Skip to content

Commit

Permalink
Merge branch 'main' into tk/rest-api-overview-page
Browse files Browse the repository at this point in the history
  • Loading branch information
@KMajkrzakOctopus
KMajkrzakOctopus authored Apr 11, 2024
2 parents 191bb1e + 76748d4 commit 82a1fe9
Show file tree
Hide file tree
Showing 7 changed files with 51 additions and 41 deletions.
8 changes: 7 additions & 1 deletion dictionary-octopus.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ Bento
bootstrap
bootstrapped
bootstrapper
changeit
childelement
choco
cicd
Expand Down Expand Up @@ -54,6 +55,7 @@ dockerhub
DONTVALIDATEPATH
dpkg
Dspring
Elyton
emptytitle
Fargate
feedcred
Expand Down Expand Up @@ -81,6 +83,7 @@ hyperthreading
IMDS
inetmgr
inetsrv
inkey
internalcustomer
Istio
istioctl
Expand All @@ -90,7 +93,9 @@ itemtype
ITSM
jwks
keyrings
kubeconfig
Kubelet
kubelogin
kustomization
kustomize
lastmod
Expand Down Expand Up @@ -161,6 +166,7 @@ rehype
reindexing
releaseprogression
remoting
replicasets
reprioritize
reprovisioned
reprovisioning
Expand Down Expand Up @@ -232,4 +238,4 @@ octopusbob
servername
octopusdemos
sqlcmd
sqlvolume
sqlvolume
6 changes: 3 additions & 3 deletions src/pages/docs/administration/managing-infrastructure/subscriptions/index.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
layout: src/layouts/Default.astro
pubDate: 2023-01-01
modDate: 2023-01-01
modDate: 2023-04-10
title: Subscriptions
description: Subscriptions allow you to subscribe to events that are happening within Octopus, so you can be notified when events have occurred and react accordingly.
navOrder: 1600
Expand Down Expand Up @@ -55,7 +55,7 @@ A subscription with the filters:
That filter is translated to look for events where the category is Deployment Started AND for the environments Staging OR Production AND for the project Hello World.
:::

You can read more about getting started with notifications in our [Getting Started guide](docs/getting-started/best-practices/notifications).
You can read more about getting started with notifications in our [Getting Started guide](/docs/getting-started/best-practices/notifications).

:::div{.hint}
**Dates and Timezone**
Expand Down Expand Up @@ -113,7 +113,7 @@ While we make every effort to ensure events are only ever sent *once* to a given
:::


## Event visibility and permissions {#Subscriptions-EventVisibilityandPermissions}
## Event visibility and permissions {#Subscriptions-Event-Visibility-and-Permissions}

Because certain teams may be restricted to only see certain events, subscriptions give you the ability to scope to one or more teams. Teams may be restricted to certain criteria, such as project(s) and/or environment(s). Combine these restrictions with team roles and you can successfully control which events get seen for a given subscription. See more information on [Managing Users and Teams](/docs/security/users-and-teams/) as well as our [User Roles](/docs/security/users-and-teams/user-roles) documentation if you wish to learn more.

Expand Down
6 changes: 3 additions & 3 deletions src/pages/docs/deployments/certificates/wildfly-certificate-import.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
layout: src/layouts/Default.astro
pubDate: 2023-01-01
modDate: 2023-01-01
modDate: 2024-04-10
title: Import certificates into WildFly and JBoss EAP
description: Configure WildFly or JBoss EAP with a certificate managed by Octopus.
navOrder: 50
Expand Down Expand Up @@ -158,9 +158,9 @@ The `Elytron server SSL context name` defines the name of the Elytron SSL Contex
:::

:::div{.hint}
You can find more information of the Elytron subsystem components in the [WildFly documentation](https://docs.jboss.org/author/display/WFLY/Using+the+Elytron+Subsystem#UsingtheElytronSubsystem-onewayapps).
You can find more information of the Elytron subsystem components in the [WildFly documentation](https://docs.jboss.org/author/display/WFLY/Elytron%20Subsystem.html).
:::

## Configuration file backups

Before any changes are made to the WildFly or JBoss EAP configurations, a `:take-snapshot` command is run. This will create a backup file in the `domain/configuration/standalone_xml_history/snapshot` or `standaline/configuration/standalone_xml_history/snapshot` directory.
Before any changes are made to the WildFly or JBoss EAP configurations, a `:take-snapshot` command is run. This will create a backup file in the `domain/configuration/standalone_xml_history/snapshot` or `standalone/configuration/standalone_xml_history/snapshot` directory.
4 changes: 2 additions & 2 deletions src/pages/docs/deployments/deployment-freezes.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
layout: src/layouts/Default.astro
pubDate: 2024-03-25
modDate: 2024-03-25
modDate: 2024-04-10
title: Deployment freezes
description: Deployment freezes allow you to pause deployments for a specified time range
navOrder: 170
Expand Down Expand Up @@ -83,5 +83,5 @@ As this is an early access feature, we are aware of some flaws in the UI when as
## Learn more

- [Projects](/docs/projects/)
- [Environments](/docs/infrastructure/environments/index)
- [Environments](/docs/infrastructure/environments)
- Learn more about our concept of [Spaces](/docs/administration/spaces)
58 changes: 31 additions & 27 deletions src/pages/docs/infrastructure/deployment-targets/kubernetes-target/index.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
layout: src/layouts/Default.astro
pubDate: 2023-01-01
modDate: 2023-01-01
modDate: 2024-03-04
title: Kubernetes cluster
description: How to configure a Kubernetes cluster as a deployment target in Octopus
navOrder: 50
Expand Down Expand Up @@ -45,30 +45,30 @@ A number of the fields in this configuration file map directly to the fields in
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUV5REN...
certificate-authority-data: XXXXXXXXXXXXXXXX...
server: https://kubernetes.example.org:443
name: k8scluster
name: k8s-cluster
contexts:
- context:
cluster: k8scluster
user: k8suser
name: k8suser
current-context: k8scluster
cluster: k8s-cluster
user: k8s_user
name: k8s_user
current-context: k8s-cluster
kind: Config
preferences: {}
users:
- name: k8suser
- name: k8s_user
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tL...
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS0FJQkFBS0...
token: 1234567890abcdefghijkl
- name: k8suser2
client-certificate-data: XXXXXXXXXXXXXXXX...
client-key-data: XXXXXXXXXXXXXXXX...
token: 1234567890xxxxxxxxxxxxx
- name: k8s_user2
user:
password: some-password
username: exp
- name: k8suser3
- name: k8s_user3
user:
token: 1234567890abcdefghijkl
token: 1234567890xxxxxxxxxxxxx
```
## Add a Kubernetes target
Expand Down Expand Up @@ -129,7 +129,7 @@ users:
C:\OpenSSL-Win32\bin\openssl pkcs12 `
-passout pass: `
-export `
-out certificateandkey.pfx `
-out certificate_and_key.pfx `
-in certificate.crt `
-inkey private.key
```
Expand All @@ -140,7 +140,7 @@ users:
openssl pkcs12 \
-passout pass: \
-export \
-out certificateandkey.pfx \
-out certificate_and_key.pfx \
-in certificate.crt \
-inkey private.key
```
Expand All @@ -158,25 +158,29 @@ Decoding the `certificate-authority-data` field results in a string that looks s

```
-----BEGIN CERTIFICATE-----
MIIEyDCCArCgAwIBAgIRAOBNYnhYDBamTvQn...
XXXXXXXXXXXXXXXX...
-----END CERTIFICATE-----
```

Save this text to a file called `ca.pem`, and upload it to the [Octopus certificate management area](https://oc.to/CertificatesDocumentation). The certificate can then be selected in the `cluster certificate authority` field.

9. Enter the Kubernetes Namespace.
When a single Kubernetes cluster is shared across environments, resources deployed to the cluster will often be separated by environment and by application, team, or service. In this situation, the recommended approach is to create a namespace for each application and environment (e.g., `myapplication-development` and `my-application-production`), and create a Kubernetes service account that has permissions to just that namespace.
When a single Kubernetes cluster is shared across environments, resources deployed to the cluster will often be separated by environment and by application, team, or service. In this situation, the recommended approach is to create a namespace for each application and environment (e.g., `my-application-development` and `my-application-production`), and create a Kubernetes service account that has permissions to just that namespace.

Where each environment has its own Kubernetes cluster, namespaces can be assigned to each application, team or service (e.g. `myapplication`).
Where each environment has its own Kubernetes cluster, namespaces can be assigned to each application, team or service (e.g. `my-application`).

In both scenarios, a target is then created for each Kubernetes cluster and namespace. The `Target Role` tag is set to the application name (e.g. `myapplication`), and the `Environments` are set to the matching environment.
In both scenarios, a target is then created for each Kubernetes cluster and namespace. The `Target Role` tag is set to the application name (e.g. `my-application`), and the `Environments` are set to the matching environment.

When a Kubernetes target is used, the namespace it references is created automatically if it does not already exist.

10. Select a worker pool for the target.
To make use of the Kubernetes steps, the Octopus Server or workers that will run the steps need to have the `kubectl` executable installed. Linux workers also need to have the `jq`, `xargs` and `base64` applications installed.
11. Click **SAVE**.

:::div{.warning}
Setting the Worker Pool directly on the Deployment Target will override the Worker Pool defined in a Deployment Process.
:::

## Create service accounts

The recommended approach to configuring a Kubernetes target is to have a service account for each application and namespace.
Expand Down Expand Up @@ -271,7 +275,7 @@ The token can then be saved as a Token Octopus account, and assigned to the Kube
Kubernetes targets use the `kubectl` executable to communicate with the Kubernetes cluster. This executable must be available on the path on the target where the step is run. When using workers, this means the `kubectl` executable must be in the path on the worker that is executing the step. Otherwise the `kubectl` executable must be in the path on the Octopus Server itself.

## Vendor Authentication Plugins
Prior to `kubectl` version 1.26, the logic for authenticating against various cloud providers (eg Azure Kubernetes Services, Google Kubernetes Engine) was included "in-tree" in `kubetcl`. From version 1.26 onward, the cloud-vendor specific authentication code has been removed from `kubectl`, in favor of a plugin approach.
Prior to `kubectl` version 1.26, the logic for authenticating against various cloud providers (eg Azure Kubernetes Services, Google Kubernetes Engine) was included "in-tree" in `kubectl`. From version 1.26 onward, the cloud-vendor specific authentication code has been removed from `kubectl`, in favor of a plugin approach.

What this means for your deployments:

Expand Down Expand Up @@ -337,7 +341,7 @@ kubectl version --client --output=yaml
# Write a custom kube config. This is useful when you have a config that works, and you want to confirm it works in Octopus.
Write-Host "Health check with custom config file"
Set-Content -Path "myconfig.yml" -Value @"
Set-Content -Path "my-config.yml" -Value @"
apiVersion: v1
clusters:
- cluster:
Expand All @@ -347,8 +351,8 @@ clusters:
contexts:
- context:
cluster: test
user: testadmin
name: testadmin
user: test_admin
name: test_admin
- context:
cluster: test
user: test
Expand All @@ -357,16 +361,16 @@ current-context: test
kind: Config
preferences: {}
users:
- name: testadmin
- name: test_admin
user:
token: auth-token-goes-here
- name: test
user:
client-certificate-data: certificate-data-goes-here
client-key-data: certificate-key-gies-here
client-key-data: certificate-key-goes-here
"@
kubectl version --short --kubeconfig myconfig.yml
kubectl version --short --kubeconfig my-config.yml
exit 0
Expand Down
6 changes: 3 additions & 3 deletions src/pages/docs/projects/community-step-templates.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
layout: src/layouts/Default.astro
pubDate: 2023-01-01
modDate: 2023-01-01
modDate: 2024-04-10
title: Community step templates
description: How to take advantage of step templates contributed by the Octopus community.
navOrder: 50
Expand Down Expand Up @@ -78,8 +78,8 @@ If you run into any problems with a community step template, don't worry - [we a

Our community step templates live in our [Library repository](https://github.com/OctopusDeploy/Library) on GitHub. If you're familiar with GitHub, you can raise an [issue](https://github.com/OctopusDeploy/Library/issues), and a member of the Octopus team will triage the issue and work with you to get the issue resolved.

In addition, as the code is open-source, you can also submit a [pull request](https://github.com/OctopusDeploy/Library/pulls) to fix an issue. We have [contributing guidelines](https://github.com/OctopusDeploy/Library/blob/master/.github/CONTRIBUTING/) that we recommend reading before submitting a change.
In addition, as the code is open-source, you can also submit a [pull request](https://github.com/OctopusDeploy/Library/pulls) to fix an issue. We have [contributing guidelines](https://github.com/OctopusDeploy/Library/blob/master/.github/CONTRIBUTING.md) that we recommend reading before submitting a change.

## Security

Community step templates are created, updated, and fixed by the Octopus team and the Octopus community. The Octopus team reviews all contributions before they are added to the Octopus library so that the step template only does what the template is designed to do and nothing malicious.
Community step templates are created, updated, and fixed by the Octopus team and the Octopus community. The Octopus team reviews all contributions before they are added to the Octopus library so that the step template only does what the template is designed to do and nothing malicious.
4 changes: 2 additions & 2 deletions src/pages/docs/projects/custom-step-templates.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
layout: src/layouts/Default.astro
pubDate: 2023-01-01
modDate: 2023-01-01
modDate: 2024-04-10
title: Custom step templates
description: How to create reusable steps
navOrder: 60
Expand Down Expand Up @@ -93,7 +93,7 @@ If you want to transport, backup, or share your custom step templates with the c
Now you can take that exported template document and commit it to source control, or share it on the [Community Library](https://library.octopus.com/).

:::div{.success}
Take a look at the [contributing guide](https://github.com/OctopusDeploy/Library/blob/master/.github/CONTRIBUTING/) for the Community Library and submit your step template as a [pull request](https://github.com/OctopusDeploy/Library/pulls).
Take a look at the [contributing guide](https://github.com/OctopusDeploy/Library/blob/master/.github/CONTRIBUTING.md) for the Community Library and submit your step template as a [pull request](https://github.com/OctopusDeploy/Library/pulls).
:::

## Linking custom step templates to community step templates
Expand Down

0 comments on commit 82a1fe9

Please sign in to comment.