diff --git a/docs/docs-content/integrations/external-dns.md b/docs/docs-content/integrations/external-dns.md
index e4f0ee19e1..bd6fa7f460 100644
--- a/docs/docs-content/integrations/external-dns.md
+++ b/docs/docs-content/integrations/external-dns.md
@@ -6,48 +6,18 @@ type: "integration"
hide_table_of_contents: true
category: ["load balancers", "amd64"]
sidebar_class_name: "hide-from-sidebar"
-logoUrl: "https://registry.spectrocloud.com/v1/external-dns/blobs/sha256:1bfd6dceb0b50efee4068cd6321511f6b24be86e2d613e0a8206e716ba7aea3f?type=image.webp"
tags: ["packs", "external-dns", "network"]
---
-The integration helps configure public DNS servers with information about Kubernetes services to make them discoverable.
-
-## Prerequisites
-
-Providers have to be set up for this pack to get deployed and work seamlessly. For a list of supported providers and the
-prerequisites to be set up, visit [providers](https://github.com/kubernetes-sigs/external-dns#status-of-providers)
-section
-
## Versions Supported
-
+
-- **0.13.1**
-- **0.12.2**
-
-
-
-
-- **0.7.2**
-
-
-
-
-
-## Components
-
-Integration deploys the following components:
-
-- External DNS
-
-## ExternalDNS for Services on AWS Route53 Example
+### AWS Route53
-### Setup prerequisites for AWS Route53
-
-- Create the following IAM policy in the AWS account. This is needed for externalDNS to list and create Route53
- resources.
+To use ExternalDNS with AWS Route53, you need to create an IAM policy and role with the following permissions.
```json
{
@@ -67,100 +37,77 @@ Integration deploys the following components:
}
```
+You also need to meet the following prerequisites:
+
- Create an IAM role and associate the policy created above. Make a note of the role ARN which will be used in
ExternalDNS deployment later
-- Setup hosted zone in AWS Route53
+
+- Setup hosted zone in AWS Route53. Use the following command to create a hosted zone in Route53 using the AWS CLI.
+
```bash
- # Create a DNS zone through AWS CLI
aws route53 create-hosted-zone --name "external-dns-test.my-org.com." --caller-reference "external-dns-test-$(date +%s)"
```
-### Deploy ExternalDNS on the cluster
-
-- Add ExternalDNS pack to the desired profile and deploy it to the cluster. You may want to configure the following in
- pack values.yaml
-
- - Configure AWS provider details (line #86)
-
- - Credentials, Zone Type
- - AssumeRoleArn with the Role ARN created above
-
- - Configure txtOwnerId with the ID of the hosted zone created above (line #366)
- ```bash
- aws route53 list-hosted-zones-by-name --output json --dns-name "external-dns-test.my-org.com." | jq -r '.HostedZones[0].Id'
- ```
- - Optionally change externalDNS policy and logLevel
-
-### Deploy Ingress Controller on the cluster
-
-- Deploy one of the Ingress Controller on the cluster
-
-### Deploy Applications with Ingress on the cluster
-
-- Add Prometheus-Operator addon to the same profile where ExternalDNS is added
-
- - Change serviceType to ClusterIP (line #408)
- - Enable Ingress for the add-on packs. In this example, let us use Prometheus-Operator integration. Ingress config for
- Grafana will look like the following:
-
- ```yaml
- #Ingress config
- ingress:
- ## If true, Grafana Ingress will be created
- ##
- enabled: true
+
+
- hosts:
- - grafana.external-dns-test.my-org.com
+### AWS Route53
- ## Path for grafana ingress
- path: /
- ```
+To use ExternalDNS with AWS Route53, you need to create an IAM policy and role with the following permissions.
- When Prometheus-Operator gets deployed in the Cluster, Ingress resource for Grafana will also get created and will
- look like
+```json
+{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Action": ["route53:ChangeResourceRecordSets"],
+ "Resource": ["arn:aws:route53:::hostedzone/*"]
+ },
+ {
+ "Effect": "Allow",
+ "Action": ["route53:ListHostedZones", "route53:ListResourceRecordSets"],
+ "Resource": ["*"]
+ }
+ ]
+}
+```
- ```yaml
- apiVersion: extensions/v1beta1
- kind: Ingress
- metadata:
- name: grafana-ingress
- namespace: monitoring
- spec:
- rules:
- - host: grafana.external-dns-test.my-org.com
- http:
- paths:
- - backend:
- serviceName: grafana
- servicePort: 80
- path: /
- status:
- loadBalancer:
- ingress:
- - hostname: a9a2eadb64c8e4c2fb37a1f69afb0a30-330939473.us-west-2.elb.amazonaws.com
- ```
+You also need to meet the following prerequisites:
-### Verify ExternalDNS (Ingress example)
+- Create an IAM role and associate the policy created above. Make a note of the role ARN which will be used in
+ ExternalDNS deployment later
-- If all goes well, after 2 minutes, ExternalDNS would have inserted 2 records on your hosted zone
+- Setup hosted zone in AWS Route53. Use the following command to create a hosted zone in Route53 using the AWS CLI.
```bash
- aws route53 list-resource-record-sets --output json --hosted-zone-id "/hostedzone/ZEWFWZ4R16P7IB" \
- --query "ResourceRecordSets[?Name == 'grafana.external-dns-test.my-org.com.']|[?Type == 'A']"
+ aws route53 create-hosted-zone --name "external-dns-test.my-org.com." --caller-reference "external-dns-test-$(date +%s)"
```
-- After which, if you access http://grafana.external-dns-test.my-org.com on your browser, you will be able to view the
- Grafana login page
+
+
+
### Troubleshooting
-- Make sure Ingress resource gets created for the Applications deployed and a LoadBalancer hostname / IP address is set
- on the Ingress resource
+- Make sure an _Ingress_ resource gets created for the applications deployed and a _LoadBalancer_ hostname or IP address
+ is set on the Ingress resource
+
- Check the `external-dns` pod for any issues with ExternalDNS not inserting records. If required, change `logLevel` to
debug to see additional info on the logs
-## References
+## Terraform
-- [External DNS Home](https://github.com/kubernetes-sigs/external-dns)
-- [External DNS Helm Chart](https://github.com/bitnami/charts/tree/master/bitnami/external-dns)
+You can reference the External DNS pack in Terraform with the following data resource.
+
+```hcl
+data "spectrocloud_registry" "palette_registry" {
+ name = "Palette Registry"
+}
+
+data "spectrocloud_pack" "external-dns" {
+ name = "external-dns"
+ version = "0.13.6
+ registry_uid = data.spectrocloud_registry.palette_registry.id
+}
+```
diff --git a/docs/docs-content/integrations/external-secrets-operator.md b/docs/docs-content/integrations/external-secrets-operator.md
index ca263a2dd4..717b025ea1 100644
--- a/docs/docs-content/integrations/external-secrets-operator.md
+++ b/docs/docs-content/integrations/external-secrets-operator.md
@@ -10,40 +10,116 @@ logoUrl: "https://registry.spectrocloud.com/v1/external-secrets-operator/blobs/s
tags: ["packs", "external-secrets-operator", "security"]
---
-External Secrets Operator (ESO) is a Kubernetes operator that integrates external secret management systems like AWS
-Secrets Manager, HashiCorp Vault, Google Secrets Manager, or Azure Key Vault. The operator reads information from
-external APIs and automatically injects the values into a Kubernetes Secret.
+## Versions Supported
-You can use the External-Secrets-Operator Add-on pack as an authenticator in Palette.
+
+
-:::info
+#### Example Configuration
-Starting from Palette version 3.1, Palette no longer supports upgrades to Kubernetes External Secrets since this is
-reaching end of life. Migrate or switch to using External Secrets operator instead.
+```yml
+apiVersion: [external-secrets.io/v1beta1](http://external-secrets.io/v1beta1)
+kind: ExternalSecret
+metadata:
+ name: vault-example # Custom name
+spec:
+ refreshInterval: "15s"
+ secretStoreRef:
+ name: vault-backend # Custom value
+ kind: SecretStore
+ target:
+ name: mysecretfoobar
+ data:
+ - secretKey: foobar
+ remoteRef:
+ key: secret/foo # custom value
+ property: my-value # custom value
-:::
+```
-## Versions Supported
+```yml
+apiVersion: external-secrets.io/v1beta1
+kind: SecretStore
+metadata:
+ name: custom-name
+spec:
+ provider:
+ vault:
+ server: "http://12.34.567.133:0000" # custom server end point
+ path: "secret" # custom path
+ version: "v2" # custom version
+ auth:
+ # points to a secret that contains a vault token
+ # https://www.vaultproject.io/docs/auth/token
+ tokenSecretRef:
+ name: "vault-token1" # Custom name and key
+ key: "token1"
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: vault-token1
+data:
+ token: cm9vdA== # "root" # custome value
+```
-
+
-- **0.7.1**
-- **0.6.0**
+#### Example Configuration
-
+```yml
+apiVersion: [external-secrets.io/v1beta1](http://external-secrets.io/v1beta1)
+kind: ExternalSecret
+metadata:
+ name: vault-example # Custom name
+spec:
+ refreshInterval: "15s"
+ secretStoreRef:
+ name: vault-backend # Custom value
+ kind: SecretStore
+ target:
+ name: mysecretfoobar
+ data:
+ - secretKey: foobar
+ remoteRef:
+ key: secret/foo # custom value
+ property: my-value # custom value
-
+```
-- **0.5.6**
+```yml
+apiVersion: external-secrets.io/v1beta1
+kind: SecretStore
+metadata:
+ name: custom-name
+spec:
+ provider:
+ vault:
+ server: "http://12.34.567.133:0000" # custom server end point
+ path: "secret" # custom path
+ version: "v2" # custom version
+ auth:
+ # points to a secret that contains a vault token
+ # https://www.vaultproject.io/docs/auth/token
+ tokenSecretRef:
+ name: "vault-token1" # Custom name and key
+ key: "token1"
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: vault-token1
+data:
+ token: cm9vdA== # "root" # custome value
+```
-
-### Sample SecretStore
+
-
+#### Example Configuration
```yml
apiVersion: [external-secrets.io/v1beta1](http://external-secrets.io/v1beta1)
@@ -65,10 +141,6 @@ spec:
```
-### Sample ExternalSecret YAML file
-
-
-
```yml
apiVersion: external-secrets.io/v1beta1
kind: SecretStore
@@ -95,8 +167,21 @@ data:
token: cm9vdA== # "root" # custome value
```
-## References
+
+
+
+## Terraform
+
+You can reference the External Secrets Operator pack in Terraform with the following data resource.
-- [Amazon IAM-Policy-Examples-ASM-Secrets](https://docs.aws.amazon.com/mediaconnect/latest/ug/iam-policy-examples-asm-secrets.html)
+```hcl
+data "spectrocloud_registry" "palette_registry" {
+ name = "Palette Registry"
+}
-- [External Secrets](https://github.com/external-secrets/external-secrets)
+data "spectrocloud_pack" "external-secrets-operator" {
+ name = "external-secrets-operator"
+ version = "0.9.16"
+ registry_uid = data.spectrocloud_registry.palette_registry.id
+}
+```
diff --git a/docs/docs-content/integrations/falco.md b/docs/docs-content/integrations/falco.md
index 15787d9a98..028b5d3563 100644
--- a/docs/docs-content/integrations/falco.md
+++ b/docs/docs-content/integrations/falco.md
@@ -6,27 +6,18 @@ hide_table_of_contents: true
type: "integration"
category: ["security", "amd64"]
sidebar_class_name: "hide-from-sidebar"
-logoUrl: "https://registry.spectrocloud.com/v1/falco/blobs/sha256:4e37461d0a31959ca8af65128329750ca3417e883e7e4ba17ee085b01a383a27?type=image.webp"
tags: ["packs", "falco", "security"]
---
-Falco integration is a behavioral activity monitor designed to detect anomalous activity in your applications. You can
-use Falco to monitor the run-time security of your Kubernetes applications and internal components.
-
## Versions Supported
-
+
-- **1.16.3**
-
-- **1.0.11**
-- **1.0.10**
-
@@ -37,6 +28,18 @@ use Falco to monitor the run-time security of your Kubernetes applications and i
-## References
+## Terraform
+
+You can reference the Falco pack in Terraform with the following data resource.
+
+```hcl
+data "spectrocloud_registry" "palette_registry" {
+ name = "Palette Registry"
+}
-- [Falco Helm Chart GitHub](https://github.com/falcosecurity/charts/tree/master/charts/falco)
+data "spectrocloud_pack" "external-dns" {
+ name = "falco"
+ version = "2.0.18"
+ registry_uid = data.spectrocloud_registry.palette_registry.id
+}
+```
diff --git a/docs/docs-content/integrations/fluentbit.md b/docs/docs-content/integrations/fluentbit.md
deleted file mode 100644
index 6911243f53..0000000000
--- a/docs/docs-content/integrations/fluentbit.md
+++ /dev/null
@@ -1,28 +0,0 @@
----
-sidebar_label: "Fluentbit"
-title: "Fluentbit"
-description: "Fluentbit Monitoring pack in Spectro Cloud"
-hide_table_of_contents: true
-type: "integration"
-category: ["logging", "amd64"]
-sidebar_class_name: "hide-from-sidebar"
-logoUrl: "https://registry.spectrocloud.com/v1/fluentbit/blobs/sha256:012fbab20e3427b6c1f6a73d2ea0b4cc43cf60991774c4800ddf3e23c4b64544?type=image.webp"
-tags: ["packs", "fluentbit", "logging"]
----
-
-Fluent-Bit is a multi-platform log forwarder. The default integration will help forward logs from the Kubernetes cluster
-to an external ElasticSearch cluster
-
-## Version
-
-- **1.9.6**
-
-## Contents
-
-Fluent-Bit is installed as a DaemonSet & so, an instance of fluent-bit will be running on all the nodes in the cluster.
-
-## References
-
-- [Fluentbit Docs](https://docs.fluentbit.io/manual)
-
-- [Fluentbit GitHub](https://github.com/fluent/fluent-bit)
diff --git a/docs/docs-content/integrations/gatekeeper.md b/docs/docs-content/integrations/gatekeeper.md
new file mode 100644
index 0000000000..2f34d9b333
--- /dev/null
+++ b/docs/docs-content/integrations/gatekeeper.md
@@ -0,0 +1,54 @@
+---
+sidebar_label: "OpenPolicyAgent"
+title: "Open Policy Agent"
+description: "OpenPolicyAgent security pack in Spectro Cloud"
+hide_table_of_contents: true
+type: "integration"
+category: ["security", "amd64", "arm64"]
+sidebar_class_name: "hide-from-sidebar"
+logoUrl:
+ 'https://registry.dev.spectrocloud.com/v1/open-policy-agent/blobs/sha256:fcbad202dc9ca5e7a756562d8f9fc180ee77474034447dabc302d8a5a2bbe148?type=image.webp"
+ alt="OpenPolicyAgent logo'
+tags: ["packs", "open-policy-agent", "security"]
+---
+
+## Versions Supported
+
+
+
+
+
+
+
+
+
+**3.7.0**
+
+
+
+
+
+
+
+
+
+
+
+
+
+## Terraform
+
+You can retrieve details about the Gatekeeper pack by using the following Terraform code.
+
+```hcl
+data "spectrocloud_registry" "public_addon_registry" {
+ name = "Spectro Addon Repo"
+}
+
+data "spectrocloud_pack_simple" "gatekeeper" {
+ name = "gatekeeper"
+ version = "3.8.0"
+ type = "helm"
+ registry_uid = data.spectrocloud_registry.public_addon_registry.id
+}
+```
diff --git a/docs/docs-content/integrations/generic-vm-libvirt.md b/docs/docs-content/integrations/generic-vm-libvirt.md
index 2f8a63d580..fc1dad786c 100644
--- a/docs/docs-content/integrations/generic-vm-libvirt.md
+++ b/docs/docs-content/integrations/generic-vm-libvirt.md
@@ -10,30 +10,16 @@ logoUrl: "https://registry.spectrocloud.com/v1/generic-vm-libvirt/blobs/sha256:2
tags: ["packs", "generic-vm-libvirt", "system app"]
---
-Generic-VM-Libvirt is a Palette Add-on pack used to simplify deploying the virtual machine applications from a cluster
-profile or a system profile. Generic-VM-Libvirt extracts all Terraform constructs inside the pack and exposes nothing
-but the values. Users will then have the ability to modify the add-on pack for the different applications.
+## Versions Supported
-## Version Supported
-
-
+
-- **1.0.2**
-- **1.0.0**
-
-
-
-
-
-
-## Configuring Palette Generic VM Libvirt Add-on
+### Configure VM Libvirt Add-on
To configure the Generic-VM-Libvirt add-on pack for the application cluster, begin by editing the manifest namespace
value.
-`cluster-{{ .spectro.system.cluster.uid }}`
-
**Example**
```yaml
@@ -41,21 +27,15 @@ namespace: jet-system
```
If multiple instances of this pack have to be deployed on the cluster for different virtual machine applications, then
-modify '`spectrocloud.com/display-name`' and '`releaseNameOverride`' with distinctive names to make it unique across all
-the packs in the cluster.
-
-
+modify `spectrocloud.com/display-name` and `releaseNameOverride` with distinctive names to make it unique across all the
+packs in the cluster.
```yaml
spectrocloud.com/display-name: vm-app-1
releaseNameOverride:
```
-
-
-## Generic-VM-Libvirt Pack Manifest
-
-
+### Generic-VM-Libvirt Pack Manifest
```yaml
pack:
@@ -174,14 +154,12 @@ charts:
# echo "I am post exec"
```
-## Virtual Machine Hooks
+### Virtual Machine Hooks
The Generic-VM-Libvirt pack supports various hooks, while deploying VM applications and supports multiple use-cases of
customizing workflow, as customers require.
-
-
-## Using preExecCmd and postExecCmd
+#### preExecCmd and postExecCmd
The **preExecCmd** and **postExecCmd** commands will be executed in every pod reconciliation. The loop runs at
approximately a 2-minute interval.
@@ -189,8 +167,6 @@ approximately a 2-minute interval.
If you want to run the command or script only, whenever the virtual machine is getting created or after the virtual
machine is destroyed, use **preVMInitCmd** and **postVMInitCmd**, respectively.
-
-
```yaml
preExecCmd: "bash /var/files/pre-exec.sh"
```
@@ -199,17 +175,13 @@ preExecCmd: "bash /var/files/pre-exec.sh"
postExecCmd: "bash /var/files/pre-exec.sh"
```
-
-
-## Using preVMInitCmd and postVMInitCmd
+#### preVMInitCmd and postVMInitCmd
The **preVMInitCmd** command is executed, only when the virtual machine is being created or recreated. Likewise, the
**postVMInitCmd** command is executed only after the virtual machine is created or recreated.
**Note**: These commands will not be executed in each reconciliation.
-
-
```yaml
preVMInitCmd: "echo 'Hey! Hang on tight. I am gonna create a VM.'"
```
@@ -218,42 +190,30 @@ preVMInitCmd: "echo 'Hey! Hang on tight. I am gonna create a VM.'"
postVMInitCmd: "echo 'Ooho! VM is created.'"
```
-
-
-## Using preVMDestroyCmd
+### preVMDestroyCmd
Any command or script provided in this virtual machine hook will execute before the VM gets destroyed. It will be
executed only when the VM is being deleted. A virtual machine deletion can happen for any reason, like changing anything
in cloud-init or removing the pack from the profile.
-
-
```yaml
preVMDestroyCmd: ""
```
-
-
:::info
During a first-time deployment, preVMDestroyCmd will not be invoked. However, if there is any change in
cloud-init, then the VM resource will be recreated, preVMDestroyCmd will be invoked before deleting the VM, and once
preVMDestroyCmd is executed successfully, only then will the VM resource be deleted.
-
-
Once the virtual machine is deleted and before another virtual machine is created, preVMInitCmd will be invoked.
:::
-
-
-## Files
+### Files
Files presented in this section will be added to the pod, where the pre-and-post exec hooks are executed.
-
-
```yaml
files:
- name: pre-exec.sh
@@ -270,16 +230,12 @@ extraDomainHclConfig: |
}
```
-
-
-## Mounts
+### Mounts
Mount the data inside the existing configuration maps or secrets into the pod as files, where pre-and-post hooks are
executed. This allows the data present in the configuration map or the secrets file to be accessible while running
pre-and-post exec hooks.
-
-
```yaml
mounts:
configMap:
@@ -294,16 +250,12 @@ mounts:
path: /data/system-config-2
```
-
-
-## Environment Variables
+### Environment Variables
The ENVS section can inject data inside the existing config maps or secrets into the pod as environment variables, where
pre-and post-hooks are executed so that data present in the config map or the secret file can be accessed while running
pre-and-post exec hooks.
-
-
```yaml
envs:
configMap:
@@ -316,6 +268,22 @@ envs:
dataKey: "db.password"
```
-## References
+
+
+
+## Terraform
-- [Libvirt Apps](https://libvirt.org/apps.html)
+You can retrieve details about the Generic-VM-Libvirt pack by using the following Terraform code.
+
+```hcl
+data "spectrocloud_registry" "public_registry" {
+ name = "Public Repo"
+}
+
+data "spectrocloud_pack_simple" "gatekeeper" {
+ name = "generic-vm-libvirt"
+ version = "1.0.6"
+ type = "helm"
+ registry_uid = data.spectrocloud_registry.public_registry.id
+}
+```
diff --git a/docs/docs-content/integrations/generic-vm-vsphere.md b/docs/docs-content/integrations/generic-vm-vsphere.md
index 2fae567fda..a0e66cc3d8 100644
--- a/docs/docs-content/integrations/generic-vm-vsphere.md
+++ b/docs/docs-content/integrations/generic-vm-vsphere.md
@@ -6,34 +6,22 @@ hide_table_of_contents: true
type: "integration"
category: ["system app", "amd64"]
sidebar_class_name: "hide-from-sidebar"
-logoUrl: "https://registry.spectrocloud.com/v1/generic-vm-vsphere/blobs/sha256:3b121dca3cbc7fed0153d3e1c8c3df20076ec200e091085a3a281ba08cb2261e?type=image.webp"
tags: ["packs", "generic-vm-vsphere", "system app"]
---
-Generic-VM-vSphere is a Palette Add-on pack used to simplify deploying the virtual machine resource from a cluster
-profile or a system profile. Generic-VM-vSphere extracts all Terraform constructs inside the pack and exposes nothing
-but the values. Users will then have the ability to modify the add-on pack for the different applications.
+## Versions Supported
-
-
-## Version Supported
-
-
+
-- **1.0.4**
-- **1.0.0**
-
-
-
## Configuring Generic-VM-vSphere
To configure the Generic-VM-vSphere Add-on pack for the application cluster, the namespace value should be as follows:
-`cluster-{{ .spectro.system.cluster.uid }}`
+`cluster-{{ .spectro.system.cluster.uid }}`
```yaml
namespace: cluster-{{ .spectro.system.cluster.uid }}
@@ -43,20 +31,13 @@ If multiple instances of this pack has to be deployed on the cluster for differe
modify '`spectrocloud.com/display-name`' and '`releaseNameOverride`' with different names to make it unique across all
the packs in the cluster.
-
-
```yaml
spectrocloud.com/display-name: vm-app-1
releaseNameOverride:
```
-
-
-
## Generic-VM-vSphere Pack Manifest
-
-
```yaml
pack:
# for app cluster, namespace value should be "cluster-{{ .spectro.system.cluster.uid }}"
@@ -201,8 +182,6 @@ charts:
The Generic-VM-vSphere pack supports various hooks while deploying VM applications and supports multiple use-cases of
customizing workflow, as customers require.
-
-
## Using extraVMHclConfig
The extraVMHclConfig command can be used to provide an extra configuration in the virtual machine and the configuration
@@ -223,8 +202,6 @@ approximately a 2-minute interval.
**preExecCMD** and **postVMInitCmd** are used to execute commands or scripts prior to virtual machine creation and after
virtual machine creation respectively.
-
-
```yaml
preExecCmd: "bash /var/files/pre-exec.sh"
```
@@ -233,8 +210,6 @@ preExecCmd: "bash /var/files/pre-exec.sh"
postExecCmd: "bash /var/files/pre-exec.sh"
```
-
-
## Using preVMInitCmd and postVMInitCmd
The **preVMInitCmd** command is executed, only when the virtual machine is being created or recreated. Likewise, the
@@ -242,8 +217,6 @@ The **preVMInitCmd** command is executed, only when the virtual machine is being
**Note**: These commands will not be executed in each reconciliation.
-
-
```yaml
preVMInitCmd: "echo 'Hey! Hang on tight. I am gonna create a VM.'"
```
@@ -252,45 +225,32 @@ preVMInitCmd: "echo 'Hey! Hang on tight. I am gonna create a VM.'"
postVMInitCmd: "echo 'Ooho! VM is created.'"
```
-
-
## Using preVMDestroyCmd
Any command or script provided in this virtual machine hook will execute before the virtual machine is destroyed. It
will be executed only when the VM is getting deleted. A virtual machine deletion can happen for any reason, like
changing anything in cloud-init or removing the pack from the profile.
-
-
```yaml
preVMDestroyCmd: ""
```
-
-
:::info
During a first-time deployment, preVMDestroyCmd won't be invoked. However, if there is any change in cloud-init,
then the VM resource will be recreated, preVMDestroyCmd will be invoked before deleting the VM, and once preVMDestroyCmd
is executed successfully, only then the VM resource will be deleted.
-
-
Once the VM is deleted and before another virtual machine is created, preVMInitCmd will be invoked.
:::
-
-
-
## Mounts
Mount the data inside the existing configuration map or secret into the pod as files, where pre-and-post hooks are
executed. This allows the data present in the configuration map or the secrets file to be accessible while running
pre-and-post exec hooks.
-
-
```yaml
mounts:
configMap:
@@ -305,16 +265,12 @@ mounts:
# path: /data/system-config-2
```
-
-
## Environment Variables
The ENVS section can inject data inside the existing config maps or secrets into the pod as environment variables, where
pre-and post-hooks are executed so that data present in the config map or the secret file can be accessed while running
pre-and-post exec hooks.
-
-
```yaml
envs:
configMap:
@@ -327,15 +283,11 @@ envs:
# dataKey: "db.password"
```
-
-
## Files
Files present in this section will be added to the pod and will be accessible while executing pre-and-post execution
hooks and absolute file path would be '/var/files/\'.
-
-
```yaml
files:
# - name: pre-exec.sh
@@ -348,4 +300,19 @@ files:
# echo "I am post exec"
```
-
+## Terraform
+
+You can retrieve details about the Generic-VM-Libvirt pack by using the following Terraform code.
+
+```hcl
+data "spectrocloud_registry" "public_registry" {
+ name = "Public Repo"
+}
+
+data "spectrocloud_pack_simple" "gatekeeper" {
+ name = "generic-vm-vsphere"
+ version = "1.0.10"
+ type = "helm"
+ registry_uid = data.spectrocloud_registry.public_registry.id
+}
+```
diff --git a/docs/docs-content/integrations/opa-gatekeeper.md b/docs/docs-content/integrations/opa-gatekeeper.md
deleted file mode 100644
index 65d913db4d..0000000000
--- a/docs/docs-content/integrations/opa-gatekeeper.md
+++ /dev/null
@@ -1,71 +0,0 @@
----
-sidebar_label: "OpenPolicyAgent"
-title: "Open Policy Agent"
-description: "OpenPolicyAgent security pack in Spectro Cloud"
-hide_table_of_contents: true
-type: "integration"
-category: ["security", "amd64", "arm64"]
-sidebar_class_name: "hide-from-sidebar"
-logoUrl:
- 'https://registry.dev.spectrocloud.com/v1/open-policy-agent/blobs/sha256:fcbad202dc9ca5e7a756562d8f9fc180ee77474034447dabc302d8a5a2bbe148?type=image.webp"
- alt="OpenPolicyAgent logo'
-tags: ["packs", "open-policy-agent", "security"]
----
-
-Palette users can leverage the **Open Policy Agent (OPA) Gatekeeper** to strengthen the security administration of
-Kubernetes environment. The major motivation behind the deployment is admission customization via configurations without
-code. Gatekeeper provides an admission control system based on policies or rules implemented through parameterized and
-admin configurable constraints. Palette supports **Gatekeeper v3.0**.
-
-The major features of OPA are:
-
-- **Validating Admission Control**
-- **Policies and Constraints**
- - **Sample Policies**:
- - All namespaces must have a label that lists a point-of-contact.
- - All pods must have an upper bound for resource usage.
- - All images must be from an approved repository.
- - Services must all have globally unique selectors.
- - **Constraint Properties**
- - AND-ed together
- - Schema validation
- - Selection semantics
-- **Audit**: The periodical evaluation of resources against constraints.
-- **Data Replication**: Constraints to be compared against other objects in the cluster.
-
-## Versions Supported
-
-
-
-
-
-- **3.11.0**
-- **3.9.0**
-
-
-
-
-
-**3.7.0**
-
-
-
-
-
-**3.6.0**
-
-
-
-
-
-**3.5.1**
-
-
-
-
-
-## References
-
-- [Open Policy Agent Documentation](https://open-policy-agent.github.io/gatekeeper/website/docs)
-
-- [Open Policy Agent GitHub](https://github.com/open-policy-agent/gatekeeper)
diff --git a/src/components/IconMapper/IconMapper.tsx b/src/components/IconMapper/IconMapper.tsx
index fdcdfe2e7e..54180d2590 100644
--- a/src/components/IconMapper/IconMapper.tsx
+++ b/src/components/IconMapper/IconMapper.tsx
@@ -24,7 +24,6 @@ import OsIcon from "@site/static/assets/packs/os_layer.svg";
import ServiceMeshIcon from "@site/static/assets/packs/service_mesh_layer.svg";
import MonitoringIcon from "@site/static/assets/packs/monitoring_layer.svg";
import CsiIcon from "@site/static/assets/packs/csi_layer.svg";
-import IntegrationIcon from "@site/static/assets/packs/integration_layer.svg";
import LoggingIcon from "@site/static/assets/packs/logging_layer.svg";
import LoadBalancerIcon from "@site/static/assets/packs/load_balancer_layer.svg";
import IngressIcon from "@site/static/assets/packs/ingress_layer.svg";
diff --git a/src/components/PacksReadme/PacksReadme.tsx b/src/components/PacksReadme/PacksReadme.tsx
index 5500b72c7d..96aa1d5d02 100644
--- a/src/components/PacksReadme/PacksReadme.tsx
+++ b/src/components/PacksReadme/PacksReadme.tsx
@@ -146,16 +146,39 @@ export default function PacksReadme() {
return packData.versions.find((tagVersion) => tagVersion.children.find((child) => child.title === version));
}
+ function compareVersions(v1: string, v2: string): number {
+ const v1Parts = v1.split(".").map(Number);
+ const v2Parts = v2.split(".").map(Number);
+
+ for (let i = 0; i < Math.max(v1Parts.length, v2Parts.length); i++) {
+ const v1Part = v1Parts[i] || 0;
+ const v2Part = v2Parts[i] || 0;
+
+ if (v1Part < v2Part) {
+ return 1;
+ }
+ if (v1Part > v2Part) {
+ return -1;
+ }
+ }
+
+ return 0;
+ }
+
function renderVersionOptions() {
- return packData.versions.map((tagVersion) => ({
- value: tagVersion.title,
- title: tagVersion.title,
- selectable: false,
- children: tagVersion.children.map((child) => ({
- value: `${child.title}===${child.packUid}`,
- title: {child.title},
- })),
- }));
+ return packData.versions
+ .sort((a, b) => compareVersions(a.title, b.title))
+ .map((tagVersion) => ({
+ value: tagVersion.title,
+ title: tagVersion.title,
+ selectable: false,
+ children: tagVersion.children
+ .sort((a, b) => compareVersions(a.title, b.title))
+ .map((child) => ({
+ value: `${child.title}===${child.packUid}`,
+ title: {child.title},
+ })),
+ }));
}
function renderTabs() {
diff --git a/static/packs-data/packs_information.json b/static/packs-data/packs_information.json
index 2c44deffb1..f2fa62a210 100644
--- a/static/packs-data/packs_information.json
+++ b/static/packs-data/packs_information.json
@@ -367,6 +367,66 @@
"name": "csi-aws-ebs",
"description": "The Amazon Elastic Block Store Container Storage Interface (CSI) Driver provides a CSI interface used by Container Orchestrators to manage the lifecycle of Amazon EBS volumes."
},
+ {
+ "name": "elastic-fluentd-kibana",
+ "description": "This pack deploys an Elasticsearch, Fluentd and Kibana stack. Elasticsearch is a distributed, RESTful search and analytics engine capable of solving a growing number of use cases. Fluentd is an open-source data collector for unified logging layer. Kibana is an open-source data visualization dashboard for Elasticsearch."
+ },
+ {
+ "name": "elastic-operator",
+ "description": "Elastic Cloud on Kubernetes automates the deployment, provisioning, management, and orchestration of Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash on Kubernetes based on the operator pattern."
+ },
+ {
+ "name": "elastic-stack",
+ "description": "Elastic Cloud on Kubernetes automates the deployment, provisioning, management, and orchestration of Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, and Logstash on Kubernetes based on the operator pattern."
+ },
+ {
+ "name": "external-dns",
+ "description": "ExternalDNS makes Kubernetes resources discoverable via public DNS servers. Like KubeDNS, it retrieves a list of resources, such as Services, Ingresses, etc, from the Kubernetes API to determine a desired list of DNS records. Unlike KubeDNS, however, it's not a DNS server but configures other DNS providers accordingly, such as AWS Route 53 or Google Cloud DNS. In a broader sense, ExternalDNS allows you to control DNS records dynamically via Kubernetes resources in a DNS provider-agnostic way."
+ },
+ {
+ "name": "external-secrets",
+ "description": "External Secrets is a tool integrates external secret management systems like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault, IBM Cloud Secrets Manager, CyberArk Conjur and many more. The operator reads information from external APIs and automatically injects the values into a Kubernetes Secret."
+ },
+ {
+ "name": "external-secrets-operator",
+ "description": "External Secrets Operator is a Kubernetes operator that integrates external secret management systems like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault, IBM Cloud Secrets Manager, CyberArk Conjur and many more. The operator reads information from external APIs and automatically injects the values into a Kubernetes Secret."
+ },
+ {
+ "name": "external-snapshotter",
+ "description": "External Snapshotter is a Kubernetes controller that watches Kubernetes Snapshot CRD objects and triggers CreateSnapshot/DeleteSnapshot against a CSI endpoint. It is used to create and delete volume snapshots in a Kubernetes cluster."
+ },
+ {
+ "name": "falco",
+ "description": "Falco is a cloud-native security tool designed for Linux systems. It employs custom rules on kernel events, which are enriched with container and Kubernetes metadata, to provide real-time alerts. Falco helps you gain visibility into abnormal behavior, potential security threats, and compliance violations, contributing to comprehensive runtime security."
+ },
+ {
+ "name": "falcon-sensor",
+ "description": "Falcon is the CrowdStrike platform purpose-built to stop breaches via a unified set of cloud-delivered technologies that prevent all types of attacks — including malware and more. "
+ },
+ {
+ "name": "f5",
+ "description": "F5 provides protocol and application traffic awareness for intelligent load balancing decisions. This pack deploys the F5 BIG-IP Controller for Kubernetes, which integrates with the F5 BIG-IP platform to provide advanced traffic management and security services for applications running in Kubernetes."
+ },
+ {
+ "name": "fluentbit",
+ "description": "Fluent Bit is a fast, lightweight, and highly scalable logging and metrics processor and forwarder. Fluentbit can process Kubernetes containers logs from the file system or Systemd/Journald. Enrich logs with Kubernetes Metadata, and centralize your logs in third party storage services like Elasticsearch, InfluxDB, HTTP, etc."
+ },
+ {
+ "name": "flux-cd",
+ "description": "Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration, such as Git repositories, and automating updates to configuration when there is new code to deploy. Flux is built from the ground up to use Kubernetes' API extension system, and to integrate with Prometheus and other core components of the Kubernetes ecosystem. Flux supports multi-tenancy and support for syncing an arbitrary number of Git repositories."
+ },
+ {
+ "name": "gatekeeper",
+ "description": "Gatekeeper is a validating and mutating webhook that enforces CRD-based policies executed by Open Policy Agent, a policy engine for Cloud Native environments hosted by CNCF."
+ },
+ {
+ "name": "generic-vm-libvirt",
+ "description": "Generic-VM-Libvirt is a Palette Add-on pack used to simplify deploying the virtual machine applications from a cluster profile or a system profile. Generic-VM-Libvirt extracts all Terraform constructs inside the pack and exposes nothing but the values. Users will then have the ability to modify the add-on pack for the different applications."
+ },
+ {
+ "name": "generic-vm-vsphere",
+ "description": "Generic-VM-vSphere is a Palette Add-on pack used to simplify deploying the virtual machine resource from a cluster profile or a system profile. Generic-VM-vSphere extracts all Terraform constructs inside the pack and exposes nothing but the values. Users will then have the ability to modify the add-on pack for the different applications."
+ },
{
"name": "kubernetes-microk8s",
"description": "MicroK8s is a lightweight CNCF-certified Kubernetes distribution developed by Canonical. It deploys all Kubernetes services in a single, fully contained package and offers out-of-the-box add-ons."