diff --git a/README.adoc b/README.adoc index 6158ce44c..8d2d89092 100644 --- a/README.adoc +++ b/README.adoc @@ -47,7 +47,7 @@ NOTE: You can also pair a toolchain-e2e PR with a PR from the https://github.com ==== Running in a Development Environment -See the procedure to install the Dev Sandbox in a development environment link:dev_install.adoc[here]. +See the procedure to install the Dev Sandbox in a development environment https://kubesaw.github.io/contributing/[here]. === Running End-to-End Tests diff --git a/dev_install.adoc b/dev_install.adoc deleted file mode 100644 index 7100101f5..000000000 --- a/dev_install.adoc +++ /dev/null @@ -1,141 +0,0 @@ -= Dev Sandbox Development Install - -This document describes how to install Dev Sandbox in a development environment. - -== Prereqs - -=== OpenShift Cluster -Ensure you have access to an OpenShift 4.6+ cluster with cluster admin privileges and log in using `oc login` - -=== Required Tools -Install the link:required_tools.adoc[required tools]. - -=== Authentication -Configure authentication for the cluster using one of the following options: - -Option #1: Contact a member of the Dev Sandbox Team for instructions on how to configure the cluster to use our internal Dev SSO. + -Option #2: Configure your own Keycloak server and set up authentication on the OpenShift cluster: https://docs.openshift.com/container-platform/4.6/authentication/configuring-internal-oauth.html - - -Option #3: Deploy and configure keycloak internally as part of the cluster. Just add `DEV_SSO=true` parameter to the `dev` targets. For eg.: `make dev-deploy-latest DEV_SSO=true` will deploy latest version of the operators with a preconfigured keycloak instance and one default keycloak user `user1@user.us` with password `user1`. -If you are presented with the following error, then you need to accept the self-signed certificate of the dev Keycloak instance first. Go to `https://keycloak-./auth (the complete link is printed out at the end of the command) and accept the certificate.: - -:imagesdir: doc/images -image::insecure_keycloak.png[align="center"] - -NOTE: This third option *only works with OCP and CRC* clusters atm. - -== Install - -=== Remove Self Provisioner Role - -It is strongly recommended to remove the self-provisioner role to disallow users from creating their own namespaces. This is because the Dev Sandbox is designed to create/manage namespaces for users automatically. It creates these namespaces based on predefined templates that also define resource limits so only these namespaces should be accessible to Dev Sandbox users. - -Run the following commands: -``` -oc patch clusterrolebinding.rbac self-provisioners -p '{"subjects": null, "metadata": {"annotations":{"rbac.authorization.kubernetes.io/autoupdate": "false"}}}' -oc adm policy remove-cluster-role-from-group self-provisioner system:authenticated:oauth -``` - -=== Install Dev Sandbox -Clone this repository + -`+git clone git@github.com:codeready-toolchain/toolchain-e2e.git+` - -This repository provides you multiple Makefile targets that you can use - it depends on which version of Dev Sandbox operators you want to install. - -NOTE: If the cluster is an OSD cluster, then set the variable `IS_OSD=true` when running any of the Makefile targets (for example: `make appstudio-dev-deploy-latest IS_OSD=true`). - -IMPORTANT: Make note of the Registration Service URL that is printed at the end of the target execution. - -==== Latest greatest Dev Sandbox -Run the following to install the latest greatest Sandbox operators in dev mode: -``` -make dev-deploy-latest -``` - -==== Latest greatest Dev Sandbox for AppStudio -Run the following to install the latest greatest Sandbox operators in dev mode for AppStudio environment: -``` -make appstudio-dev-deploy-latest -``` - -==== Local version -If you want to install a local version of any of the Sandbox operators in dev mode then: - -. link:quay.adoc[Configure your quay account for dev deployment] -. Run any from the following commands: -```bash -# To deploy local versions of all repositories: -make dev-deploy-e2e-local - -# To deploy local version only of the host-operator repo: -make dev-deploy-e2e-host-local - -# To deploy local version only of the member-operator repo: -make dev-deploy-e2e-member-local - -# To deploy local version only of the registration-service repo: -make dev-deploy-e2e-registration-local -``` - -=== ToolchainStatus -. Run `oc get toolchainstatus -n toolchain-host-operator` and ensure the Ready status is `True` -+ -``` -NAME MURS READY LAST UPDATED -toolchain-status 0 True 2021-03-24T22:39:36Z -``` - -. Open the Registration Service URL in a browser and sign up for an account. - -. Wait for the message "Your OpenShift Developer Sandbox account is waiting for approval" - -image::https://user-images.githubusercontent.com/20015929/114627893-01845d00-9c84-11eb-848e-0f85a1b3c01f.png[] - -=== Approve The User - -==== Manual Approval - -Manual approval means each usersignup must be approved by editing the usersignup resource for a particular user. - -. Run the following command to get the name of the usersignup resource: + -`oc get usersignup` + -+ -The name should be a UUID eg. 66e54c45-9868-4a25-81ca-d56b600c8491 - -. Approve the usersignup -+ -``` -oc patch usersignup -p '{"spec":{"states":["approved"]}}' --type=merge -n -``` - -==== Automatic Approval - -Automatic approval means enabling automatic approval in the Dev Sandbox configuration. Users will be automatically approved and provisioned without admin intervention. - -. Enable automatic approval -+ -``` -oc patch ToolchainConfig -p '{"spec":{"host":{"automaticApproval":{"enabled":true}}}}' --type=merge config -n -``` - -=== Using the Sandbox - -After approval the registration service will display a link to start using the Sandbox. The link will go to the user's Dev Console, but first, a login page will appear with two options.: - -Option #1: _kube:admin_ + -Option #2: The authentication method configured in the <> step - -image::https://user-images.githubusercontent.com/20015929/114628295-a141eb00-9c84-11eb-8be3-45f013e19378.png[] -Select option 2 and log in using the same account used from the <> step. - -After logging in a user will have access to only the namespaces created for them. - -== Cleanup -=== Remove Only Users and Their Namespaces - -Run `make clean-users` - -=== Remove All Sandbox-related Resources - -Run `make clean-e2e-resources` diff --git a/doc/images/insecure_keycloak.png b/doc/images/insecure_keycloak.png deleted file mode 100644 index 2b29f3cf3..000000000 Binary files a/doc/images/insecure_keycloak.png and /dev/null differ