From ce2b773bec003e48acdaf9b332fe83b55f124c25 Mon Sep 17 00:00:00 2001 From: Simon Howe Date: Fri, 11 Mar 2022 17:29:46 +1100 Subject: [PATCH] Initial instructions on how to configure TLS in enterprise --- website/docs/enterprise/configuration.mdx | 47 ----------------------- website/docs/enterprise/tls.mdx | 35 +++++++++++++++++ website/docs/enterprise/upgrading.mdx | 4 +- 3 files changed, 37 insertions(+), 49 deletions(-) delete mode 100644 website/docs/enterprise/configuration.mdx create mode 100644 website/docs/enterprise/tls.mdx diff --git a/website/docs/enterprise/configuration.mdx b/website/docs/enterprise/configuration.mdx deleted file mode 100644 index a3fccf6e7c..0000000000 --- a/website/docs/enterprise/configuration.mdx +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: Configuration -sidebar_position: 2 ---- - -## Ingress - -[Ingress configuration while upgrading](./upgrading.mdx#81-ingress) - -## Git repository - -[Configuring the Git repository while upgrading](./upgrading.mdx#82-git-repository-configuration) - -## Database - -WGE stores incoming data from the connected clusters to a relational database. It supports **SQLite** and **PostgreSQL**. - -By default **SQLite** will be used, backed by a `PersistentVolumeClaim` with the default `StorageClass`. - -### Postgres - -Using a PostgreSQL database does not require any additional setup on the cluster side. The following details are however needed in order to connect: - -- Database server hostname -- Database name -- Database user - The database user requires admin privileges on the database server as it will automatically create the necessary schema. -- Database password - -The database credentials (user and password) need to be provided separately, before -installing the chart, as a secret. Run the following command to create a secret: - -```bash -$ kubectl create secret generic wge-db-credentials \ - --namespace wego-system \ - --from-literal=username= \ - --from-literal=password= -``` - -We can then update the `values` configmap: - -```yaml -dbConfig: - databaseType: postgres - databaseURI: - postgresConfig: - databaseName: -``` diff --git a/website/docs/enterprise/tls.mdx b/website/docs/enterprise/tls.mdx new file mode 100644 index 0000000000..d6c05dbbf9 --- /dev/null +++ b/website/docs/enterprise/tls.mdx @@ -0,0 +1,35 @@ +--- +title: OIDC Integration +sidebar_position: 5 +--- + +import TierLabel from "../_components/TierLabel"; + +# TLS + +By default the UI is served over https. A self-signed Certificate and Key are generated by the clusters-service when it starts. + +## Disabling TLS in clusters-service + +If you are doing SSL termination in another ingress controller you can disable tls in the clusters-service. Update the weave-gitops-enterprise `HelmRelease` values: + +``` +tls: + enabled: false +``` + +## Providing your own Certificates and Keys to the clusters-service + +Create a kubernetes `tls` secret that contains your TLS certs and update the weave-gitops-enterprise + +Update the weave-gitops-enterprise `HelmRelease` tls section and provide the name of the tls secret: + +``` +tls: + enabled: true + secretName: my-tls-secret +``` + +### `cert-manager` + +Install cert-manager and request a `Certificate` in the `wego-system` namespace. Provide the name of secret associated with the certificate to the weave-gitops-enterprise HelmRelease as described above. diff --git a/website/docs/enterprise/upgrading.mdx b/website/docs/enterprise/upgrading.mdx index 1b0867b4ff..e732c835e4 100644 --- a/website/docs/enterprise/upgrading.mdx +++ b/website/docs/enterprise/upgrading.mdx @@ -280,10 +280,10 @@ A **Pull Request** will be created against your cluster repository. **Review and You should now be able to load the WGE UI: ```bash -kubectl port-forward --namespace wego-system deployments.apps/weave-gitops-enterprise-nginx-ingress-controller 8000:80 +kubectl port-forward --namespace wego-system svc/clusters-service 8000:8000 ``` -The WGE UI should now be accessible at [http://localhost:8000](http://localhost:8000). +The WGE UI should now be accessible at [https://localhost:8000](https://localhost:8000). ### 7. Connect the management cluster up to itself