Fix: restore switch to dns how-to (#31)

.cspell.json

@@ -11,11 +11,13 @@
     "CISA",
     "minikube",
     "srodenhuis",
+    "Traefik",
     "minio",
     "Alin",
     "APIV",
     "appgw",
     "binzx",
+    "civo",
     "drucker",
     "prope",
     "dtap",

docs/for-devs/console/workloads.md

@@ -65,9 +65,9 @@ Now click on `application` in the `Argocd` column of the workload in the list of
 ### BYO Helm chart
 
 1. Enter a name for the workload
-2. Enter the URL to the Git repo containing the Helm Chart or a Helm repository
-3. Optionally (only when using a Git repo) add the relative directory path within the Git repository. Absolute paths cause errors.
-4. Optionally (only when using a Chart registry) add the name of the Helm chart
+2. Enter the URL to the Git repo containing the Helm Chart or a Helm repository.
+3. Add the relative path to a directory within the Git repository. Use `./` when no directory is used.
+4. Optionally (only when using a Chart registry) add the name of the Helm chart.
 5. Enter the revision. In case of using a Git repo, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of using a Chart repository, this is a semver tag for the Chart's version
 6. Click `Next`
 7. Review the Values used to install the chart

docs/for-ops/how-to/install-with-dns.md

@@ -117,3 +117,47 @@ helm repo update
 helm install -f values.yaml otomi otomi/otomi
 ```
 
+## Civo DNS
+
+:::info
+Civo support is comming soon!
+:::
+
+Set up DNS in Civo:
+
+1. Under `Networking` in the Civo Dashboard, click `DNS` and then `Add a domain name`
+2. Fill in a domain name and then click `Add domain`
+3. Create a NS record in the zone where your domain is hosted and add the Civo name servers `ns0.civo.com` ans `ns1.civo.com`
+4. Under `Settings`, `Profile`, click on the tab `Security` and copy the `API key`
+
+Install Otomi:
+
+5. Add the DNS configuration to the `values.yaml` to install Otomi:
+
+```yaml
+cluster:
+  name: my-cluster # choose a name for your cluster
+  provider: civo
+  domainSuffix: your-domain.com # your domain name
+otomi:
+  hasExternalDNS: true # required
+dns:
+  domainFilters: 
+    - your-domain.com
+  provider:
+    civo:
+      apiToken: "<add your api token here>"
+apps:
+  cert-manager:
+    issuer: letsencrypt
+    stage: production
+    email: admin@your-domain.com
+```
+
+6. Install Otomi:
+
+```yaml
+helm repo add otomi https://otomi.io/otomi-core
+helm repo update
+helm install -f values.yaml otomi otomi/otomi
+```

docs/for-ops/how-to/switch-to-dns.md

@@ -15,30 +15,29 @@ When Otomi is installed with minimal values, a custom CA is generated and Otomi
 
 ## Step 2: Provide DNS values
 
-- In the left menu, click on `DNS` under Platform Settings. This option will only become active after External DNS is enabled in step 1
-- Provide the DNS zone name used by the Teams tom publish URLs on
+- Go back to the `Settings` and click `DNS`
 - Provide the Domain filter and optionally the Zone id filters
 - Select your Provider
 - Provide the required values
 - Click on `Submit`
 
 ## Step 3: Set cluster domain suffix
 
-- In the left menu, click on `Cluster` under Platform Settings
+- Go back to the `Settings` and click `Cluster`
 - Provide the cluster Domain Suffix
 - Click on `Submit`
 
 
 ## Step 4 (optional): Use Let's Encrypt
 
-Let's encrypt requires a DNS zone. So if you would like to start using Let's Encrypt as a CA, now you can.
+Let's Encrypt requires a DNS zone. So if you would like to start using Let's Encrypt as a CA, now you can.
 
 - Click on `Apps` under platform
-- Click on the `CertManager` app
-- Click on `values`
+- Click on the `cert-manager` app
+- Click on the `values` tab
 - Fill in an email address with a valid domain name (required!)
 - Under `Issuer`, click on `Lets Encrypt`
-- Use `Production` or `Staging`
+- Select `Production`
 - Click on `Submit`
 
 ## Step 5: Deploy Changes
@@ -51,8 +50,7 @@ Wait for the Drone runner to finish:
 kubectl get pod -n drone-pipelines -w
 ```
 
-
-## Step 6: Adjust the web hook in Gitea
+## Step 6: Adjust the webhook in Gitea
 
 Open Gitea and follow these steps:
 
@@ -69,21 +67,24 @@ First sign in to the Otomi Console using the new domain name: `https://otomi.<yo
 - Click `Update Webhook`
 
 
-## Step 7: Restart the Drone server and agent
+## Step 7: Restart and Authorize Drone
 
-Then run the following kubectl command:
+After the webhook is adjusted, restart Drone:
 
-```
-kubectl delete pods -n team-admin -l app=drone
+```bash
+kubectl delete pod -n drone -l app=drone
 ```
 
-When both the Drone Agent and Server are back up, open the Drone app and follow these steps:
+When the pods have restarted and are in a running state:
 
+- Click on `Apps` under Platform
+- Click on the `Drone` app
 - Click on `Sign In` on the 404 page
 - Click `Continue`
 - Click on `Authorize Application`
 - Complete the Drone registration
 - Click `Submit`
-- On the Drone dashboard, click `SYNC`
+
+Now you still see the pipeline running of the DNS change is still running. You can manually cancel the pipeline by clicking on the pipeline and then click `cancel` in the top right.
 
 You're ready to go!

docs/get-started/activation.md

@@ -6,7 +6,7 @@ sidebar_label: Activation
 
 Follow the steps below to activate Otomi after initial installation.
 
-### Step 1: Get the log output of the installer job
+## Step 1: Get the log output of the installer job
 
 When the installer job (in the default namespace) has finished, copy the URL and the generated password from the bottom of the logs, sign in to the console with the provided URL, username and password.
 
@@ -16,7 +16,7 @@ Use the following command to get the logs of the installer job:
 kubectl logs jobs/otomi -n default -f
 ```
 
-### Step 2: Create an License Key for using Otomi Console and Otomi API
+## Step 2: Create an License Key for using Otomi Console and Otomi API
 
 :::info
 A Community Edition License Key is required per 17-05-2023
@@ -33,7 +33,7 @@ If you would like to use the Otomi Console (Web UI) and Otomi API (for code vali
 - Add the License key to Otomi Console
 - Click `Activate`
 
-### Step 3 (optional): Add the auto generated CA to your keychain
+## Step 3 (optional): Add the auto generated CA to your keychain
 
 Otomi by default automatically generates a CA. The generated CA is of course not trusted on your local machine. Here are some options to prevent you from clicking away lots of security warning in your browser:
 
@@ -66,15 +66,15 @@ alias chrome-insecure='/Applications/Google\ Chrome.app/Contents/MacOS/Google\ C
 3. Optional: Restart Docker (to support pushing images to Harbor)
 
 
-### Step 4 (Optional): Create a new admin user
+## Step 4 (Optional): Create a new admin user
 
 :::info ATTENTION
 We strongly advise to not use the default `otomi-admin` account after activation and to not change the password. Store it somewhere safe and only use it in case absolutely required.
 :::
 
-[Create a new user account in Keycloak](/docs/apps/keycloak#step-2-create-a-user-in-keycloak) and add the new user to the `otomi-admin` and `team-admin`.
+[Create a new user account in Keycloak](/docs/apps/keycloak#step-2-create-a-user-in-keycloak) and add the new user to the `otomi-admin` and `team-admin` group.
 
-### Step 5 (Optional): Add the URL of the Kubernetes API
+## Step 5 (Optional): Add the URL of the Kubernetes API
 
 :::info NOTE
 Adding the URL of the K8s cluster API is required by teams to be able to download the KUBECONFIG

docs/get-started/installation.md

@@ -4,9 +4,9 @@ title: Installation
 sidebar_label: Installation
 ---
 
-### Install Otomi with Helm
+## Install Otomi with Helm
 
-#### Add the Otomi repository
+### Add the Otomi repository
 
 ```bash
 helm repo add otomi https://otomi.io/otomi-core
@@ -15,7 +15,7 @@ helm repo update
 
 See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation.
 
-#### Minimal configuration
+### Minimal configuration
 
 :::info
 As of version [1.0.0](https://github.com/redkubes/otomi-core/releases/tag/v0.21.0) Otomi supports Kubernetes versions `1.25`,`1.26` and `1.27`.
@@ -39,7 +39,7 @@ When the chart is installed, follow the [activation steps](activation).
 license: <License Key>
 ``` -->
 
-#### Custom values
+### Custom values
 
 To view the required `values.yaml` file with detailed comments, view and download the chart's latest [values.yaml](https://github.com/redkubes/otomi-core/blob/main/chart/otomi/values.yaml). Run the following command to view _all_ the values (which might be overwhelming):
 
@@ -53,15 +53,15 @@ To test wether the input values are correct run the following command:
 helm template -f values.yaml otomi/otomi
 ```
 
-#### Install the Chart
+### Install the Chart
 
 Install the chart with the following command:
 
 ```bash
 helm install -f values.yaml otomi otomi/otomi
 ```
 
-#### Monitoring the chart install
+### Monitoring the chart install
 
 The chart deploys a Job (`otomi`) in the `default` namespace. Monitor the chart install using `kubectl`:
 
@@ -76,11 +76,11 @@ Or view detailed info about kubernetes resources with [k9s](https://k9scli.io)
 
 When the chart is installed, follow the [activation steps](activation)
 
-### Installing from source
+## Installing from source
 
 As an alternative, you can also clone the otomi-core source code from the [Github](https://github.com/redkubes/otomi-core) and install otomi using the chart source code.
 
-#### Download source
+### Download source
 
 ```bash
 git clone https://github.com/redkubes/otomi-core.git
@@ -239,78 +239,4 @@ kms:
 #       project: ''
 #     vault:
 #       token: ''
-```
-
-## Known issues
-
-### Metrics server with untrusted Kube API certificates
-
-**Problem**
-
-Metrics server will not start when installing on a K8s cluster (like on Minikube or a cluster created with Kubeadm) with Kube API using self-signed certificates
-
-**Solution** 
-
-Add extra args to the metrics-service by using the following values when installing Otomi with Helm chart:
-
-```
-apps:
-  metrics-server:
-    enabled: true
-    _rawValues:
-      extraArgs:
-        kubelet-preferred-address-types: InternalIP
-        kubelet-insecure-tls: true
-```
-
-### Uninstalling Otomi
-
-**Problem**
-
-When uninstalling Otomi using the `helm unistall` cmd, all Otomi namespaces get stuck in a terminating state.
-
-**Solution** 
-
-The work around for now is to delete all namespaces using this cmd:
-
-```
-for ns in $(kubectl get ns --field-selector status.phase=Terminating -o jsonpath='{.items[*].metadata.name}'); do  kubectl get ns $ns -ojson | jq '.spec.finalizers = []' | kubectl replace --raw "/api/v1/namespaces/$ns/finalize" -f -; done
-```
-
-### Installing Otomi with Cloudflare DNS
-
-**Problem**
-
-When installing Otomi with `otomi.hasExternalDNS=true` and `apps.cert-manager.issuer=letsencrypt` with `apps.cert-manager.stage=staging`, activating Drone is not possible because of the following error:
-
-```
-Post "https://gitea.d3-otomi.net/login/oauth/access_token": x509: certificate signed by unknown authority
-```
-
-**Solution** 
-
-1. Install with `apps.cert-manager.stage=production`
-
-or 
-
-1. In Cloudflare, set the `A-record` for Gitea to proxy status = `DNS Only`. Also make sure your SSL/TLS encryption mode is set to `Full`
-
-### Installing Otomi with DNS fails due to failed authentication for gitea
-
-**Problem**
-
-When installing Otomi with DNS fails with the following error:
-
-```
-otomi:cmd:commit:commitAndPush:error remote: Unauthorized
-fatal: Authentication failed for 'https://gitea.otomi.example.com/otomi/values.git/'
-```
-
-**Solution**
-
-Provide a custom password:
-
-```
-otomi:
-  adminPassword: yourpassword
 ```