuI;4H zv#gGUuBM2r-*cs|1Vq%0UpzpwJZHN2`cw=zL=#BZ@fz>mc&)=)f-i_zj%nL$uP}>x zIMpmtvID5$zvm-l>^&ic9p6l9o}|e?c=#9a>TDR!4HesE@M^Ht4=yG~^7Aw)^eia@ zc#;pR$p^ld#`5afm&chr7DwelEu}ZDBef+17lHt1-i045aSIr$`|cU)NG|ew7+OyrPxR~wcZ%GKoPj4gTHX&y;g9{ z_XK8!f6(q8>Ot?F9$~vVT)evO%#?+!+=QOD)a5i&`2F_#!Cp_*nM66dMxM2mS34Gd zTWp~2*!o!vQErczPVTIePhg~>7=3j5_;~#CMujIekh^JMzzEpM3fgZ__=497M_N(u z%0+|gQ{zj`9Q!w4J%}Q404GKKvSRp0Vn!iNPJ`4dN}ws{ve;M7(-H`*k|p)#Z#@E? zBFS2cdh(lo@T`medwsVCX{KKuP*F2jU@E#{(ZEpdI)$NMK_Ip@nHSi$CwOmE|N8X{ z(UbWyfNeLevZ|%=qw>y7*L6m&oBv3qNfbZexq5H^?xJ%c;Bo>+LLJq}4#gtW#CC^b zzDE3S64UT#{8qgsg|s+f>!O_&BioUE6jiiUqfGamH160 zQZqXn)&hE+@t^jtUi}bXo352CG8({o`x-ok>C`E8?T_2#$^<*H*hpRvQp`!o3eUxy z{1IQ??8U_Qa?No(!MBq}o$o2jBOxT}dTCtE<0qBW^F6B_0*-MKC&R8M`0sJ1wR^|f zL_J~=HNq^`Pz(V3V+li%-{9z1VFl<`jG^) zYKhW`ZjF@$%n?@Ur9{*0=2ag@CfPej^i#YnZ;mo;V+g&|hW-sHs^(aLC-f0E}{ zTIPM=Zkt>VUezT>{5`_BM6gQMk(HxbaBL}rhlS^hq(v0njt|{7v{+O;Q)cjFV=k#V zg81^{M!50N-!@_FJL4~hT{f^lm7Sd(40f&qwQ!EC8nE>XJ8zbBhO(i$@DK*<3yZ_6RFkj;Agh&Y6SwmDT^viZjQos_uzNU$z!v@9ni{0lg9BtzYOl$;~lQ% zxW<*dj!wtqR0cCH|YJ4CNei$1y$-$%ciNZy$9e$~jka z=RBO%C3RNAa{a|@n%8h7^)~=N7h5|{YOVnQ^G-5bMCY42+;1<3+wNCt%>_=*q#2K@ zknFbSuG2qKYF{2x)9QciAHcVMBSS4JG9p4RWa8}EvnLrC(A;I*$Pe6YCQDhMgE8t& zRle0ERHU{UY+ieO@<=+OYrY53Sye01Q5U)5GU>%2>4F=<`_x~EMj_d6rgWk zT8X1^j#oh{#sL40SMw5XamP;>GWey*5Fk+Bw^_?RjC*$30C({L6iX)@J{vQczyz7C zo$>-q6ZX$tuJZp#-n4OP6bZu>|#UFMh$h|w?&uP#Y=y#e9)!T#L^w8fb0jFyK#!hl0KYC z-p;yWAuc#p$Vdzj{CkW^PEU&)_{7E;|GH&2R$u9v7iawCaXzq?(&csmgW@*<>{~BA z9mY~QM=F3{EO)@oeQQ>8Ax)LBAJ{dyFq|4Vw? z$zU@Hj_7^!q!}$!1ai1V$X>jkG}bM~>E_`K=~*Cc)!vPseHMdq*4rJaUB?>}e0B473Gn>X5&uw>hn?~3}VuVR1! z5HsBt-*BmBA;@F0)W5L?v#cxvuTBNF5c|PMNOL5AS~-%Ox-e3HpX|0U?2UIEyE*6+ zMq>t2V{nWRG)q(=Ch6Gvsf)s4U81jpgE?0|320VyRKtntJasf*8tAQ`nny z17g7-MHE(U%3O)1^9ay&I0XdU{zN%su?Jbof5Y1b@7S*ch`8lmGh}qk&yr# zbLAf75?}@K*j#`)j#esb#N+jGqBUWjVfE%Zzr8>0c+9+l0}IMC0Fhm$zNIpug4)u0mY zKmX#8_k5U=l5+CYDLv5rr8nIH(5(MUoX2i=5oP3et zFVxdYnL!ZopX%Y@8~QUaPKf^K;i-f@O~l${9Um$^mJ*yX)17D1)O^nx zWF}vMHSAbe-e6TQj|`yBZ%P}SH)8_WUzYidKkqb9&{V(W+{m*pR{x5I!qvDT5vSa`L z-8yvWg!zxi`ksxF;DZmIy&8{lJ9z)U+3uEX^S7E^VfFkz#5{E9`_--^8ZQm6$EyB$ zpT_z{J+s5Qd4`}Z7I&`V)h%Eq5OJ$<6ia^^ygPy|c$hd{h4(R20gYlhE)sxYEED`e ztxTuu+yJ#~Scr&-0Dt~RU<}IzGTL_^GiyAD89-FRD6eL2SO7Ot z-_M)ZqejGs1V=9JUyL)!(&AtaAj-;o$VM@Er^%C=8^X07RkrHKs+%4#l@dD2)$*~l z8Jo!NV^~6|EmVGV4JCcatSn4=es{YDZxK`jcEQtsA^+xJs7hL#gkAcxh%7*NpHP+o z@**u%`HHcIHp8#L6DIa+Q@2ZC5>QHYW_5Y23LcsDa2!Ow=tkgSjd+LWzDZQ}p)2IV zyYDWUXq8-85G$d<#Nyy~wia)Bal3I}2&ihI2{yGSn`X1SrH<=yl0Lh)OxH>Nm(ub~ z%f!^;r4sjc>>()<4j-N)*_Fgu}UJn``8Mfe%yM6oKKZd2(C&hLxrZG*H`r9Y1@K(Xe zN%#L&Iijo&kx zKKq9*Nl2`3ful@{_}QYPy~FHb=Ja(dQjyMd^6BQ?by-$He-_6!O^YULG3sY|06DVI zIbBy`DceoACqF-wk7=42(GlbG9|`{z#UU498Whg1Goiw0C8gT#>iF|>Qa-#Ue|`vg zpKJmE5zzH=FH67hxOU|Z(8ht+zu;Em2GG&@P4&KeNmf0sec`GZr!PmPo}bO%kECZm ztJd%6p>wm4&F^JsMUp}hRoC^1M|GRs3tLGdEt6q|@+Ts4$bPKDVh_+l!8`os+A;(8 zL|V$9R9-t46=C)CDCJ`y@>I*lQgrUBub}xun31&B`+^msn8D1)@$!dlflbrDGv7ew znQu-j8A)rrzpBLp{D(eNreE+!m0qzxYQZ9+ngz74B(L}_J!jc1)0T>F8*Oxu!an$Q zPxdqI8Fv!`PwM=29gNjTG%&Q@po{)t9CFZ{d#`O91$|;-lE+TV2e2poKpq%`?{6Yb z8CF{d29@$eKmxf%3grW?ScG!Y9d(%j*Nl=LpdCyX)9l+hvey|uKXue9y-nM)dLR`(%T}=85oA0E7V-L0aLteRM&Q@kbT)Z6uIX! z3^0J8L7qX{v2|uPHUU60%YD|3ixt3}Tuf0>(P?(SlDnPHsmJxp^&wL~VwG$<5<)%Z z@=SL1Q~YFr1GWdKr0aXWGEq{FvW~0q?DnYr+j8Y5mCxFC&~%u`{*}WoCLTz`JxQze zWM?Mvd8%i7%uSSJ6Fa4SNYtI0z`)3yXtU*vq_i}u9+`S)j{-VpJt6s86H{)H+!kwWX|q?UT_Py{6;Bt9%0 z7>eHvq09p_m#ff)uv@^Kif)3aZG?s3t3wiUw%Oxr&kQuyYn1!SkKSZlWQi<5T;$i| zWWAR3!;>1awxl_E>4atM090i$ObohxPc2^QWQFKZEpy>kNW?d;sue2lF+ie$=tN)F zfa7)zf<+i5u6laFL5h)UL$4U%hFqY^+q-mUob=tj)mI=*aq2^k`KKK|x+s&cxWG2?m1FC_Gk-dQog zN*c#wu~_;H)xFoJ5dHb`1xYA5?)yOM(7bC|M01#eegdVtM?r(a+Wwauo4N^4^ zV!~QV7LB~@Mruq03-hko*jK-4^c@kTs8*qNSra=HXmpx0=I76>Qm@A(<^2hhRtjWrDS_3vC^2yr9^>0z z6=tKCPfCP}`Ae-1EI!$^tZ-F}j#9E3D!pI$D0LIXj(M}(W|`Xu%iK|XAd-_l6k{b{ zY+UXxWNb(t>=KjQgJib5Syi}cL_dLEr^(HWv)Zqr3rsK1LcTaO_R+X}H#sCe7d8$J8}^os|E+CGcI&)jEksPUyB&mB&^BKhjj zz{qC!E5d_LZS<`zYQlufK-s+XT{<*R}>2G=|`iJe`Gv5(p0Yz zM!sliqHrfHEgoK9dX8^YcsDHHjH(>-5_h{u>lsbwH6b_U+v~9|;HyaZ3i zf^JRnfRyv-VPL-HZg4v&!djQ?{Kf0NdamtXr9E zGmSre zdEb&RH-1GGJrYujk(yWUC^FwZ=QvPFpLF%g@didX+Bb^`KCOJ1TnQp-%(d*xmj`Gc z_eD%y&_<4HhMFk!0HQ7l)cbrg%3PxiR@xH&Z31Cx=MuO z*9cn$v}TTX9V^zOm9iw1cA9Fq-)!0N$OzmgtV)skX+*BHdTGnSsOW~<^h2Kt?YkKd zeqD#CCH!2?ARk1I8U7KYg#7K>5&^@uJehjBfKKc`7vRDBJ8nc_?Y+`bgHgYuQ9LFh z&|H0J5wW!g>_s2UlG(hsK9=-WK1#x_drPDaOgl@PA$IqU9AB^hp+h26-~zU%1_iMP z^~H-|YVNjz92H3i1}HLMnk0%5?S^Ax7?&YX4ypxq)28ptsPdE5?7vz95EmMZ+G>%p}rd<2N*{)%YUzX+R17b%~FA{5rF|R+_F-OzFTehL=%Sz~; z3L^1quni9c@EDBIs#05=j7AXC0wLp+4fE5M+DP8Z^6cACS7PXRY77I zWBu=@)ZK-~-?t~qq_kb`&oSw5Us+MxE1fvV4~9GjNLx;T{(*ih@MuYxKCV|}-9eZi zDy6v$%Q;`{9+nZ0y5(X%Qt7S!{O(=)9D5)G=O@rk$~Ib!E*!Y#31tgR0b{Kgr^La3 z=5Wm{}u?zkU1WzO{4~(rx0*{GOXgT>7z?X&uTW>Dd~C zP6rl`SztSFet)%!{s00RvuNf?W<~9#D8ZXs8fxogRJzV})f?QC)f)>#eAxQb!$()J z;G*q(_K~cDXI8HMON72hgEfGn%u9!IifdLW&gTHlGaGzS7P(j1o*;t-rWJdj+wIH} zt8`v`zW??df)wc-c|+&gIyJXux($9Ks4iu#x;jqG3Qc!9^yL|o;+^@_(RBB9xd#H& zWE0XbzM{l=j30cHZg6iA4YXezrRpHm5^fdvY|dtFpJI{4G2eI(2hTj{&oe0{6hbf0 zk6gS7eEZkp6xL1r2eCl`JKi`cr{VO_%hEaEW8)IblwIl(eOy3V4fXWN3qNovO2?Xh zJ+=M%^=h1)bJDjuN43ZsDZojTKb7>`f(q?%n5cHj8Jwkr^4-^@4IS!T7 z4bZZZ0}Qs`K_%S!=5DOB%lzizX^l+Za2)yp0;fm8Kk<*>5i&agECqUn%B$J677y{x zLn;PXC>Rmx2i}cDqQ__r7v}lPK+;TsMS%h6x-k(@U$58zD|)H(SYP^&RWY}zX4VPH z(%QpxV5%P}UvE4;1k^~x_E!xd9v}uYmE46+KXYRK$Y7a$DLByXtW9Xx+yFFN z`>y}eU8{`EbwVz1mg0>y=n5uqpMT)CYW;W@9^&P*ISx2P6j&Sd4}h6X4a{V{z?pV6 zXv8OzDC4y+v+}7sL(W<-K?5Q4w(i9m9GYh|xO0W0+F;jR_I^;2{`$+_LvNyAB%)WP~AWqS_gx;7^2_=zxMw9u=Vq&06gCovUzqtV|lMGzaE@tYf_fHVY^o|p7n;+18 z;a)Bs0N67>UHhpRM#Tcfx!L@teje#KV#DP;aou-wAqP&oYh2L1SVlZxO-Y8i$KyCT zIlC4j^(U{l*!Sf^fwBT7v)Dk_e9T!5E$g`;pjbmd$sxh&gl{yQ8 z$q1jUr#Fe)?{P0ioaiciq=cPr)v^j3tZGL+p>Kuo$_1lcop74-c6vsO3OQiLe;bqz z(8E&LG~HYn(d&1TCsb%D(w{35D{iHma_=Z~F-?|Dd`F$0@IbvW!zIoWg_}XT3GjS1v?p!pC3lWpL_?u*9!icDD{kXKZD0iZx;W1!B673E z9!XnD0~gl&()qwAyB5jvz5&tPpbvI?&@-5a#E!#6gG7S?PfP&Hdo-dy4|nv`MLPmU za>wVlG-&|4>DETIVd7Hg{Z*%0Y@U(46VM0m$?S*>4u(3{z?NSBdoj%g434w`+p56p z@Nnz4giOeJzM1)ZM}ZOctZpW-OVHC@AR`Gp@kA8P4>2zB%b*W9l%8Vl-6}|n0yai| zvCr6@yHPi4KY`1c4ms;A$0d)jj1=cP#p0(9fRA1%8-Z5P{x+f->h(p#(YRC>jL{|B z#Q=T0+x6FjrAzsTv%d@W!$D#Drzt3i$iR{p4K@IrC- zA6KT@B8VA?59z*FuNFQMYA*whFbAm$@DHGxWS{%;$b3`UR^l#nOd%PgL@Ci}A8~ha z(W&+WVUb_`E%89R{#rzb^)lw2i}k$H40z{$l|(s@_aHe?l%lm6D^3V5V}1{_Ox zV9s;iy{WNQGaN`J#TvBDqaeOn-(@!gxZhD;@78soON|6Anj4L!2@>$!Ke&9 z8|ROGNjb-(Mh2zs0;|a0ZjV#O(z4EjAO0hi+ZAD)a`|9vU6mp)0X%z3K@4cnT(Pyy zcG}&m=uX!Z20dQTGH9uo^9-A|AIP*!S& z0>*?sGt>p@h~p%&35X!4i)mzsf3la+x1O-3jMXG^i~drB9u&j|_Ss`l};W8CUn0!X1aV1dh1V zK}z%*0Oosb=f0dcdCTYF)vH%sU0k|=&kQ{Bhz*L(H5ixSH?d^ikaMJ|!``%a?=-KhVL9d#%4*`Lw*3&4iNZP?EU{VK>lyA#Q)!ut$#=H|DTcM|FhFSOMX5L zD3bf~uH95qgk1AFr~-ljr^_NqXNGw8qjs0*Cq659^f=6GS`io_!WPdxzxeyy#o#Z% zjYh^bTzz!_9{_t-dGa<^p`n!=8ziN{r6;! zSN<8Vo1m_ambs}86j|xjR96vDkMHj+KK)l8_#T~D;b{-h13EoUQc<720Y}Pd$Khg` zYV{*#Y6%G`-fKTy+TfqHxlqIR=`NPk6B2HKlRESIXHb1NXNF_X4_3M)7U8(*oaTTC z$a-J9L)l!=!DG09m6tTQI-!|(`|PJ*$xKo8D~-a;f(H8WQn`fs)hxUlg$0b=%ZfPd zlg)8>2S_M?sGdgj1mbn_okzcDD$Su#is9KU~Vub3bpa-{1#(5@&D$(KT_ zccn-RQxG#rpIA2b&5e;B8ui#ItRZln8hLl45>SZ6y_UYpniDC@P_^epSWlvV z-38$i?rnNfA}3G294Uo!@`E`DRBDH|&s(4Y+g!rk#%B}ILtoGem=*(?q$7wL$pST$ zULH{N761~Uv*MBDh5HzjOMFn6{W(cZMm^`zyaFll{ zht{qE$owE+rLw)Q)QF=qcYERQ1mmyBAx`Cp6?$3c*K4!> zdRqz#GyxJuh}e%9(Qyd{mRCxNQX(QhDxGYOfbh6`VnSK@fLgNCsKlVIuCBdD=Fj}~ zzPEh3(`#*p8?ap!EwuNQSPaTa!8cn5)X08DkA)8{z%f@dSDmVUW4v>S&rYk!-d-*vDD?0TX>f^+oQ z>CBlk-JP8#?RbAOeLxT*_q)YDF2lywXy^xygvm?&)RZ~Me?H+i1wp-9UVe4CBb?zk z0}NB7r_HIA@-F-BFAF+*dl39qj*ZlLh|6rNcR8TO02y3B&`l5wIb9I>`4x(GzGDys zFMgAXha}meY(T|w{M0z67Q;bO@BM>o{FMB)Zc_5|aWcTQi`VA`9s1MKv#REM;`D$3 z3IY@%qOh5Bkm85tWTkrR_kkbmXipGrlilNJd*yTh%cbhklrt!`-JM!JTh;>l+tHdG z$gDms;e#H=I>F@_G61gwMxd7i9yW?%4TRiLX+W8PjT9jt10kdwOHpL9n9idCTOj^k z$esJ6gnpW83ZP#p?^SXzxIQNsP;~G)I1G^kvg|_Bor+zn87|FjSk|?jzE~(&4T;SM zKq`(T=ZVUH$P`ZkS+NX^putkM#Pj^(nHk1I1` zH(x$^$fwo!cWwLFq78yEGJmSbfOHZ}V^OJbw}bEc&M^KRs{yg-SkcNhakRaIy z2=L@CFUwIg4hZ%UFCXzs|0}uuDDw2*>puH$0BG;Tf_T`r7s1~AciuU6IIO|skOvaJ z-D;%QT5St#q@Z-`(9l#0;cEGRf8&W;gH4I}SHr#^)XvY#VuQ_wo$M^XIplA5b3qwcAgARP=&HKtG80D zX(nh*pj;w|LcdS=l)tvF&hb~)4&e1QO8P98GS;mXSB6jW^p(Bv#c7sSJ7gF{z`!X5^E*!YxLgd(#}GLnWa#FpInx4cVf3r6+0o<4)Y6Tb2?rGc&{F`v~r^$YxyajBwa2UL*rE zY~*45^33M&cZI!~pzUWJ5j$k=xJQJH$I^S?T2{6=%;7WFWZjA#!AN~|MWm#G7DzL=&CJPHI;r~DuPm{vJ!stbd z%buSMz1#XlE?Lw+Vuh+fEuQP9Dw%f*1ZBlE=mZCVe?l8N1be9Z$Y_@24#U9*r-r~o zM-*tp+>t^(sR`WVq=>^KIVOs`IRL{h0?rd;q?21WCyMQ~xik`Ftde_%Wd;yE&Y|JQn2@!0IH=fIoS8H=KcIC(yWL!=&WR)fPzi78(Zhb2_7%027br zgJyteDSO|osU)d-NtQ-UR(+JuSOh+Pjoe{(@O~yT{+kAe`#Y%w?HZ@O66o)b0-x0) z3;dMdRw^nLE|jwc>DS&{cnK4&^6T|kGbz^xf*AdmA(|t#i=6b5HW}-3yMVDuwqexI zwlkaMeF$V#y#qgj*FoY)lkHb#+EjFgGPyuEZi(!JD!Y?Y2(5Mn$O3Y4Nzf3}WJ0Gp zR58n|j~r#W4+FO{v$$ADkn#po#^oisM^S1`7Fwb(%pl0#eGUm<3ItoCFtEXf;IQQ; zL~fiQJ{iPW;n!{$2^x!7C`U5uJ%2%50`GXu_c7(Frgqe6fxHZoZO0V8?_O15kIqxI zh%`(nm5DtnL5aFfo+5V*a=s^y*V1{Zr0F%?;T0Fq0%XevY)V^yX#Z*PcN88_xvy;h za+n}^g9qp?#>AlumC^A_wO!)Ebam|%5mfU6EYMIB9vi?&Q+GcD7N6xiJ5s6)U65f zkCIaYNXQZdEk>&rg#mmx+!S>QXtD&AtmO`C-{ff}m*V91xm4?c(hR6$A0+O9n*?B! zHsac~YdO&t5g<&`Ooi{CjNk!03vS0Fn~ilOQ-Bu-K>U zwd^qXgB_%t6%#9ftkH6XQ>!>CYOl|K{nzH`UalG$u_epTR`Jx3GIMy!7Vx;B0U$jP z55tk6)GSMY;0=UhDSc^D^TlqTUMTjZCyTih7Y^IqJ-UqpAf#AO3j~B+^x6J@B7i$r zW3uswu-1@p5EewUk(YRAxqBQyZFyDe>8@k}R15&c0C{!D#l!4tz60Q+!d4B$qEqB| z$)M+87JI!9(e>SExa#N$>B~rahuz&>91& zqSNTF0vZSE)Oo8a?~Zpj$mx(hHeMig-#{ST-KFEp*sk}QzHQI@`x7;8L33Y0oX%}B z$_KseRDM(u0A}W+oi23JUS-$o(2(@sG>zQ^mN|D{c4fXiTcn#?Fi}iF z2NxVC{J897oE4yTsjd%$Y+2~K90c%JEe0{?p|cPkWI#I)B1eoMS)|Y)wp;6X^#-j1 zP(KflJAaz*&UWHr3yU$X%YFFO;Kw^rdCd_w(up<(<_jo+u0AL0RoO6o9Lw z<+7GT!k^gX+m30Yr)o%hR-^CQgT13wkRmC*y*B#6k~K}DlZ>u_lmwA;O;&bkI6pzi zrYqwtAg?yND+&l)9@GuFc;njj>p5rpyOa*Q*X{VX-NG>Ugm2$gSsdQ$85SPY%d`V^ zi!~A{4j>+YO1;pSCamn;n<%^$S8P_L^4-410ys8L5NX3|2tRV~&GsbfP1F!x*T^ia z*#el^v}B?xXi<`V5imu`YgOzear-_-(CztDm*gIQ*rjINR~v=aJJ-Q5+YhN46aWq4 z@#+Q23m0?&e#Nc|R^;KKc8aQ?qvK{&%~@xunF|~%=LVTC1^gOf7cJP*d53Lb^fXS^ zN_+Rq)%bVF@zV-O!^ycXCG&`dmn`g`1{`y4ljCrQdwIP>XJ2Z63M;Uz>!TB*W)L&l z+hlr(T5ZbdGK*6TyB5uM`pg*~g^&#(=k$>+-!&xjtwI|@LH~yr5g_*bPn+78Sm&{& zX2U-Cl3@Tu&Jqah0R4i1rG=&^VOX%mbeN1*Z_g{lap}mjgIXmpM!<&SgRr0gY2im8 zqMRWB-5deDUI10sH8e<}RE}aKJmv~*(Q^Q#DPZIFS{m8SP_wn)10(^mxuvM%#| z07W@aAA*3yFd!4!skyDjD$7#j={VeDRbF5fyjEnC**Mo{@>72OAeE9qjO@V)!&KDG zDa&4Py&eM8%LM7+VOJDd^f_{Ms)6iP<+wabpxE$d4ngCo(KR<$y?rXjXa8ab$gc#428)BTmC>-QP|BJrb5H3bfmLqkBA$nC;q&i2GV zscBj&K3#?~3gUj)a{Q&|>i%gL{BF~U2*!tTJ#n6F?wnSjic1Cx4>qP<$-!))Zmurc zz{R4w9$?h^2WP?|b+t4o~n~G#hnBGU=>q%Nl?agR2tgl88j0 zuW@V*(Old7HQJZjkb-ra+%~JU)53rVyUKm%ie{QL1W>i3Zv};7%Pg>~W)ohI@XSEz zZLsRtd8PCTxpwPp^dLYidLf8dHMX<5@lHJYK-0Z`%)vFDVo+#NS zU^Bt4+H$yy6my;|0H}<^;0f<1zZ2r0LZD`;zmaLCGCvYH2#Klzj}ab7 zY2LH!&a4eN@BLR~VGV2O7Sbc13ih?2Fc8!qe~U%+fxlmgMFW(qX&$d~dvIgVF}>eY zZligVh|4a)yCEV`KC!|g{-jmp1)3fwkQ>59EmO2oq!*q2F~$_;Zc0$RM!%0_@f+Y= zpl$K)dL9Tt+I_fx!Di^vf5%wgk#ByP{qf@4PIwOjK(aR(aG!6ikcix6(O;~f@jBR@ zOnAKiFBgDhD8_jStN|UU0Jpg~w$qF<9CUO@`q8rdlY172PrQZEpsp)hpleJ_D7^G? z>i7I`>|+bsiOGRuYfU$wiV!Pi22~xJYT6UoShsJfTlT`1D@cJARViC3+{=~jZ%OLQ zj2!7d#1)S)Qo?^o;z;@bA0z#fI{r68#Q#q)(qm6G+q$VV!Q=}+z}yAEk3`uRA)?lZ z{_jI}V$(X&OV*zF*Eo}-zxAZn|B#-(?X;<8{2xIx$H(G1wOvb0%k}NGS+Ivq{vxg` zT%guAZ|d~FKrrhjfXhTUL-Q~oc93&YCHPM86%LIBXF>gfjL~9fCdItg;>Tv0rKysz z-vfOS4j1(w^-PuWkO!$6Sz?y;<*&!$KYmXTSvNv5KPkv!+rtuo#yA0xG6W9T2LgTq zU6UgysFKMrS8CY@s<`o7pgh?p3;r3cwg`e`cd!7usQ%TCNWcxx9m#V!%WqL54^mfe!PH5=`LwWvj1dn3@6Hf&xDVh zf-;KeqYbwUby|0O;`xzR{QY3FZ`sv|%g9okAFSh@F)hO3hjm^?3a0^w=2xneeecA5Yh#>lHO zjx{c@R|@&{Q~U?VfXGEv-FqK(!kNU)$stEH>!Hr>Ojop7YbYhT3b_>MQ1C+VtUBV# z1KGR-!%S-V>@Q68^uKnxt#Kd)MxaoU5xXp&5#`X5KDw)33tx@ldjUnh9`_wd)YLf%CMPYjYGYH|f4*(1hva#s3xgtU4 zF#wqOvX^Zin<|um+SkTMDxSYm%L5=);I%XE5!mqOOMDDcPC1i=AQwKtdpUr8MxWdN z`g<$cg~zI0oo5DgDo}hpealC>`Sr(-|Lkl(MQ-~OdHMKO3O7L-g!Bs^2f#L@)Ko&$ ze@?_}dDPft!t0%P^NZ6IWU7tpWNjvyhyymWKsuq)04N`>o2yZnt4@1&&%E)e>XCn0 zZDS*18CX~9+PsHVj)AC{O|=M;pQe>^cjxog-<4pWu6^uAlJ-|;F|XB0P3prdLgOxC zzE5k>=m~WYTj&F`4|7=Wo#_rV8m*3w=hJVBTq{o8GJkZ=_R! z5k>kx)IL67SQ_ys1!XnE{T%zLrQ#$!IQY#gG!g_(!@#yCu)+PSqOh;`DCT+%0CHoo z6!-^rd3N;TH=uil`2P;jRSB_lnD4{!7_Z5I>aya=y{+LQ4BioxR{MSdJM&mJ03E5! z_9S5FSd|?=8(w8sl{?s|?1)It0E8ph@)mLtq&Dutbss_}78tstCDHXLm*dR3SB?-r`S}`PTB0OfE$Y><8m}Y}I0K zXZ9EtU%}`8dH2|M%-ylfzZ>QpD?9ODjM;C||H_Z@K2iOr+6NXLyWk76Y^t)dQ@h1( zZh?Uv{b^}$%y)eLpb*CzUH>Q0_J4!NTH8i?p`@GqZbqzoSfCYxxct)Rio`_;X7vl@ zT~E+FolH)qv44V|W8W+|`c7!FW}3x&MzU+~QC#%yQu(JF&C!bH2sW~z_KstXr39u( z7pjUMnl(jRz-8lh!*gU9*Wr~n{(Jwe2X|UF2UNll& zd_knIWT~l$Ya8`Qb5%xR_59?~^%=*=1m%8yOPsR+X;-{BX$Has9CCqHj(XF|Be22aZTthy8%jM_z6N>Oc8fdEgusvMXgb0VZfKhZvacM;?k!w12T*$Q8 z-Bg-wBI)}OF@fFC$C$?}TIbtIRayxxLKK{kpu0eLotdr?KfQK`+m^$)F<|y7BgfuQ zv-{-5_}q3+V_o~0Nom^+Bf-u$E){2;W6{d2*JSfxZQ}y275b|@>YtW$7nsJj%3^i0 z3Z1Qy>RYb+1gxD+fOt-!<&gNB*l((HJV`FtOmk4a(b1J#%{*@Um*7$Db zTtcpflyPzZ|3oZDkhECZSCh?P85^IwHryEbc<4*ptaO ziG5=0>g@YLwY9Z4^{~Z?;C+G4T!qUXPj`C6atk-^YQ$gZof&d%{+utCAoeb70dHIP zxt|!fy3fN3F)(I`OmK1KlsFODrIM&PYKQOn^%HC&5qQ|?_jlHzn&8P{Hg z?Bxc5R+jE3kE2MICLXMR{XseVRYpCcQckhhfB7w=^624U+8$h@)MDE@ zbhZ~=;le10K03S`GjcgV!;kToQS-r1sDw@2i%5w*snWFQXb$DJfOh(xW~Um)=gPM_ z4!zB5NZB^rgM3O`f9JBcTq9iO;#0mG=d&DN2VC6_pTJ_=)L1kZBvs=Y;yltackB(z zECw;lhE=vlcJLL?h%@2dA%n=v}M1a`Hhgk2<)WEc-nv@Fm4SCQs;QbaG8Ab^%XJ6LY`%MHrK^3Z z2pw!o*3W)*MX8Y|tSU-LjP5DpH1NINM-rteQ7+~Q31xZ+*E499RQ@Hu!b z-va2iQ=ow==oLHL^}8@cuDV$rjz=dY;IBKb}iskpv5@?8Ng%W469tm@xiQ>f~7 zKdt=1LO5iw&FNxOAM``C^B9}ja6eQGNuH;`z$PTj;(vtO+VHTc3JuLfRl8G|IrJVw!C28bly!KtMf08F85cefQ#+HfI#8i20Pu#-wQoQ>=?a_iMV-e^>CQ zuH|W`B<1-lEFQ-(DqZxG>u(ELp))NVzT*~wpD%^2d^(!Ct%sP2){mFResrTPd@eEZ?|HuDEq~gEvqzT)9=mW>Tc|}V?V2}bMEku>$^j7`m za`m>r`KN^Uw+1u-Qrd1!INxYRe#8KI+?ZZv5|nNRL{&+z9|h7fG8PVv7#JqHb&q6> z*S4trqiXp{wBp8^3s^A5p+CITKFA&!%VyClD0+8AlTB5rCaYr8Nbp7n3)7XSjgMst z^>X8927=Y;QnBEox#QKc0pBH#KOkDPCMJbQIp7 zE)=|OqI3S*Udnr6snp8M2Gl!L5~j{Ky^4~T_Y1P!jHF9Dg}4;OCc6{Z_nlElm^dZH z9us5XDq*}@#w@u|vAF>_`r2}PD7M1>H=NA64aXR-hyB6yp0R4HHh+n0+25(|eWKF7 za$Y#0%&0Ky2Ph|az63<&?46+f%#{^J_|^e+Xj$*EoEC+Q8(>cs`*dG554+xhxp3}X z>qBQsCijWJPBXD@SNQj>OT|hpvVErL$qu6U=BTJgGFxAUp_Q=2(fs03hO(9{u#XJ= zGLT~+5BCnl$7=(_Y5Cvh54trLwE^?l4aVPt?B2BS_(nV_?Rr@tLkStar>e=P; zHZpQJ&d`ik)sKindF?;xT*^(bfEXLsF~eu>hwm($G=uk&_ApyO4FIzr*TUUiuu~Lw z%A*jtt8Hs*8}8Tl`=Mu8-Y9pmt@|b8+kqGKm=3t1bH2iKFDbSzu*Dj8#C&slo7cwC zKcFczg?L_A+;yrLB=XAo-e5^+kdNw z)?rF)h6+$)RS>|Kg#^AyQKt?LVqj2O*)OT5Exl7Ed$dJ|$a(SNMEJoBD-))vL3cD) zA1NrprhotbefO^fXstte;O-9HpDFFgTH?E!aYS?1R<(VP|Js)w4TMdKXX=-+X&cuR zK~jA3ml zAT`zm&dBj>V}wmuXCfqKLv83qa2T6vcXv0BpkM-<%x+h!-*)ENfKGh_gCetrnS&F( z4Iz;O){(NsK|!)wpa_ICC>zE3;PU~EO?1Kccj*1B6^2ogGAm=X156vwP}ZA2`SpZ{M}XtYsU(%`Q%QgoS5Jyh-kLZh9tGS) zP4EMe`1=J1@W2Yx=lewCe;qcsE$*F{EAY}qtTtK~kPVIiJsYrlw!a7Y?U#qrFfe5E zo760g=xL1tBO#Hw>2gfZ2P3}S1q-4RsJbNy+m|MFiW&lQi5fR;mki-Qh>hl_l&xI8 zR@sE;dfmCX)4C4;&2AU{Wy*B@Y|1S7&E`6y{Z<`rk7)=+e3K;QlLjn;Mp};QnhCEG z?@hyE?^OboVtByrn}eDopUVMg$@&Lrf~zsMA7gY?Vq=@l?Z$by|EcY$ z_(JlqNeReyW}Qb1AMyHfwAA76l=oVT+Ais*j-bkbKW^6HK|ecq0?(qO-aC&@-~BxX zpRtbXY0KsTziG$zw~(cw>KLuNt9L(ZWSke-VNCinHy{4P!=u*86jY3Wa&mKWCf~m5 zaBJgV2HZDsK26-8&mB8fAow3yabUL2iQc_chRoWzUUt<;>9ue8rK5vBnfyBff8&H_ zt-SupnG9=}1g8h@>Khov>|572h{MYL0_Ag8M*#G>|kdm7eayvP)l*ZD(@8%)nm_2-oDtq`nb!^ zr_0z_AU}pVnS84ej6q=%B234RyPvvbcjDON+ZPqwPo3(yd}&}rliY&Ol!j-X+ueJV zvEuEoCk`5~#TGR|bLslmkzVrQ&y)spp69Xtb5CpnZ#N=!>{uYsvJC2xBg2oEGrP%` zSL)X|c8rP@++jni+%@tHvTg5#xHsI8B%v@3cGR0(iMV&eN*6{x-I1v#;6yWR2DP2I z=hDiXRDYgwDLpXo=z&42e&_3YqDcm(wJ8|C#MoZx|IZZ7z>VYNd;FG;RPD$eTZzak z*!*zaN2y4u%(>KS=eQp+RwQ*xui;GDFzme$Tiurq_2*0mm4ki6vU4B&^uLz|2?V+I zI}>=S7sJAJNQdv*qnah{lS95}=$i+VE}1}s&iZTlhfzIV9-9{OB2|r6GY|9DYtU75 zk4#gT><1e#%No}7VrN|_t}Q)wf(K@pn=m8a>AGFNdUataseKqGH3d%kb*{vElhj*i$Xta34EkOc%D|6u>~g*1 zW!-6-imz8WZV>5xO=@Ga$0&D(WmozQ_`TG@B*RH+#&J94lneJpyyyqB<}*G$5VgRJ z)pV>bzd}kqO1Vbzfk7AH&IYDK1>V3uWT@q`H~qqNcjn#5!4hSq|Hl5%T}|BOysl%Y zRbribXIpIHi0vR91FNW|(@bFcSVAid=80Db5@ag%h-GVNANkf-x0JrnB+l(G<0LAR zZ0Q{tvejjPRdM^LfkW^fvG}b{`7qSpxM=srV<)VsS(H9km?aDfeLrP!HCxSxAa~W- zJCui)mwHi>+&@0z&9cuX86@|X`P&B~hBQnrFrenqCY*#323~9Ur<09-?XinJ-aCE) z_YYpybx*WHpvvbS##~KGa8L-mm;EZypmoG&-gQ{9rOM@J{UMcr2G2+#zq*KxLDmIc ze#sKsH|DZ;6vTT~VkbmI3iQ%wS1ybqd6UqDXxD}J`J55GLvRn1B4y7ygZVQ{#RkF6 zYg%sw2So|%B34>2DteqHIm=bbNSatp;Vba()-ESX@?6ss3pNl3EiEidaV3d2Zu$kP zrWDgIW|}v6dL)=0IB8ZPKJ$1fqj2^9t}iOk&M@YMp$Sf+KCIkK>MhfS4}Kecs#2od zqNaj^P6Dk_yKQkrlP=LXtEIfYy4}0%P^a}1G|nE&-PYcVNmM(#{UKZ=CkR`ZBK^Jz z;%y3T>LtT0y1ks`CGHYP;Ok5u`PX^|VX*mW_wJ<6OAQ`%i<>F1|Ip?G)F z@B8*eNG<=agy?=$Utu%Vyo5RaruK8%NZ0piIl2joClM4IU!L5c7ve4NuwS1_YpAOG z=U#SvTX&SFLcTO^f)zlsZ;+LIs`R5W$~sh$XS5taPhRL-Z6H1BH}kV}G%cBjU7t!v zxh5d*mvNIP7m;8k7I)WbW>c;WAGGYeO-Rw#v7ettr<`fmqhz;y8oWc3aaL+)eI0ez zPF6K7eDgbJkz`uHQlm7ox8350qb3FJWgjZlnS$i?k1v2~u%A8T-31-ALP>7o#kyP z633OgC)2K8Fz7tzMyy50P*j%>WR{65_Sn+9`(5nq`MEje>30!qMUe}7T#vO{yB4y; z?X7;K-7F$UweUNAr5IFE%dLUdCYYbq$Ts?qvkVJ{3Apu1;|X*LM$yiPjS`K9)I-OdtLKj zNOpY3;%I4ut>d?Z(eKio{bC}+Qb=nEl=Ma8D}CmxhxseCl^yn#>NdfFldJH^_XrNx z@P`RpM0hE(xZoISmy>pJcD5I?TGO?7XJfPIIw^u%&&mNObDMf|o}c_2x5GM!nT~~0 z3SLHau4o0?xoB4g8siS#VqmmygN6$ z_&vcghtiQ-q2r4B3(->zvDcu58&?|4P3iL~PfwXg_;{khKq)eQX2P$K+QVJBRLB0S z*@DZ7*W=5g)W(mYIW^uw=C{F8(tfo*@qWq)+^Elabn$JNyL=m8URmJ=`IVoGMUo%u z9@2UQ%oBrPn$Z+S#9CNFLSL)Nc$kK)rp09VXipW^K1wi`xT7EtnTgD=j>p_~YGNi| z+$2O&Nxz_AC`$+ZL!|tO7T$al+Sw7$BhZyg9&3rKl=@mOI#~=-vpk=_$D^$maF{!o zke*RrK}tPp(p2u$;B514*h;-!(PNVlfh_sRtv=m=59-`I&&jh$S*Z1ET(*Bi&*&n5 z7-Us!gEYqlue+nx*%`kuRCAiApsGmWY4GZMoEjAp)>ta;)q`p8K79eq;h3=r5^nUI z=GQAaPX3#<*(MR*aT6OjJK~2y;VW;w>`{!t5|hv*rksR?PVS(xwD*J0UD<;TV5;6f zkEe%O_`F(t7vG+ge7Q(aTygYinOR=>W(B2I@zJE-n;cj!Ey;FbXV`KN`H6CY7v*6Md2Vqj%9b-xEW+Pu3v8F0MEnc6q zu$l5iXd*+w(W+>%x7ATeeW0I{8TO{3J=--y-udNTon1dYo05KSvw39EPwXV;3G)xU z4-Bi(Wxq_p032C)H*ip+uIn77{z0NxyYsrZ#4qF9T@#ZOMaH0B9 zOD)?t-WB2Pz6-p%)4IJQs&%l2R1q(vqB|KZjZSqZZS-xhd)=sW7yQ7+b-95*0t4S{)p!#O;*u3v&qAF97nRp3%P z?2lji+EV_lU-CpTvsqe7*@PX(?zo7TvQc$^UfkC>6IZ>7pBG$s&fWdyzc{|RQ(pv6 zE2h;;&w1b^k6~ea;ld1NN)wqZv@Pmsm87^zcD$HjdhO5|8D)qj@3+DW#ZE#Jq8j2p zQzg`+57ZH^ON}NmK2M35=6>vyEfcm;e_cqSh*EIt{m{FOhom>Wn1~=UvgLJCLAOcKT0kX*HY8-PDIh^Cv;uF;e|~i z1)VcBPgA9iS3JOF^?>`wAUX4v+ijmft9Xr?ta~-yfH1uk^@~_n+`5bOWa?1<| zn_#`VhTq37K+%)p=e|yOblN(Y8@y(=7?3Bh@@(|HS*+jL%7J}1>R%AT4cVeXdR=oT z-I2@-i6tiWexW6S4cuy5q_4U5w4KX?Q;B|0j8oiuT9X%CVa1@m$kRmRG0bV~qTT`G?abPB^5B7`dxo2i$b(K=6l4``E_o9t z9^ekT>$t(pfMN?9@5t(4HPhNPn{^dLy<(ix*Ww4c5XwFHPFt#|IrhnNvZI%IhJcIS zw`7V63oD&)LSe7Y;4J-6yOjRj%8^pu@wvtJt3o2q2E6z?bSQy=9Kv@Yq@NLnWZHJR z&U1dn;A|r{IL-jxSd%z9cbezR>R@L+abVxZ13qAD+MuzEAwkDdupmYW9z}aAPvcsjNM=)oK(%FGao0Di1=u z&q8JBCw)7IU@SU?7P_sQ6dwJqkmB#SO54i!;1)j7C1FSc1w?;mCBFi@oX{my znD}0rR47K@$|1K;jce3RN}*}pwTAa02#4-G*W&L!U+Qr*Wr=?_Bj4M1?$^QnY}?m* zEjb3%B28P}d9YDwP| z;LVJmm&_i?Ym2J)UmBhNyEtYm5u0_=cZAWnkg~IxY?LYj1E7J>i+A)NIu4#iT6;RW zH?uiD@^?E|Co6Xkq$lrEGk4iVP3<|ZIeFU^&_aR((C#lpT$JDU;heN8gU9YSr`;L$ z4%s#6FDdyl&K6?8!}F1_Tv${1kzphy=Ak~J77b#x!SU<131c&2lugwt|*_Q*E@4o+D}V41G5H1Yk19EntIXRaot_;(IxDml3NSQ|ie%BMHH6Bi{iC-+B^5{a z(S)?ql1n_5V*D@6-d=d@=!y5l*E~u#39^B(h|#mGj9>`so{q^U@HJQR6>oY+s-@7v z8zgl5S<*AH@z_ZxWl}A3(S^+=T@Z>|l9;_bofFS^eTi$266$fjP*Z1%n@{-WeVN9O z)V2Ye29~alpi4l0|tsLe4*)>08~`y_BVT z?00X}sw9tcv^VNP3T^O&%(%XKotN3khW6NAtI>L+!FHDmA|OK}E}PkkS(MGgUHC5! zl$YnaCx_VOg)VNqx^+;`YATZy=Qxw~RJEuwbk0Hof8-K2aI|^Bt<)i*tVD578~aEt zDfvbg=$-|J8j10ChQ#mh&0&UN-wynX!FYs&%;cQ+=y<%ZKc%C9kBNw%Vll@iz9=F7 zK*BUY1VaVllSJPaHf|s zj-20()V&EFH@c)(QX()s(CL&-n%*(l=&oNl2oZGSbzi`aJT^-)&FCK$m&)<6hTF!E zZ|Gy13?aAow(l5^Lm_j|H`Rx7UDim-2Cv;Wq0hLQ+Dd6Z36y*_Yiizplu*WL1)oy) zcjoux%3NxeD$ZM7Nz0D7OvB@4tgmmpg4SyP}v_t#r zjtB=kG(EM>?ALt(JZw%ht{SXO*4FAE?Q7iVK9Hnu;@ z&7&qwpl=iaeg(Ju%zT4gteUcH>SU3oQSOjBRX|U5oN+QpIE2&)^*-ik$w)L;^>PA} zCG?@fKXeYHg*lL+TUp1h5)(`IoVb_oVW%H`<qKCTq)#7xl01)&D%#3y|(_-=R(6_PIVXF++Msqcv<_;l0M{`Tbd-*5eiad=)cv)ATAzv=vPAj{) zI3yPA*97A#?Y%ua&KXr>%;rN`2=`9ZY~U?kx?-&3!rbd|B}{}BH{rjTIn}U)qeWU8 zNNuenE?_tsbtCx;0tFdqJz5GWO_>!UirSyd*@i59{pxQwS7iE*gf$JNQRuj~;{L52%oZ$cg#oh%t=9#tkV2(GT!u4k9L70xTJil9fTS zyL4ba-nwVLCEH+#>Nf;wHd7_EJJ!>8B7g}}{ZUsT#TrD`l#4YcTPvcJ_cTxN*@f?= zGKV=sf=r7_isdTgMXF397!8KSBlFs$w498K8|JIV%f2)bq|S1YgX4WYk=-bd;c3~0 zesbQ+8PTm@fa4GQZq~&y`TcTQpT5eNX?0Ii54ZmK zsXMl0SV(V(N_wWEM#w3~z{)UsSSmdebDIYAlF7DPHy{*NrluGt!bER${ayiMbrCeN zM$aZ#(tt9Qaoh!!N4$vfM>gI3rdV>sNN@4IhD)q#)4%>-<@#~f^c5yK4;xGjTBW~K0Nf<%O8ttw%on*TmU!ah04qGEyK+- zWQi1;L=gR|E|iRb=vI`UUjyK;aBqVmzXu6>OH5NTChHaQGeVT)-qhM)&sz(N7~2H7 zue5~4@Ng4BG8Rm0;7WQn7zxsA0W1^Fy@)g*GjOO5rE_?q^+8A-d34$FQ|Y7NFYQ_=52C>>7`{A%@?u-ja-N(m|Wxf_(P`<{bSEs^?lRo)|iDv zCjeH`WX1Hf1>cs58MfA)nQI%FzGPUY%=h`gk&RCx|1{Y@|p0pqU}0Jk&@m#Gw8 z+~?F{%&pP3g_nB6Zq^E8kzpIfPv+$@^B7jDdujnW=3 z1aoy*Qv#x$H@k-g4``L1*RDw(o_UPKHpl zr!ZP%iB_Ki&T|3QFHGqtxeZw(d-dxk21crGH`T56-)!y|c!M1%m8fq@_6b-E*}n(i zLB*1$?{oIST%W%WO6BK(kv%%z_zyXS5+~eqap87{idZ_mVqR=g2Sc03!&t=HzMv!L zsbNlYi+zpN3A5d`6#`}n*e5fP;m?1PP25td^u!e0{ThkIGD!FQgs-A7M-Q1HDfQl$ zW5og;gnxh^84VIi0q6E3qAOmDrD*zz#;y!(tdHcK`JJC2jyI~6S zj{u52#-4`qW~b=!ye75 z54Aap^I#m|HY|}hrN{Z$R|_c%xPDKTdrA#32mqyq`1Jqkm1-#bm>GKHU|d#lSSe3=+^zdyAif)uek6P!c9Szu**&ZNuIv+Ea;9VsJ(+DwmV@Pz>nXw zug8z^v`D!6_%(+gqr3ch>)OMdr4K+`m|3{J)%7;c?pHbf?e_P1K5)#lpb8FEzLYpE zP)U0UB``Yh?Uh==*%H%fvV@PYrG?4IzX{&fB=-Lny>92j5X?z=8WJFs%K|a_;b2PK ztWf(OLz2U~B({NAw)|msP-bL1c8pO#D_>8G)5HF6^{)cl8V@hejMX6c!=X?DI=AQT z+dS9b6d;jW4q$;(nAMn)1`5Obr@@glvl_GHBfoY1L>YC|R%FTNb@GFvX7CG83+5!A zxHo(8cj^7{gB_DoNkvI|!?S$RI7|D}p2vJ>aoXdLYmzhwX>T~XS^F`?G7Eu$0&aQb=Nv^6uMo| znfyC=6*;acKL7LMv5e;b>*6lCRBZNFDfEo>6}cuZ=EeH&fwI^CW6$!xE;s*gRHpww z^-&RMhOaKzu~!|J5njmP?T#^Dg9GhYkiaOURVqUCbQ6g`qZfvluOru6xaim zKeW*H&ymNLkbtIeJi)y9Abx*I2+$N%ugmySBaQx7=WAmp1W#^*0T-y=dEK74o*|CiqR@km4sv^VBtwJ&hAHLX*-%6Z5&EF$_L z#5^fK&AlSccheW=bEE()xI)btNdeUd`Kf+yn~wrtlr{uL0XtdQfFmZ0pIdVaSkHCM zmm51RN7yy@^uV?CiPqD{If|XKOO|swLRijPOBQ)nGHgLLI^8 zVjuk8JvuYb=Z6PlUtu!xPEP)&rYTeKc}>ma&E(RiRV6^lxhfhN4pCHWw`}>V)p^!Z zDe8IJtigLw2iLHi>Vr2_QTed8wq9k`u0~nAVI{LSNl{c>yul;|Xhgun>kQf{2JR${1~0F(A+; z2r{=K^AIJ>fkfLQw5@=KNeF`ofer|1L5Km8sI+33!W;CiBdT-tLSg;a8sMN21Rl9b5``h0ZG%_8f3grNU_8W$V9BT1&1I!U4-)EOVuGdQ9 z*pPh#DWZ<*4ZU-xdFkU9-qe)ax(23(&Ip<~t;c@;yo-`YvS#^vdmjPW^MEawWUK8` zv<{JT?;5KQ41G>SQ+VxdO`kURR0HW&wE69-X#_Bup&C!OGobJs_}B=!?}h76Bb!DA z!+_}r#dZh7VX()#fbx?|m513R9MRWzghHWlO?)cKF_ivTJlcBV3`DsK0kozL|J~?e z$N7pM3MvVJbS7=$ePtnfR#Vr6U^V%vLsp)<&apfp=ht0pJdFn01MS_zh2xZt|zJ z^4^gaM^lzLiN(nhFF<5UPaC)Ll}n3jI*o0f554*fRWvB3oAMUY^zPv)p-&fY#`>#R4!E@8Ntu@b|U(!)T+|xCHKmxFX zGz=t&I~CeJ*BFDc#a29g7<$IhvBpmt4^%mGb9ja}#>N4c%gUNL)3}`C;##HrB*A-p zk|yycjhS2uR0yf|>(}l9_F)`X%c1cq9p<8pN;{f2+V&&#*E^ZR@7(PB)pueBM{{;H zMzB0a4J$tHQ%hA_cx9?(3#g2hrD#PEEtQRdoCX>np8nUxmkIL|QtiQa*Gp%cBZz$i zZgyqGHUn{Vyk{s-slZkgjklOfx=BFx*pVVxx$EQ_T`m?Vd-s*I`|p283X=>5#P;3R z_ziq{lS}VuRb8y{oTuw+4|Q9rPY@^i`(b|Q*B3##4YD?R20eZv@)xvhS%3WG`ktif zKMgdW^gAYh`cv7K@kEM3AU^4b?7o=%kzQpEq_Ep!{61OR8<>AP_}z(-$hothtuL_q z>yJ-;{^i>9|CHGE58LNuwX9$Ej`ZfP@)PR3Nv{1sG&c6bZLZ(*YyO>N_Fpl;{+&Y3{yT5|KajxiXC^Sd>4^r7K9G^zm2SiMZ|)AcHz?u~s*-qC-4 zSisNbjodc5!m_w}G5yVs*lX?k(ypq@1fAPcucp2a;jf+DqoZL=AIyvLNo9TfI2rqz zlW&o{arOhg;hX;7ZwBKgOppUXdAlvIny3Hqi_?AKP3TskX6J53=S*rDKf=`ROo;*i zT;<3nqbK7fB?Y&(jz97;<%TMBFlOQMPyIOs59>WO&=A~gi%B`uHW~gleEXfS#*X7p zKtpZeL~5CCz;s8zc0}9upWGgjBgJ3u-mT%e&Ag!jxjHU_n1!Q0HFM+5Rb5>@%S6%l ztTy z7%@Z#4|(1mtZs?)q#S0flwQ@3LtuH$HB4p*N+F61@vb9PMlRt_CQ%Fie1*&BOl)lbMNyLK3s z*ZT&0J+RI8$9feRvMw5T2qkAGzUJMmFG|R|=da;Z|JGO30{;BKNuZu$FZ^A<%QqYQ zcyLf_ukFkhD9j@`&tAU3#(oEkgH|1D!#M^HG0%+m_|zfs%F%U?={IDoZs!^G&Sb@x zF~aqAY89xoRC{Ae30$f(Oecp7JA%RdxLRb6$?;?>|i~=;Cz- z{n3~&Ota)DWYK(PH;bM;u+_xSX-X^)O!9Dh5cQTDLyK3G@(em2NYg{`T^ZPemxfvP z53Vl+nP{XKiXyn3$wI>zgx6u@hlGhqpEzQ?^>Alt?reOA-P}=nEInozjKq58n6kOg z@+hTFKwhP*f_8f&T`>X1xxox?RXZiIKcGq6YnK2rg$(I z%r`spi^yO`?VjLdR7icj)u*0ie&aIgF!1M$yz2_N$>Z$SFRq}Q&pY#6Obnfa-tBMH zxa6gGk!N|uyEEIQT%zd8Fu5{1s1SRM2ib{^(Y19OTF+q(cJu4l^go*N;`#S|bB9<( zjnK1^`wDD4v}EFi-NBV1!J)6zcM3oL#!Z#}t&+gCim?7u119gGNlnLcxwv+a0FiGB zCMqWJYlchq4)*EkW-mL57$_m8vBLk z9Ul2pb@!dHJN&4doOUy+jtSFeoXRo*U-w+?vm^yBFy3g&PT_f)aVCCnY8aj z%Cq#b`gbj~Yx!M6@E}x5+7nV{?)j{-0K22}LPSS0H_@vO1FxK|^QZ_}#suw0kt5w0 z`F$UzJ+=E2|Z!Cy`P?ccJy zE2IA&?_ieYF6oepT| z8<+KBN0#$Wv_uQV0UM6F+S?92o=M_-n%w$*KVHj^5Mx#cb<>?A}EJvEc1nOf+WOiu|#IAXT zcto%a^h+z)mGWw}d5`%{pl=Afa;27=_*>NHE?-*$&iFz*Uow2WA9E_ zfB5U-i_9;ZcIJXP^D27iD2f-*K^XyMvwj2g3%0 zeGlDI0)R~04-mQRu79%lBD5a}20u&ukfPSQ5~DizxkzS1R6p!xKkK;u7dJhD99n31 zVWV|(0s`7!*cj0m+zs@dz)S;442}-zx&h`q#spD06pXzJ73&V{-U5~zA9b2HJ~;doAcm-L4M~UT=$W?ukW|Rky=sN*}Jv0 z$}bw`tv7+9OPl{Ck=uM8IOb~mEXA+7zO>4*`1F~ZPMWD%Pql(B1z-fVs^c(J}Y^A;UYEch_NPB}>CcjCQkgo&= zn$5hKkFX^eC3mcu;;C73u_oLJ7xcE8&#&e#5VUSmAvZV(5@Yz;BQ} zM|*E;_*Hu~a0ewLpk$QO!9{X_YMyq2lr3bBmGe9kabNeMyZcPf2hndRQnVyWLQIw| zJLcq<2Ji&%Di>xBVIWo<^yTU*Jj)QMP=bHxz0tX~gA*SyxQ!9E^k`qBU7U*ieh3Qc z(GS;>)Ie)FXDLfXl2xkYg?Fd1&n~x}t#$FLqGw~Gx`IEqxCGDG6KZd|0v(SLxL_+R&(iSH zMXm4r-j9pu@2;!tW5&>~&+kQd03_aGUo-aEpixIx*Pz<1XpgH`E2bGr2hq6At9{{% z_=_-BTJ+~E{7sPI_jYDV`N$;>mplJ%QtH8);Qp~Q+;%PPw54Ti_UBgD30wSj&5R*? zhBZTq>N=0nsz=vA7s~8YU7s{X%{`m7p1d~@w`di@yfm!JsS9$}SQH`Vr-jYo?{`bJ zl;f6@!rA9p5l172em(SSMuyy(+eCc(_S{CYCa~RkMqZCpw!6GJff#?jGtX$XFP$I3 zSvllgA4=6mtzHHg5L*ERS7#kHdH#OeP>*}?> z)F0R>!rK6>jD4~4>9TJ~!h26Oq)Owl6%lpITMGO7x(BNmcYdAFukdLIu01=3q`_dr zV*3W73QU`D)Cu6Ry+TBA*PdvX0&B_}AcY@`@JryCOQS6J{d8Y`x4Z;CT<2#!`2;y6 zeYkTK*x=RK=O=(s$kqkh@C=Sf9lTdy3jQ`3H>w$82o|vlq{U8MJGt7!Di^Yqqy+Y5 zSZ+Eyoo3o%wqxg+$Upzt;~wR^(0?<3e1{_X;kExxpL-|r4(Gi?-7$ykL}iWtu(0bw z;GNBCJAU|L_n9xw#D`4F1LJaU{F1hrfs<0}d`GOfT>{&XB_boPBZ?H#XfCPnPIcfv$Ud z)CxO~wM1gC678fx*%_7{7CwmFZ9O(NEs87ogiPs7dDcpwqfSuoqnF+60?n;Dv8U=< z6lp0-FSibiW3DLSG3y`FL0z~ycoebmRG;nAqX5p&+l+hKbudM`N$+3Mg4UNXA!H5^ z5gth;`I#oZg_9SX_rVD6Cf7e!>=&}i8%C>Zg7LW?T{#Bu`aV4zw*As=jc|`??Zs2sW2p>^>Hd(jNS&mq9b~0qYs}C^3@9@LSAF_VFWNLAXqn~uZk4(C>5aEp zD0&1K&-*Y!&P7jtamylAAJp6KcyaRW+=K80T3!THL0oN$N^*2y$F?;NE?PWMLBvhiFhTPVC|L z9SnSv88zX5EFal-o6B`mCb(=-+bc7t^?Le*;djH2<;N($94Kk$X3B>O&}lx=TaM z5`ad$#rV}p-}sSScJhYBJ#GpvmAcyR3{O>z_c;a)zWqR+dF))zTeAsb@e(?`LM-i= z%K}mfO)}Rtel``{->DVDx(*`Q5#)#}hL3a-2oy*c5$7QjB=H^O1%~#YoZ?k$oU>ZPtZ+|0A zfJ!bvl=`4!X3_NX2L~Npk(#&@4hUQiV9*Prix2izd?t`GsOM4?}brHDpN)zs9;v(rBHZELJU z(CNa6y2#!H`B=9WmY zx)62{Hx>x-RTU+Ve#0%%6>qt zmdsd|V~=L{%ui65U1;gzcx&p58|g@PstCh-?kJyTS}A|NYm&4wrKv4S>P-<*L@TWF ztnMUkF(?E+dOq%UuxRnFi!g<*3*g+#-JU@T&ggtS&%y^!r5?jY*I&?1n(EWE*NACT zlT3447K+fQh2pfdv}qoq^~3?c7FX1v;QV8LmE;&ff}>7uTG|`ghi9gRB(2!@3a{(8 zcbhEH9Zf^u2WpxvJze!v>RX8`b|Oa!`i!N7bvK|G*X^uKG0^Z!feLolG3=#TzA>{p zRnj->L>y}2-BW@`jny2f{p#w>2`IL&ynTv9vx#pu4pN1BZy;)@c>Q&8o!lgRYKhPk z)l7e5r4Y#*z%aWY7nrk+Z|1zNEWd7OFOjD3o(53I#fq)kU0e38cK6ZjVyYjBr{7vO ztiqf*W$DyE6FZMK#7^utKLTChV`vX96DcJ^W&nf*1m<0fU+%_IhA-JU?nj5lzq_6v zHn9gS)xvZGb2}s(>rGi(pc^&4JK7>*)g-aNJt&U$Yq?q~-(EB)jd(&HHWT>8en=uq z7g4meAbaKPvVKX|1)4a{y30;vHV;C}1N$MSNOcrX_@sI6NVjLRMV2Qnej|B!y(zfU z`Q{$p=s{24q>BRXW)0ut`U=JK1rh?D)B3TaraqLZZE8Mz!BMNglwq%*k&zLATEI+j zQpc8Q47Xt)V=bHb$cgyAL;1m3=oWJbq&|cZ6tjAPMz`XYuv5B9l_^o%ZKm?Y3K2E` zJ2$oBMPJoGxLV;c@qCi!#6HXDLb=LnJQ<0|Sa{wR4^9m#V_uZf|5Z}*jHznUK(SFx z6G!Hs2qqUW?~SXHPWN`bi(;0BJUFvQF*^AsOQ$qKA$N4}Y@n%)WtO?FPLaxISOze8hWSWc{DFgAQes?*(oGBJ5F z6LR9qt!ngoyL>v#*{HyETWp8Wa_nKgKRT!~+LRGOLNW%*9HMFRo&swHB;cH>YOji! z`9KysBaUGvGj@!G(7r@|{HnbQC3uFkm_bD5d55-~vFltvtF`BqmUl=| zEDMz}NI9;!Wh;5huG%~K=oUJ+D$U-m4H*T(ADJg*y}k+Z3{xQs%=MtK$R|@hHqlU4 zQ8j8v8$Rt@?vcIPt$#51~8G5X~B$FEgWsU$Jxr#;@+UPe-cdEgFTWsZy9 zK01BNCuT$W@r6>~+cvZ$*-5!jFL1Tut(qby#2OZefZzf=veShb;^g2ktoUGEU^Y9M z=evRGFDY;Cp>SGLrQ~{fJZoC4;ol|J@HHEvdip1s16M2Bx*LMAV8v!XAx&6on#Ux1 zTtbs|>DyTd+=YYbRSA4^;KM{Uo;jPbzvRpwuagj8RPDXJR<<`isIF3=DioXP>YOe&9O8;K^6A^s_ff;^d~Y9ih6 zsyK6NTD7-%)OvI1`dceKaBJW9wwERzfY!hIx-;bci4RK(Kd$U4*Nu(V;=L1d0XZ<^(*jX zcBJbR-cq;zsal-C5^~A!f4tFr?((0WcD zE~M=Co(|WRg~H2i{?6Fgg?A^U3k{wHzMaca579zTfOJverHotIL2WzsFAXwQDng>C0}Eth&~C2xl=X1hSM!3dz0b;R<{# zTIk%1|`uVjgPg`+>cbn&3kxVd%2mm-t*V58rJW9`n~Te`?~|CK=dY~vlv4$6dw(ZpXvQh<^Kb(vj{lp_6VAt zwWChlRp6&;o(%0h-)(c{kGHz?VbAW3 zd-dyXU8|=`x)++vS(!h$y)z3VEB|J%*~x83e?QeU8Y3{X@ThP1ms-$1$ZmsK3bddG zYM6V0aoma3{Zbo!(uV&mFwNH7Y^T0!A;F4B`%t;ihY-owL!MJuXJZB^crIutjlM51 zZasNxi&}J_;FJAwz3X3Az^LmV3&-)0b2_e!6hSvmE@J7YN)@_*-r9&>iyON18((DULbXu~%LOHZY&ZLj>wD=?((xf(3mc$w{Zgfw*;Jc4q=>`a zATV^<<9qy?-IN)28?%Xh!U%nPBl7X$$$?J=C~trFKRurC`FZ*~n)TsrM$dl4PQ4A# zSu2*bAlRi{nWYI5dD(8jc3* zK?%P3b3TL2$xSo!z&%#|=hcr&VZFURHO0juSK$S8;iz$bZ9t znu3MaFa(=-6%`aXsy!^)su({x&Od4uU{zJiw4iAow{n=Mt8fqhx=32vZyhy5O&PA)9ClBny698{Cs{3PMJrMdNptj9I*D zkdJ?9wAakXxaFm#qQ}~A9x0m7(3Hg=g2HMJ-D1~WU1F71_!h>?Mzqa*NG^LJQJDo$ z7>d(3(y}GkpD?(p)5p~EU><4U@ce@hI&Rvu?=bX-)9#m4Ez3N?X)dqj$$AFObTQj| znCFq7G@7&0R|VIvoWty@(#&KBi3g*WTPg-V()B0dsjF@TJ2AJy!kBQIBN&K*La1ws)l^o!#L>`Q!P`E^(Q-5;eah-VuHgI|SxT(EZVqt)YJ=aka zSu$F&Ot6dV9F+QyoRiAi;NF+pa>9q)w~pVRV;e)ObFcPsU?jN#fwKCe)3^uJx~p_9 zHAKI5w4$~D4L#+qUR%jI4zbE&E45#w;gobYurL!LGaI_e#7mYqE|cA-{AkWFlr%SI zkAHL6Sc0N>ZoCRVD7ukj9q-~zauHSr!cp_328aPj!McC7s95lt#>#8gQ_F@^q^miY z_)AWZOO}LO7%Cw#T;2cvD2r%Ti&!>?k;Hw3?r{T6%LBQ%tT07_6Sn^d4&VCnG~HLA zH#u=mSYirCMg25DYhS8@`&YZc!p?DirN9eG$POQ^{8;~Ec=}ElnR{>0KjnDX__4UH zY-|b5L%)#A!k>K9Br8{Yl;tiWT*_gIkL@SaeJTye4TuDo1FcwxeWoZ-FY4tB#Jv9Vhj$V#zIH?`yHD5T$Dwg zY!ke_4Su;lKzDNDJV9D*z)$fAXN-v(x&9;}A6`@A#>t@)%+ZDY)j0hq>y#5~7W#VG z`V}$#&Ct}EL0;_Hj`_u*UFO+2RMJn?w-8Rki3a#w{r7WgWa}YR575z0&Gv|bC%kAh zFe06XC)Ogen<+$B&WBF8bl^0UwVl9PewHKEzCS1Drt-Xr~Y*U55A!e_uqZGy?ruad}ZfWJ(nzMm%qsN@6)fQNbyz`2~_=^@UNfZihc&Ud5n`?@3 za$a-gHQscgUCg?O>uFgYVDt#9-L+f)(rCEmIz5k-*crP8eSAJRk*Ehg!)bhb72YJ} z7oQCrnmXw%GvW>)SFEEacNyed%a= zAg<>Sbgy338Y3MxSMNKJ*jbl9ib9xmU#QV5O?fz%L4$_zN-f7L<>u9GrHY02YCXm{ zF6E@PI5A~_sEzKUBK$|xvu+LTJ=Fmt#Ic-}#=fnX6 zI(@gsRJxEeSMFH_?vqR4cGQ8P{4Eu&G4OMB^Qa%INeb%huif58jg}=);md8bOYB~o z!Yjep{`z?fKe;%`9j)wkU$oKZG}2aCs*UQ$KN}_A4i=X85u}R81CdHzTYwz)h~Yxe zWzgVs0pC5Q(@<^X3c~jAwzpDw`JY}VvXlWTpMebb4qo!T7YqgER0CDj&pXx5Ax7`gDgnF zeHe~hrIfX&(Fv(mt`_J*SWBg$y>oFheoe>Nq}oOH7ra5KuHfi>7}-8fstl@@59!xI zg&zznO&L|tS?8!$SXgruW$XxDpJ1Pg>M%s)bu5(`5UD}ow-Awq{9H$vc;Zh62z0Co zhIzFsf-oUWADj>;I0=mNVEG)lcfCksvT64Is3YG@ZWq9vUbpgV3>TE*UGL(boyr>I zC5>oEJ8Q9N#PwR$psn|Wj{v9xIiOZ(+CM4f+$(VJY*&NpH;W*IO1~NcasLylcx-j6 zrlpD3)q<%~OldrOYdLmv{<(>ivLtv|86GBmUyFFwLxk?atGySk0QQ2wqflTR37Cnbf@NGoEkIN8DvEsKJ&xzRTC_I_#Qaj{J|3d_?F{@av zh*QibVJp^Fc?Qb4rmHW442=3sb2Zf0udv_aV45lLl@XqV)13w7)T8Ora+sFfsoKro zMt-`TQqX_ExymAChRIMWejA)fHpq=Yn>+VxV1ZUuXAoAUEB#-x*KK@`UM$_$6q>IS zSL>E)Wsr~Et?{Ju0fjX+$F1rbT+dB6b|x@fT^ON9b8-G?L4!lK#DXB>y&6O$MLMwq zDrUu5kV_B_XV@+7y^t-jr9F|Xn;T&4(O4K)r(#ezACT#eTR$C6w9RX-bvs9hl2+6m z1Exp*QL|7d6U;Y9*u>l)m2y1H=`OKvR|xI)s6eDIIEIZO@^I6IsEHhsjd`OZF|rw- zx~Dn=tYsf#e02K&ELE~Lz3e>h5uSXxkL&qhm;}|sij@v@RO zAH3MN;SqMBRV%6O_bmkuw7$|;?|8u9Cx+L#XO zDB$ZHw6C6C_zu28vZOwDpqJzIFBi zLCU)^XrF8h954%rgDLb#!m1mY|Am24qR0V$aC>Xs7;0@5VW}LY?}d?57&)Yqdcu7= z!>hx~?X-`1D_)PRSDPv|_+!_mH15biIv+L}x2v=9gWhZzu&F=3A?x z8_MBxgGS=@HuqApX=Ag83qvDytTk&hem-MQg5Fd7}0YBDbPP%~YP@_S?hVDI;02bb+_cZw27+y-6yKGvc za?#oR(VUKk#cGmwBNpnpnDeI3m{EVi2L`+zxK^Uv)1E27oL23K-hsGE%Q6+j@Pah> z5n+YcFORXO&h`#gE9FQXfmfGoz0!d;aH8SaiXIe4F0?=T>}r1yd2m9)E%G1U4-aSA znco)D)k_q`nFV2Xo=$$? zn|%vbLv#yU`NKWhT2CzFjVS}2>^z)RU6gVi2$Xe_6=mZ%^L5>8gq6}wb*iY%AO8#I zm|>+Y%DsRM(N8H;z|7 ze*53$QD~R%mF!AX8Qx7lRpx-=!v45{yQ<$dJ=Bc;r1kiL8`zK7oOO6R9G~H>r}@u@phASnBX)Fx?lVLv+7=a4>|vaU^T zibP6LyriJu_~q{QM7!vMT)TCHswJ>cn= zblq?FK%s}VaAZUl~#xEApv-PSQusYXxwoW{dJ96z76}ix=nz=U+m9N<`_6^!7*_|i9zgqEX z3SsEdwGtHOouHOvomdcH5_xH0D31*W4k^5tAJTZylMYap5_V}X1Q$)ch`kB|lLYr8 z-K7vqP|~U>wI@l_dUe)T@kcg@=zv~#UT@dV9#4>-*={xUeoXn|7V`ZkNDDD%bNzNO z_TE0rW8$OUdi1JNbYWno9n~sWj}D+DlHj(ptFJHJZzwvo<>r|)6Uow5C$DsnC~rfK+dF~R%djfpdc)Dc|RbqL94`E zH?nUJ2#}fpL2y;zl1g2q`9oB^O`mpAf`x8Di|kp<+0RmdUe;&VaWH#!Qws;?F^Eol4o_qQS& z#xqq2ti7V_3w5pn#V=gEgolL{M)^cP^#b$(il}&QuE(&h^@y=jK#ra1E!*6)L30WH z3OS`&C=|xc4%bGku@R+XD3O-e)d#mt!EKc-KAgnr<~o^!Z-AD&07g}nWRZ(Ft#sR| z=XxHDY7AukG`6CyZkGH|Eh7VpJ!73vGPiyx|I(}78+6wnk2mnX?gnt~UjR1wB37iP zz2d$$&VO-F2VxIZ1ue&7=A%Z?Em13?t^97b(*7@?8L#+}pp{!e`NfOhs$%?GQke`t z48;gRlgEQfz{Nu-Azc;K^6-hv^^NHh10b+1Ni?1SkZsbFks8mrIjSlD2UP%ZQ}C<( z2FV#2xd7qR6HTBnYhx%{B&B;z_4X?3>9=f|g=*LVpEBBFVm)NGMd7wW#K>)=JWOwF zyR7>Ht?XbPuj>T>hZr|Tb~*wX0dr&WeuMdMMkoKeMKxH6z6 zMjzO)O~FqkdHYjTjGfb47fT(s+Z`yMNH(M}7jn02S?dDa%q}6C!bwY6?fWZ;T<%aU zK2_KdRQx-_EkdD3Nu??#goEmRJyxPt_nM&vso$U|mTb=1U2vNR{ z)-+u!UZ60wt)>%b-J3Q10sN1#mo8E~qsihlS>m|RG<4~HWTP;iyz(n#dgwBdqmDUg z$IsZu#8z$OEp}Z2_$RldCDjQJvyOdevs3T360uq2OJ~HiVhQuOdkF{N3J2e}S8uGN7*vD#p8avD}R0{xM53Th5HLIRYl~zcv+{LF# z*G8_~?XDm4@R=%0*N&!Qky2h0RP=gJCyJlZ*(&J4S+e&J!Tw=l_>iKDIe9+ESO`*7 z{AgIZdqm^@YH8o(>h?=;JvQpJ#d*>SKzJdFzmZ+I&cBy=6jvdvSu zHpt%nrooZu)pDKSP9sZ(l%LfZm<8$kd-qhq9Om@u0oCYk3O<|UYP|96r{J$P?&_(_ zfBq+rgQThVJM~>c=^r+Xwem#W|05pzKRcO}Qx9zoNF5sTj!9Gv;d{(^0y2NGF>i0m z#|n^XZKis03G&v6t9tU!$Mv6$_y4KacO3{tE2V5kttI>6HU`94e@X&dqk1Gq7Cf7HT*My9tRF0y|4 z=*bOY`+L@rA9_<{cl3dOh0`=kJU8*}i7SABLz%BrIkDu~N?esxz7G&6RaTgnFt(f_ z$^zaC$bLR|7FYmB?WEW}MQR(jBPv&Q`ivmF1cBCGn8PQ=!mY2be~M_H`j=1Kk8__N fkN@BHsL&y`dYZ7E8V{ Date: Thu, 7 Nov 2024 17:09:01 +0000 Subject: [PATCH 19/28] Adding secret example configuration 8 --- content/learn/getting-started-secret-management.adoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/content/learn/getting-started-secret-management.adoc b/content/learn/getting-started-secret-management.adoc index 7215d6e62..280799801 100644 --- a/content/learn/getting-started-secret-management.adoc +++ b/content/learn/getting-started-secret-management.adoc @@ -246,6 +246,8 @@ config-demo-mysecret Opaque 1 25s .. In the OpenShift Container Platform web console, select the *config-demo* *Project*. .. Select the *config-demo-mysecret* to review the secret details. ++ +image::multicloud-gitops/config-demo-mysecret.png[Secret details] == Next Steps From b548ad03588d2d5b62f8cd5355d8be1934cfbed8 Mon Sep 17 00:00:00 2001 From: Kevin Quinn Date: Mon, 11 Nov 2024 10:23:46 +0000 Subject: [PATCH 20/28] Adding links and soem clean up --- content/learn/quickstart.adoc | 9 ++++++--- content/learn/vp_agof.adoc | 2 +- content/patterns/ansible-gitops-framework/_index.md | 2 ++ 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/content/learn/quickstart.adoc b/content/learn/quickstart.adoc index 484b29bca..2d27348f0 100644 --- a/content/learn/quickstart.adoc +++ b/content/learn/quickstart.adoc @@ -45,12 +45,15 @@ Before beginning, ensure you have the following: === Network Requirements .For connected environments: + * Access to public container registries * Access to GitHub repositories .For disconnected environments: -* Local registry with mirrored operator catalogs -* Local Git repository with pattern manifests -* Proper network policies configured +* One or more openshift clusters deployed in a disconnected network +* An OCI-compliant registry that is accessible from the disconnected network +* A Git Repository that is accessible from the disconnected network + +For more information on disconnected installation, see link:/2024-10-12-disconnected/[Validated Patterns in a disconnected Network]. diff --git a/content/learn/vp_agof.adoc b/content/learn/vp_agof.adoc index 9be958acd..b1637bf91 100644 --- a/content/learn/vp_agof.adoc +++ b/content/learn/vp_agof.adoc @@ -12,7 +12,7 @@ aliases: /ocp-framework/agof/ :_content-type: ASSEMBLY include::modules/comm-attributes.adoc[] -== About the Ansible GitOps framework (AGOF)for validated patterns +== About the Ansible GitOps framework (AGOF) for validated patterns The link:/patterns/ansible-gitops-framework/[Ansible GitOps Framework] provides an extensible framework to do GitOps with https://docs.ansible.com/platform.html[Ansible Automation Platform] (AAP). It offers useful facilities for developing patterns (community and validated) that work with AAP as the GitOps engine. diff --git a/content/patterns/ansible-gitops-framework/_index.md b/content/patterns/ansible-gitops-framework/_index.md index 713ccff3a..0fd619074 100644 --- a/content/patterns/ansible-gitops-framework/_index.md +++ b/content/patterns/ansible-gitops-framework/_index.md @@ -31,3 +31,5 @@ The Pattern is then expressed as an Infrastructure as Code repository, which wil - Red Hat Ansible Automation Platform (formerly known as "Ansible Tower") - Red Hat Enterprise Linux + +For more information and guidance on how to use the AGOF framework, see link:/vp_agof/[About the Ansible GitOps framework (AGOF) for validated patterns]. From 3f22f509510c8340b5dfd8eabd74f2a0f4b47ac3 Mon Sep 17 00:00:00 2001 From: Kevin Quinn Date: Mon, 11 Nov 2024 10:42:57 +0000 Subject: [PATCH 21/28] Adding links and soem clean up 2 --- content/learn/quickstart.adoc | 2 +- content/patterns/ansible-gitops-framework/_index.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/content/learn/quickstart.adoc b/content/learn/quickstart.adoc index 2d27348f0..a8e237ff4 100644 --- a/content/learn/quickstart.adoc +++ b/content/learn/quickstart.adoc @@ -55,5 +55,5 @@ Before beginning, ensure you have the following: * An OCI-compliant registry that is accessible from the disconnected network * A Git Repository that is accessible from the disconnected network -For more information on disconnected installation, see link:/2024-10-12-disconnected/[Validated Patterns in a disconnected Network]. +For more information on disconnected installation, see link:/blog/2024-10-12-disconnected/[Validated Patterns in a disconnected Network]. diff --git a/content/patterns/ansible-gitops-framework/_index.md b/content/patterns/ansible-gitops-framework/_index.md index 0fd619074..640359485 100644 --- a/content/patterns/ansible-gitops-framework/_index.md +++ b/content/patterns/ansible-gitops-framework/_index.md @@ -32,4 +32,4 @@ The Pattern is then expressed as an Infrastructure as Code repository, which wil - Red Hat Ansible Automation Platform (formerly known as "Ansible Tower") - Red Hat Enterprise Linux -For more information and guidance on how to use the AGOF framework, see link:/vp_agof/[About the Ansible GitOps framework (AGOF) for validated patterns]. +For more information and guidance on how to use the AGOF framework, see link:/learn/vp_agof/[About the Ansible GitOps framework (AGOF) for validated patterns]. From 061e765a508d30c915371fefabf47aa7982c49d7 Mon Sep 17 00:00:00 2001 From: Kevin Quinn Date: Mon, 11 Nov 2024 10:59:56 +0000 Subject: [PATCH 22/28] Adding links and soem clean up 3 --- content/patterns/ansible-gitops-framework/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/patterns/ansible-gitops-framework/_index.md b/content/patterns/ansible-gitops-framework/_index.md index 640359485..18e64c3a8 100644 --- a/content/patterns/ansible-gitops-framework/_index.md +++ b/content/patterns/ansible-gitops-framework/_index.md @@ -32,4 +32,4 @@ The Pattern is then expressed as an Infrastructure as Code repository, which wil - Red Hat Ansible Automation Platform (formerly known as "Ansible Tower") - Red Hat Enterprise Linux -For more information and guidance on how to use the AGOF framework, see link:/learn/vp_agof/[About the Ansible GitOps framework (AGOF) for validated patterns]. +For more information and guidance on how to use the AGOF framework, see link:https://validatedpatterns.io/learn/vp_agof/[About the Ansible GitOps framework (AGOF) for validated patterns]. From 635daea4924dd3adb69bba6a07d6df26fa536a80 Mon Sep 17 00:00:00 2001 From: Kevin Quinn Date: Mon, 11 Nov 2024 11:10:01 +0000 Subject: [PATCH 23/28] Adding links and soem clean up 4 --- content/patterns/ansible-gitops-framework/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/patterns/ansible-gitops-framework/_index.md b/content/patterns/ansible-gitops-framework/_index.md index 18e64c3a8..83a6d000f 100644 --- a/content/patterns/ansible-gitops-framework/_index.md +++ b/content/patterns/ansible-gitops-framework/_index.md @@ -32,4 +32,4 @@ The Pattern is then expressed as an Infrastructure as Code repository, which wil - Red Hat Ansible Automation Platform (formerly known as "Ansible Tower") - Red Hat Enterprise Linux -For more information and guidance on how to use the AGOF framework, see link:https://validatedpatterns.io/learn/vp_agof/[About the Ansible GitOps framework (AGOF) for validated patterns]. +For more information and guidance on how to use the AGOF framework, see [About the Ansible GitOps framework (AGOF) for validated patterns](link:https://validatedpatterns.io/learn/vp_agof/). From 153cc3273ffee4cac53c40dd4ecd9b147147a1d2 Mon Sep 17 00:00:00 2001 From: Kevin Quinn Date: Mon, 11 Nov 2024 11:29:38 +0000 Subject: [PATCH 24/28] Adding links and soem clean up 5 --- content/patterns/ansible-gitops-framework/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/patterns/ansible-gitops-framework/_index.md b/content/patterns/ansible-gitops-framework/_index.md index 83a6d000f..0a947ddfd 100644 --- a/content/patterns/ansible-gitops-framework/_index.md +++ b/content/patterns/ansible-gitops-framework/_index.md @@ -32,4 +32,4 @@ The Pattern is then expressed as an Infrastructure as Code repository, which wil - Red Hat Ansible Automation Platform (formerly known as "Ansible Tower") - Red Hat Enterprise Linux -For more information and guidance on how to use the AGOF framework, see [About the Ansible GitOps framework (AGOF) for validated patterns](link:https://validatedpatterns.io/learn/vp_agof/). +For more information and guidance on how to use the AGOF framework, see [About the Ansible GitOps framework (AGOF) for validated patterns](https://validatedpatterns.io/learn/vp_agof/). From 07da132500f5af48ec7b6ef11fbc35e11d10ddaa Mon Sep 17 00:00:00 2001 From: Kevin Quinn Date: Fri, 15 Nov 2024 17:29:46 +0000 Subject: [PATCH 25/28] Adding peer review feedback --- .../getting-started-multi-cloud-gitops.adoc | 29 ++++++++----------- .../getting-started-secret-management.adoc | 10 +++---- content/learn/quickstart.adoc | 2 +- content/learn/vp_agof.adoc | 6 ++-- 4 files changed, 21 insertions(+), 26 deletions(-) diff --git a/content/learn/getting-started-multi-cloud-gitops.adoc b/content/learn/getting-started-multi-cloud-gitops.adoc index d7036931b..c678aab72 100644 --- a/content/learn/getting-started-multi-cloud-gitops.adoc +++ b/content/learn/getting-started-multi-cloud-gitops.adoc @@ -16,12 +16,12 @@ include::modules/comm-attributes.adoc[] Multicloud GitOps is a foundational pattern that demonstrates GitOps principles for managing applications across multiple clusters. It provides: -* A GitOps framework using ArgoCD +* A GitOps framework using `ArgoCD` * Infrastructure-as-Code practices * Multi-cluster management capabilities * Template for secure secret management -The Multicloud GitOps pattern is recommended as your first pattern because: +Red Hat recommend the Multicloud GitOps pattern as your base pattern because: . It establishes core GitOps practices . Provides a minimal but complete implementation @@ -117,7 +117,7 @@ $ cp values-secret.yaml.template ~/values-secret-multicloud-gitops.yaml + [NOTE] ==== -The `values-secret.yaml` file is placed in your home directory so that it does not get pushed to your git repository. It is based on the `values-secrets.yaml.template` file provided by the pattern in the top level directory. When you create your own patterns you will add your secrets to this file and save. At the moment the focus is on getting started abd familiar with this base Multicloud GitOps pattern. +Putting the `values-secret.yaml` in your home directory ensures that it does not get pushed to your git repository. It is based on the `values-secrets.yaml.template` file provided by the pattern in the top level directory. When you create your own patterns you will add your secrets to this file and save. At the moment the focus is on getting started and familiar with this base Multicloud GitOps pattern. ==== . Create a new feature branch, for example `my-branch` from the `main` branch for your content: @@ -127,28 +127,23 @@ The `values-secret.yaml` file is placed in your home directory so that it does n $ git checkout -b my-branch main ---- -. Push your local branch named `my-branch` to the remote repository specified by origin by running the following command: +. Create a local branch and push it to origin to gain the flexibility needed to customize the base Multicloud GitOps by running the following command: + [source,terminal] ---- $ git push origin my-branch ---- -+ -[NOTE] -==== -The idea of creating a local branch and pushing this to origin allows you scope to customize the base Multicloud GitOps. -==== You can proceed to install the Multicloud GitOps pattern by using the web console or from command line by using the script `./pattern.sh` script. -To install the Multicloud GitOps pattern by using the the web console you must first install the Validated Patterns Operator. The Validated Patterns Operator installs and manages Validated Patterns. +To install the Multicloud GitOps pattern by using the web console you must first install the Validated Patterns Operator. The Validated Patterns Operator installs and manages Validated Patterns. //Include Procedure module here [id="installing-validated-patterns-operator_{context}"] == Installing the {validated-patterns-op} using the web console .Prerequisites -* Access to an {ocp} cluster using an account with `cluster-admin` permissions. +* Access to an {ocp} cluster by using an account with `cluster-admin` permissions. .Procedure @@ -202,7 +197,7 @@ The {validated-patterns-op} is successfully installed in the relevant namespace. . Under the *Details* tab, in the *Provided APIs* section, in the *Pattern* box, click *Create instance* that displays the *Create Pattern* page. -. On the the *Create Pattern* page, select *Form view* and enter information in the following fields: +. On the *Create Pattern* page, select *Form view* and enter information in the following fields: ** *Name* - A name for the pattern deployment that is used in the projects that you created. ** *Labels* - Apply any other labels you might need for deploying this pattern. @@ -217,12 +212,12 @@ To know the cluster group name for the patterns that you want to deploy, check t + [NOTE] ==== -A pop up may throw up an error `"Oh no! Something went wrong`. It is safe to ignore this as the install of the Multicloud GitOps pattern appears unaffected. Watch the ArgoCD instances from the *Hub ArgoCD* UI in the nines menu. They will report progressing/healthy etc. on each of the apps they manage. The *Cluster Argo CD* will have the detailed status on each of the apps defined as such in the clustergroup values file. +A pop-up error with the message "Oh no! Something went wrong." might appear during the process. This error can be safely disregarded as it does not impact the installation of the Multicloud GitOps pattern. Use the Hub ArgoCD UI, accessible through the nines menu, to check the status of ArgoCD instances, which will display states such as progressing, healthy, and so on, for each managed application. The Cluster ArgoCD provides detailed status on each application, as defined in the clustergroup values file. ==== The {rh-gitops} Operator displays in list of *Installed Operators*. The {rh-gitops} Operator installs the remaining assets and artifacts for this pattern. To view the installation of these assets and artifacts, such as {rh-rhacm-first}, ensure that you switch to *Project:All Projects*. -The `config-demo` project when viewed through the *Hub ArgoCD* UI from the nines menu is stuck in a `Degraded` state. This is the expected behavior when installing using the OpenShift Container Platform console. +When viewing the `config-demo` project through the Hub `ArgoCD` UI from the nines menu, it appears stuck in a Degraded state. This is the expected behavior when installing using the OpenShift Container Platform console. * To resolve this you need to run the following to load the secrets into the vault: + @@ -278,7 +273,7 @@ $ ./pattern.sh make install + image::multicloud-gitops/multicloud-gitops-argocd.png[Multicloud GitOps Hub] -As part of installing by using the script `pattern.sh` pattern, HashiCorp Vault is installed. Running `./pattern.sh make install` also calls the `load-secrets` makefile target. This `load-secrets` target looks for a yaml file describing the secrets to be loaded into vault and in case it cannot find one it will use the `values-secret.yaml.template` file in the git repo to try and generate random secrets. +As part of installing by using the script `pattern.sh` pattern, HashiCorp Vault is installed. Running `./pattern.sh make install` also calls the `load-secrets` makefile target. This `load-secrets` target looks for a YAML file describing the secrets to be loaded into vault and in case it cannot find one it will use the `values-secret.yaml.template` file in the git repository to try to generate random secrets. For more information, see section on https://validatedpatterns.io/secrets/vault/[Vault]. @@ -290,7 +285,7 @@ Verify that the *hello-world* application deployed successfully as follows: . From the *Project:* drop down select the *hello-world* project. -. Click on the *Location URL*. This should reveal the following: +. Click the *Location URL*. This should reveal the following: + [source,terminal] ---- @@ -306,7 +301,7 @@ Verify that the *config-demo* application deployed successfully as follows: . Select the *config-demo* *Project*. -. Click on the *Location URL*. This should reveal the following: +. Click the *Location URL*. This should reveal the following: + [source,terminal] ---- diff --git a/content/learn/getting-started-secret-management.adoc b/content/learn/getting-started-secret-management.adoc index 280799801..04c3b8128 100644 --- a/content/learn/getting-started-secret-management.adoc +++ b/content/learn/getting-started-secret-management.adoc @@ -14,11 +14,11 @@ include::modules/comm-attributes.adoc[] == What are secrets -Secrets refer to any piece of sensitive information that should not be exposed publicly or handled insecurely. This can include passwords, private keys, certificates (particularly the private parts), database connection strings, and other confidential data. +Sensitive information referred to as secrets should not be exposed publicly or handled insecurely. This can include passwords, private keys, certificates (particularly the private parts), database connection strings, and other confidential data. A simple way to think of secrets is as anything that security teams or responsible system administrators would ensure stays protected and not published in a public space. -Secrets are crucial for the functioning of applications for example database passwords or cache keys. Without access to these secrets, applications may fail or operate in a significantly impaired manner. +Secrets are crucial for the functioning of applications for example database passwords or cache keys. Without access to these secrets, applications might fail or operate in a significantly impaired manner. Secrets often vary between different deployments of the same application for example separate load balancer certificates for different instances. Using the same secret across multiple deployments is generally discouraged as it increases the risk of exposure @@ -26,7 +26,7 @@ Applications often need secrets to run correctly, making them indispensable. Rem == How Validated Patterns implements secrets management -Validated Patterns supports the tokenization approach for secret management. Tokenization involves keeping actual secret values out of version control (for example git) by using tokens or references that can pull secrets from secure storage during runtime. The real secrets are pulled from an external storage system at runtime. +Validated Patterns supports the tokenization approach for secret management. Tokenization involves keeping actual secret values out of version control (for example git) by using tokens or references that can pull secrets from secure storage during runtime. An external storage system pulls the real secrets at runtime. This approach requires integration with external secret management systems some examples of which are HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, and CyberArk's Conjur. @@ -40,7 +40,7 @@ ESO [NOTE] ==== -As of December 12, 2023, ESO is not officially supported by Red Hat as a product. +As of November 15, 2024, ESO is not officially supported by Red Hat as a product. ==== ESO's custom file format and utilities streamlines secret management by allowing file references and supporting encrypted secret storage. The design prioritizes security through multi-layer encryption and simplifies key management. In particular the ini key type is especially helpful for handling AWS credentials, where mismanagement could lead to unauthorized use and potential financial or operational issues. @@ -57,7 +57,7 @@ Secret management in validated patterns follows GitOps best practices while main . Access the Vault instance deployed by the pattern. -.. Click on the nine box in the UI, choose the *Vault* and you are taken to the Vault’s UI. +.. Click the nine box in the UI, choose the *Vault* and you are taken to the Vault’s UI. .. Log in with the root token from the vaultkeys secret in the imperative space. Retrieve this be running the following command: + diff --git a/content/learn/quickstart.adoc b/content/learn/quickstart.adoc index a8e237ff4..64d2f68c8 100644 --- a/content/learn/quickstart.adoc +++ b/content/learn/quickstart.adoc @@ -13,7 +13,7 @@ include::modules/comm-attributes.adoc[] This validated pattern quickstart offers a streamlined guide to deploying predefined, reliable configurations and applications, ensuring they meet established standards. It provides step-by-step instructions on setup, prerequisites, and configuration, enabling administrators to deploy tested, supportable patterns quickly. These patterns simplify complex deployments by applying reusable configurations suited to various infrastructure and application needs, allowing users to efficiently deploy, manage, and scale applications with GitOps. This approach also reduces the risks and time associated with custom configurations. -There are two ways to deploy validated patterns: through the OpenShift-based Validated Patterns framework or the Ansible GitOps Framework (AGOF). The OpenShift-based validated patterns framework is the most common method for deploying applications and infrastructure on the OpenShift Container Platform. It offers a set of predefined configurations and patterns that follow best practices and are validated by Red Hat. +Validated patterns can be deployed using either the OpenShift-based Validated Patterns framework or the Ansible GitOps Framework (AGOF). The OpenShift-based validated patterns framework is the most common method for deploying applications and infrastructure on the OpenShift Container Platform. It offers a set of predefined configurations and patterns that follow best practices and are validated by Red Hat. == Getting Started with Validated Patterns diff --git a/content/learn/vp_agof.adoc b/content/learn/vp_agof.adoc index b1637bf91..9c1b52401 100644 --- a/content/learn/vp_agof.adoc +++ b/content/learn/vp_agof.adoc @@ -256,7 +256,7 @@ This command invokes the `controller_configuration` `dispatch` role on the contr .Verification -The default installation provides an AAP 2.4 installation deployed using the containerized installer, with services deployed this way: +The default installation provides an AAP 2.4 installation deployed by using the containerized installer, with services deployed this way: .agof_vault settings [cols="30%,70%",options="header"] @@ -274,7 +274,7 @@ a| EDA Automation Controller |=== -Once the install completes, you will have a project, an inventory (consisting of the AAP controller), a credential (the private key from ec2), a job template (which runs a fact gather on the AAP controller) and a schedule that will run the job template every 5 minutes, +Once the install completes, you will have a project, an inventory (consisting of the AAP controller), a credential (the private key from ec2), a job template (which runs a fact gather on the AAP controller) and a schedule that will run the job template every 5 minutes. . Log in to `https://aap.{{ ec2_name_prefix }}.{{ domain }}:8443` with the username `admin` and the password as configured in `admin_password` field of `agof_vault.yml`. @@ -294,7 +294,7 @@ In this method, you provide an existing Ansible Automation Platform (AAP) Contro You supply the manifest contents, endpoint hostname, admin username (defaults to "admin"), and admin password, and then the installation hands off to a `controller_config_dir` you define. -* Run the following command to install using this method: +* Run the following command to install by using this method: + [source,terminal] ---- From 9b89fa6c418ca15c45dba3ae54afd10e1d80b73b Mon Sep 17 00:00:00 2001 From: Kevin Quinn Date: Mon, 18 Nov 2024 12:56:33 +0000 Subject: [PATCH 26/28] Adding SME review feedback --- content/learn/importing-a-cluster.adoc | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/content/learn/importing-a-cluster.adoc b/content/learn/importing-a-cluster.adoc index ba5798ace..9373e1513 100644 --- a/content/learn/importing-a-cluster.adoc +++ b/content/learn/importing-a-cluster.adoc @@ -24,17 +24,21 @@ To deploy a cluster that can be imported into RHACM, use the `openshift-install` == Importing a cluster using the RHACM User Interface -=== Getting to the RHACM user interface +After ACM is installed a message regarding a "Web console update is available" is displayed. Follow this guidance to import a cluster: -After ACM is installed a message regarding a "Web console update is available" will be displayed. Click on the "Refresh web console" link. +. Access the the RHACM user interface by clicking the "Refresh web console" link. -On the upper-left side you'll see a pull down labeled "local-cluster". Select "All Clusters" from this pull down. This will navigate to the RHACM console and to its "Clusters" section +. On the upper-left side you'll see a pull down labeled "local-cluster". Select "All Clusters" from this pull down. This will navigate to the RHACM console and to its "Clusters" section -Select the "Import cluster" option. +. Select the "Import an existing cluster" option. -=== Importing the cluster +. On the "Import an existing cluster" page, enter the cluster name (arbitrary) and choose `Kubeconfig` as the `Import mode`. -On the "Import an existing cluster" page, enter the cluster name (arbitrary) and choose Kubeconfig as the "import mode". Add the tag `clusterGroup=` using the appropriate cluster group specified in the pattern. Press `Import`. +. Add the Additional label `clusterGroup=` using the appropriate cluster group specified in the pattern. + +. Click `Next`. Optionally choose an automation template to run Ansible jobs at different stages of the cluster lifecycle. + +. Click `Next` and on the review screen click `Import` to successfully import the cluster. Using this method, you are done. Skip to the section in your pattern documentation that describes how you can confirm the pattern deployed correctly on the managed cluster. From fd57e3b7523d2548fbf50891f8df153de7fda1ff Mon Sep 17 00:00:00 2001 From: Kevin Quinn Date: Mon, 18 Nov 2024 14:24:57 +0000 Subject: [PATCH 27/28] Adding hello --- content/learn/importing-a-cluster.adoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/content/learn/importing-a-cluster.adoc b/content/learn/importing-a-cluster.adoc index 9373e1513..73e3d239e 100644 --- a/content/learn/importing-a-cluster.adoc +++ b/content/learn/importing-a-cluster.adoc @@ -14,6 +14,8 @@ include::modules/comm-attributes.adoc[] [id="importing-a-cluster"] == Importing a managed cluster +hello + Many validated patterns require importing a cluster into a managed group. These groups have specific application sets that will be deployed and managed. Some examples are factory clusters in the Industrial Edge pattern, or development clusters in Multi-cluster DevSecOps pattern. Red Hat Advanced Cluster Management (RHACM) can be used to create a cluster of a specific cluster group type. You can deploy a specific cluster that way if you have RHACM set up with credentials for deploying clusters. However in many cases an OpenShift cluster has already been created and will be imported into the set of clusters that RHACM is managing. From c9fbff94d8a12050f9ca521e5ab8f667e2f93b7f Mon Sep 17 00:00:00 2001 From: Kevin Quinn Date: Mon, 18 Nov 2024 14:55:59 +0000 Subject: [PATCH 28/28] Adding merge review feedback 4 --- content/learn/importing-a-cluster.adoc | 2 -- 1 file changed, 2 deletions(-) diff --git a/content/learn/importing-a-cluster.adoc b/content/learn/importing-a-cluster.adoc index 73e3d239e..9373e1513 100644 --- a/content/learn/importing-a-cluster.adoc +++ b/content/learn/importing-a-cluster.adoc @@ -14,8 +14,6 @@ include::modules/comm-attributes.adoc[] [id="importing-a-cluster"] == Importing a managed cluster -hello - Many validated patterns require importing a cluster into a managed group. These groups have specific application sets that will be deployed and managed. Some examples are factory clusters in the Industrial Edge pattern, or development clusters in Multi-cluster DevSecOps pattern. Red Hat Advanced Cluster Management (RHACM) can be used to create a cluster of a specific cluster group type. You can deploy a specific cluster that way if you have RHACM set up with credentials for deploying clusters. However in many cases an OpenShift cluster has already been created and will be imported into the set of clusters that RHACM is managing.