From fc8e0c9aed906906e95ef1d953dfeaad6d9fc61f Mon Sep 17 00:00:00 2001 From: Karl Cardenas Date: Mon, 25 Mar 2024 14:54:58 -0700 Subject: [PATCH] docs: PEM-4073 (#2472) --- .../install-on-kubernetes/install.md | 10 ++++++- .../install-on-kubernetes/vertex-helm-ref.md | 26 ++++++++++++------- .../install-on-vmware/install.md | 11 +++++++- 3 files changed, 35 insertions(+), 12 deletions(-) diff --git a/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/install.md b/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/install.md index 09c0ac4885..2a578be9b4 100644 --- a/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/install.md +++ b/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/install.md @@ -393,7 +393,7 @@ your environment. Reach out to our support team if you need assistance. | `config.installationMode` | The installation mode for VerteX. The values can be `connected` or `airgap`. Set this value to `airgap`. | string | | `ociPackEcrRegistry` or `ociPackRegistry` | The OCI registry credentials for the VerteX FIPS packs repository. If you are using a Harbor registry, use the `ociPackRegistry` parameter block but ensure you have the OCI registry CA available. | object | | `ociImageRegistry` | The OCI registry credentials for the VerteX images repository. | object | - | `ociImageRegistry.ca` | If you are using a self-hosted OCI, such as Harbor, ensure you provide the CA. If you are using AWS ECR, you can leave this parameter empty. | string | + | `ociImageRegistry.ca` | If you are using a self-hosted OCI, such as Harbor, ensure you provide the CA in PEM format. If you are using AWS ECR, you can leave this parameter empty. | string | | `ociImageRegistry.mirrorRegistries` | Replace the placeholder string with the respective values of your OCI registry repository that is hosting the images. | | `imageSwapConfig.isEKSCluster` | Set this value to `false` if you are NOT installing VerteX on an EKS cluster. | boolean | | `scar` | Specify your HTTP file server values. If your HTTP file server requires credentials ensure the provided values are base64 encoded. Example of the string "admin" in base64 encoding - `YWRtaW4=`. | object | @@ -403,6 +403,14 @@ your environment. Reach out to our support team if you need assistance. Save the **values.yaml** file after you have populated the required parameters mentioned in the table. Expand the following sections to review an example of the **values.yaml** file with the required parameters highlighted. + :::warning + + Palette VerteX does not support insecure connections. Ensure you have the Certificate Authority (CA) available, in + PEM format, when using a custom packs and image registry. Otherwise, VerteX will not be able to pull packs and + images from the registry. Use the `caCert` parameter to provide the base64-encoded CA certificate. + + ::: +
Example - values.yaml diff --git a/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/vertex-helm-ref.md b/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/vertex-helm-ref.md index 427dc5923b..9dd7cc31cb 100644 --- a/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/vertex-helm-ref.md +++ b/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/vertex-helm-ref.md @@ -189,7 +189,13 @@ registries for Palette VerteX to download the required images. You must configur (OCI) registry for Palette VerteX. You must also provide the credentials for the Spectro Cloud Artifact Repository (SCAR) to download the required FIPS images. -
+:::warning + +Palette VerteX does not support insecure connections. Ensure you have the Certificate Authority (CA) available, in PEM +format, when using a custom packs and image registry. Otherwise, VerteX will not be able to pull packs and images from +the registry. Use the `caCert` parameter to provide the base64-encoded CA certificate. + +::: ### OCI Registry @@ -207,15 +213,15 @@ for additional guidance on how to add the required FIPS packs to your OCI regist ::: -| **Parameters** | **Description** | **Type** | **Default value** | -| ------------------------------------ | -------------------------------------------------------------------------------------------------------------- | -------- | ----------------- | -| `ociPackRegistry.endpoint` | The endpoint URL for the registry. | String | `""` | -| `ociPackRegistry.name` | The name of the registry. | String | `""` | -| `ociPackRegistry.password` | The base64-encoded password for the registry. | String | `""` | -| `ociPackRegistry.username` | The username for the registry. | String | `""` | -| `ociPackRegistry.baseContentPath` | The base path for the registry. | String | `""` | -| `ociPackRegistry.insecureSkipVerify` | Specifies whether to skip Transport Layer Security (TLS) verification for the registry connection. | Boolean | `false` | -| `ociPackRegistry.caCert` | The registry's base64-encoded certificate authority (CA) certificate. Required for self-hosted OCI registries. | String | `""` | +| **Parameters** | **Description** | **Type** | **Default value** | +| ------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ----------------- | +| `ociPackRegistry.endpoint` | The endpoint URL for the registry. | String | `""` | +| `ociPackRegistry.name` | The name of the registry. | String | `""` | +| `ociPackRegistry.password` | The base64-encoded password for the registry. | String | `""` | +| `ociPackRegistry.username` | The username for the registry. | String | `""` | +| `ociPackRegistry.baseContentPath` | The base path for the registry. | String | `""` | +| `ociPackRegistry.insecureSkipVerify` | Specifies whether to skip Transport Layer Security (TLS) verification for the registry connection. VerteX requires the CA for registries that use a self-signed certificate. | Boolean | `false` | +| `ociPackRegistry.caCert` | The registry's base64-encoded certificate authority (CA) certificate. Required for self-hosted OCI registries. | String | `""` | ```yaml config: diff --git a/docs/docs-content/vertex/install-palette-vertex/install-on-vmware/install.md b/docs/docs-content/vertex/install-palette-vertex/install-on-vmware/install.md index 929d8f830a..7691851908 100644 --- a/docs/docs-content/vertex/install-palette-vertex/install-on-vmware/install.md +++ b/docs/docs-content/vertex/install-palette-vertex/install-on-vmware/install.md @@ -75,7 +75,15 @@ before proceeding with the installation. Refer to the Self-hosted Palette VerteX installations provide a system Private Cloud Gateway (PCG) out-of-the-box and typically do not require a separate, user-installed PCG. However, you can create additional PCGs as needed to support provisioning into remote data centers that do not have a direct incoming connection from the Palette console. To learn how to install -a PCG on VMware, check out the [VMware](../../../clusters/data-center/vmware.md) guide. +a PCG on VMware, check out the [Deploy to VMware vSphere](../../../clusters/pcg/deploy-pcg/vmware.md) guide. + +::: + +:::warning + +Palette VerteX does not support insecure connections. Ensure you have the Certificate Authority (CA) available, in PEM +format, when using a custom packs and image registry. Otherwise, VerteX will not be able to pull packs and images from +the registry. The Palette CLI will prompt you to provide the CA certificate file path when necessary. ::: @@ -154,6 +162,7 @@ Use the following steps to install Palette VerteX. - Non-Airgap: `https://saas-repo-fips.console.spectrocloud.com` - Airgap: The URL or IP address of the Spectro Cloud Repository that is provided to you by the airgap setup script. + Make sure to specify the file path to the CA certificate when prompted. 9. Enter the repository credentials. Our support team provides the credentials you need to access the public Spectro Cloud repository. Airgap installations, provide the credentials to your private repository provided to you by the