Merge branch 'add-http01-docs' of https://github.com/stakater/saap-docs…

… into add-http01-docs

.github/workflows/pull_request.yaml

@@ -7,13 +7,13 @@ on:
 
 jobs:
   qa:
-    uses: stakater/.github/.github/workflows/[email protected].112
+    uses: stakater/.github/.github/workflows/[email protected].117
     with:
       MD_CONFIG: .github/md_config.json
       DOC_SRC: content README.md
       MD_LINT_CONFIG: .markdownlint.yaml
   build:
-    uses: stakater/.github/.github/workflows/[email protected].112
+    uses: stakater/.github/.github/workflows/[email protected].117
     with:
       DOCKER_FILE_PATH: Dockerfile
       CONTAINER_REGISTRY_URL: ghcr.io/stakater

.github/workflows/push.yaml

@@ -7,7 +7,7 @@ on:
 
 jobs:
   push:
-    uses: stakater/.github/.github/workflows/[email protected].112
+    uses: stakater/.github/.github/workflows/[email protected].117
     with:
       DOCKER_FILE_PATH: Dockerfile
       RELEASE_BRANCH: main

.github/workflows/release.yaml

@@ -7,6 +7,6 @@ on:
 
 jobs:
   release:
-    uses: stakater/.github/.github/workflows/[email protected].112
+    uses: stakater/.github/.github/workflows/[email protected].117
     secrets:
       SLACK_WEBHOOK_URL: ${{ secrets.STAKATER_DELIVERY_SLACK_WEBHOOK }}

.markdownlint.yaml

@@ -6,3 +6,5 @@ MD029:
   style: one
 MD033: false
 MD046: false
+MD055:
+  style: leading_and_trailing

.vale.ini

@@ -1,7 +1,7 @@
 StylesPath = styles
 MinAlertLevel = warning
 
-Packages = https://github.com/stakater/vale-package/releases/download/v0.0.47/Stakater.zip
+Packages = https://github.com/stakater/vale-package/releases/download/v0.0.52/Stakater.zip
 Vocab = Stakater
 
 # Only check MarkDown files

README.md

@@ -38,7 +38,7 @@ Then access the docs on [`localhost:8080/saap`](localhost:8080/saap).
 
 ### Run commands locally
 
-Use [virtualenvwrapper](https://virtualenvwrapper.readthedocs.io/en/latest/install.html) to set up Python virtual environments.
+Use [`virtualenvwrapper`](https://virtualenvwrapper.readthedocs.io/en/latest/install.html) to set up Python virtual environments.
 
 Install [Python 3](https://www.python.org/downloads/).
 

content/about/cloud-providers/aws.md

@@ -10,7 +10,7 @@ An AWS account is needed to create and manage cluster on AWS. The following crit
   |------------|------------|
   | Virtual Machines | Varies. The limit should be 12 initially. (Initial deployment is 3 control plane + 3 infra + 3 worker)|
   | Regional vCPUs | The limit should be A x B x 2 , where A = no. of VMs (worker + infra + control plane), B = vCPUs per VM) |
-  | Elastic IPs (EIPs) | 5 |
+  | Elastic IPs (`EIPs`) | 5 |
   | Virtual Private Clouds (VPCs) | 5 |
   | Elastic Load Balancing (ELB/NLB) | 3 |
   | NAT Gateways | 5 |

content/about/saap-key-differentiators.md

@@ -21,4 +21,4 @@ Stakater App Agility Platform is a true hybrid-cloud enabler. All components of
 | Sandboxed environments | Try out new ideas in a low-risk sandboxed environment |
 | Time to market | Deliver new software features faster, focusing on customer value rather than infrastructure complexities |
 | Cost reduction | Remove the cost and complexity of provisioning, managing and scaling the underlying infrastructure, OS and middleware components |
-| Efficient devops | Realise more value from your DevOps team by allowing them to focus on the 'Dev' rather than 'Ops' |
+| Efficient DevOps | Realise more value from your DevOps team by allowing them to focus on the 'Dev' rather than 'Ops' |

content/about/service-definition.md

@@ -138,9 +138,9 @@ SAAP offers Red Hat Advanced Cluster Security (RHACS) as an optional, managed ad
 
 ### Secrets Stores
 
-#### HashiCorp Vault OSS
+#### Hashicorp Vault OSS
 
-SAAP includes HashiCorp Vault OSS for secrets management, limited to use by applications running on SAAP.
+SAAP includes Hashicorp Vault OSS for secrets management, limited to use by applications running on SAAP.
 
 #### Clouds Secrets Store
 
@@ -150,7 +150,7 @@ SAAP supports integration with multiple cloud provider secret stores (e.g., AWS
 
 #### External Secrets Operator (ESO)
 
-The [External Secrets Operator (ESO)](https://github.com/external-secrets/external-secrets) is included in SAAP to manage secret retrieval from both HashiCorp Vault OSS and supported cloud secret stores. ESO automates secret synchronization into clusters, ensuring secrets are securely available to applications as Kubernetes-native resources.
+The [External Secrets Operator (ESO)](https://github.com/external-secrets/external-secrets) is included in SAAP to manage secret retrieval from both Hashicorp Vault OSS and supported cloud secret stores. ESO automates secret synchronization into clusters, ensuring secrets are securely available to applications as Kubernetes-native resources.
 
 ## Networking
 
@@ -296,7 +296,7 @@ SAAP comes with Renovate, a tool for automating dependency updates. It helps kee
 
 ### Browser IDE - DevSpaces
 
-SAAP includes DevSpaces to provide developers with cloud-based, ready-to-code environments. These workspaces streamline development by offering preconfigured setups, ensuring consistency and reducing setup time. DevSpaces enhances productivity by allowing developers to start coding immediately in a fully equipped environment.
+SAAP includes DevSpaces to provide developers with cloud-based, ready-to-code environments. These workspaces streamline development by offering pre-configured setups, ensuring consistency and reducing setup time. DevSpaces enhances productivity by allowing developers to start coding immediately in a fully equipped environment.
 
 ### Tilt
 

content/about/service-definition/secrets-management.md

@@ -1,5 +1,5 @@
 # Secrets Management
 
-SAAP provides an optional integration of HashiCorp Vault which enhances the security and secrets management capabilities of the platform.
+SAAP provides an optional integration of Hashicorp Vault which enhances the security and secrets management capabilities of the platform.
 
 By integrating Vault, SAAP provides customers with a secure and centralized solution for storing and accessing sensitive information such as passwords, API keys, and certificates. It complements the default OpenShift secrets mechanism, providing additional features and capabilities that are critical for managing secrets in modern containerized environments.

content/for-administrators/secure-your-cluster/saml-idp.md

@@ -2,7 +2,7 @@
 
 SAML v2.0 based IDPs can also be integrated with SAAP.
 
-Configurings for SAML are specific to tools and organizations.
+Configurations for SAML are specific to tools and organizations.
 
 Following attributes must be exposed via the SAML Service Provider (SP)
 

content/for-administrators/storage/volume-expansion.md

@@ -1,5 +1,13 @@
+
 # Volume Expansion
 
+!!! info
+    Volume Expansion is currently not supported on Stakater Cloud due to platform limitations. This feature may be available in future releases. You can follow the clone PVC workaround to resize or migrate PersistentVolumes if necessary.
+
+## Automatic
+
+### Volume Expander Operator
+
 SAAP offers volume expansion to expand volumes when they are running out of space. Volume expansion periodically checks the `kubelet_volume_stats_used_bytes` and `kubelet_volume_stats_capacity_bytes` published by the kubelets to decide when to expand a volume. These metrics are generated only when a volume is mounted to a pod. Also, the kubelet takes a minute or two to start generating accurate values for these metrics.
 
 Volume expansion works based on the following annotations to PersistentVolumeClaim resources:
@@ -23,3 +31,96 @@ volume-expander-operator.redhat-cop.io/expand-by-percent: "20"        # Volume e
 volume-expander-operator.redhat-cop.io/polling-frequency: "10m"       # Volume expansion poll the volume metrics after every 10 minutes
 volume-expander-operator.redhat-cop.io/expand-up-to: "1Ti"            # Volume will be expanded no more than 1TB
 ```
+
+## Manual
+
+### Clone PVC
+
+The clone PVC is designed to copy the contents of one PersistentVolume (PV) to a newly created PersistentVolumeClaim (PVC). Clone PVC is especially useful when migrating PersistentVolumes to a new StorageClass or when you need to resize a PV that belongs to a StorageClass that doesn’t support resizing.
+
+The clone PVC employs a workaround for reclaiming PVs, which is necessary to handle ReadWriteOnce (RWO) PVs. If you're working with a ReadWriteMany (RWX) PV, you can directly run a copy job and attach the Job-Pod to the existing PVC—there's no need to create a new PVC.
+
+Use Cases
+
+- Migrate PVs to different StorageClasses.
+- Resize PVs that are using StorageClasses that don’t support resizing.
+- Copy data from one PV to another, maintaining data integrity.
+
+#### How to Use
+
+##### Step-by-Step Process
+
+**1. Clone the Repository:** First, clone the repository that contains the clone PVC.
+
+```bash
+git clone https://github.com/stakater/charts
+
+cd clone-pvc
+```
+
+**2. Identify the PV to Copy:** Find the PersistentVolume (PV) you wish to copy.
+
+**3. Change PV Reclaim Policy:**: Update the persistentVolumeReclaimPolicy of the PV to Retain.
+
+**4. Get PV Name:**: Retrieve the name of the PV you want to copy.
+
+**5. Deploy the Helm Chart:** Apply the provided Helm chart, specifying:
+
+- The name of the PV in the values file.
+- The name, storage class, and size of the new PVC.
+
+**6. Delete the Original PVC:** Delete the old PVC and remove the claim reference from the source PV.
+
+**7. Monitor the Job:** The job will begin copying data from the original PV to the new PVC. The logs may show warnings about the inability to preserve the original file owners, but this is a known limitation due to OpenShift security settings and can be ignored.
+
+**8. Cleanup:** After the data has been copied, the new PVC will be available, and you can remove the Helm chart.
+
+##### Rebinding the PV to the Original PVC
+
+Once the data has been copied and the Job has been deleted, you can rebind the PV to the original PVC name. If you're using an inflexible operator, like OpenShift image operator, you may need to perform a "hot swap" with the PVC for the PV to be properly bound.
+
+##### Steps to Rebind
+
+**1. Check New PV:** Ensure the new PV has the persistentVolumeReclaimPolicy set to Retain and that the access mode matches the PVC you intend to bind it to.
+
+**2. Remove Claim reference:** Delete the PVC bound to the new PV and remove the `ClaimRef` from the PV.
+
+**3. Prepare PVC YAML:** Copy the YAML definition for the PVC you plan to bind the PV to. Paste it into a file or use OpenShift's "Import YAML" dialog.
+
+**4. Update PVC YAML:** Update the volume name in the PVC YAML to point to your new PV.
+
+**5. Delete PVC and Pod** Delete the application's PVC and pod. Then quickly apply the updated PVC YAML to bind the new PV to the PVC.
+
+**6. Confirm Application:** If successful, your application should now be using the newly copied PV, which is on the new StorageClass.
+
+##### Example Helm Chart Deployment for One-Off Job
+
+To deploy the clone PVC as a one-off job, you can use the following example Helm chart configuration:
+
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: clone-pvc
+  namespace: argocd
+spec:
+  destination:
+    namespace: <target-namespace>
+    server: https://kubernetes.default.svc
+  source:
+    path: clone-pvc
+    repoURL: ssh://[email protected]:stakater/charts
+    targetRevision: master
+    helm:
+      parameters:
+        - name: oldPvName
+          value: "<target-pv>"
+        - name: newPvcName
+          value: "clone-pvc"
+        - name: newPvcStorageClass
+          value: ""
+        - name: newPvcSize
+          value: "100Gi"
+```
+
+By following this process, you can effectively copy data from an existing PersistentVolume to a new PVC, ensuring the migration to new StorageClasses or resizing needs are met.

content/for-developers/explanation/deploying-secrets.md

@@ -15,10 +15,10 @@ The following secrets are needed for running a fully functional pipeline using p
 1. `docker-reg-creds`
     * _Purpose_: Used by buildah task and the application deployment to pull the image from the nexus registry.
     * _Owner_: SAAP admins.
-    * _Type_: Login credentials for nexus docker registry. The secret itself is of type dockerconfigjson.
+    * _Type_: Login credentials for nexus docker registry. The secret itself is of type `dockerconfigjson`.
     * _Used for_: Pulling images from the nexus registry. Needs to be deployed in all namespaces of the tenant. We distribute it using a TGI.
     * _Lifecycle_: Every time a new tenant is created, the secret gets deployed in all its namespaces.
-    * _Deployment Process_: Nexus comes shipped with SAAP. The `nexus3` namespace contains a secret named `docker-reg-creds`. This secret contains the .dockerconfigjson file. We use a Multi Tenant Operator Template and TemplateGroupInstance to copy this secret and distribute it all namespaces of the tenants. The Template and TemplateGroupInstance are both named `docker-reg-creds`.
+    * _Deployment Process_: Nexus comes shipped with SAAP. The `nexus3` namespace contains a secret named `docker-reg-creds`. This secret contains the .`dockerconfigjson` file. We use a Multi Tenant Operator Template and TemplateGroupInstance to copy this secret and distribute it all namespaces of the tenants. The Template and TemplateGroupInstance are both named `docker-reg-creds`.
 1. `helm-reg-creds`
     * _Purpose_: Used to pull and push charts from the Nexus Helm Registry. We use it in two places for our pipeline:
         1. `stakater-helm-push` task
@@ -248,7 +248,7 @@ The following secrets are needed for running a fully functional pipeline using p
                       property: api_private_key
             ```
 
-        1. Now open up the tenant path in Vault and add a secret named [app-name]-ssh-creds. Add a key api_private_key. The value should have a private ssh key that has access to your application repository as well as you `apps-gitops-config` repository.
+        1. Now open up the tenant path in Vault and add a secret named `[app-name]-ssh-creds`. Add a key `api_private_key`. The value should have a private ssh key that has access to your application repository as well as you `apps-gitops-config` repository.
         1. Assuming you have already set up the `apps-gitops-config` repository, you should be able to see the secret deployed to your tenant's build namespace
 
 1. `[app-name]-git-webhook-creds`

content/for-developers/explanation/plan-your-deployment.md

@@ -118,7 +118,7 @@ Setup a CI/CD pipeline to for Continuous Integration and Continuous Deployments.
 
 Users can expose your application in/out the cluster using Services, Ingresses, Routes.
 
-- Users can create two types of services for external networking: NodePort, LoadBalancer.
+- Users can create two types of services for external networking: nodePort, LoadBalancer.
 - Users can create Routes to exposes a service at a host name, such as `www.example.com`, so that external clients can reach it by name.
 - Users can create Ingresses on a host name which is being watched by ingress controller and creates one or more routes to satisfy the conditions of the ingress object.
 

content/for-developers/explanation/production-best-practices.md

@@ -83,7 +83,7 @@ Configure appropriate values for your Kubernetes resources while keeping the fol
 
 ### Scaling Policies
 
-- Define scaling policies to automatically adjust the replica count based on predefined thresholds or metrics (e.g., CPUusage, request queue length).
+- Define scaling policies to automatically adjust the replica count based on predefined thresholds or metrics (e.g., CPU use, request queue length).
 - Set up horizontal pod autoscaling (HPA) or custom scaling controllers to dynamically scale replicas based on workload demands.
 
 ### Load Balancing

content/for-developers/tutorials/inner-loop/add-alerts/add-alerts.md

@@ -43,7 +43,7 @@ Now let's add a PrometheusRule for the application. In the previous section, we
     ```
 
     !!! note
-        The indentation follows by **application.prometheusRule**.
+        The indentation follows by `application.prometheusRule`.
 
 ### Alert Manager
 
@@ -52,7 +52,7 @@ Now we need to tell Alert Manager where to send the alert. For this, we will nee
 1. If you need to send an alert to a Slack channel. You will first need to [add a webhook for that channel in Slack](https://docs.stakater.com/saap/managed-addons/monitoring-stack/log-alerts.html)
 Once you have the webhook URL, you can add the AlertManagerConfig. The Alertmanager uses a secret to pick up details of the endpoint to send the alerts to.
 
-1. Let's create the secret first. Log in to SAAP > Administrator > Workloads > Secrets in your namespace. Create a secret from YAML. Replace "namespace" with the namespace in which your application is deployed and "api_url" with base64 encoded webhook URL:
+1. Let's create the secret first. Log in to SAAP > Administrator > Workloads > Secrets in your namespace. Create a secret from YAML. Replace "namespace" with the namespace in which your application is deployed and `api_url` with base64 encoded webhook URL:
 
     ```yaml
     kind: Secret
@@ -66,7 +66,7 @@ Once you have the webhook URL, you can add the AlertManagerConfig. The Alertmana
     type: Opaque
     ```
 
-1. Let's add the AlertManagerConfig, add this YAML to `deploy/values.yaml`, and remember to replace "channel-name" with your channel name.
+1. Let's add the AlertManagerConfig, add this YAML to `deploy/values.yaml`, and remember to replace `channel-name` with your channel name.
 
     ```yaml
     alertmanagerConfig:
@@ -107,7 +107,7 @@ Once you have the webhook URL, you can add the AlertManagerConfig. The Alertmana
     ```
 
     !!! note
-        The indentation follows by **application.alertmanagerConfig**.
+        The indentation follows by `application.alertmanagerConfig`.
 
 1. Save and run `tilt up` at the root of your directory. Hit the space bar and the browser with `TILT` logs will be shown. If everything is green then the changes will be deployed on the cluster.
 

content/for-developers/tutorials/inner-loop/add-configmap/add-configmaps.md

@@ -42,7 +42,7 @@ This comprehensive tutorial will walk you through the process of effectively uti
     !!! note
         The indentation for `env` in `deploy/values.yaml` is **application.deployment.env**. You can also refer configmap in env, to see more [click](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#define-container-environment-variables-with-data-from-multiple-configmaps).
 
-### Utilize envFrom to Access Configmaps
+### Utilize `envFrom` to Access Configmaps
 
 1. To utilize environment variables from a resource, such as Configmap, we can mention the `envFrom` field and specify the configmap name. Add this YAML to `deploy/values.yaml`. `envFrom` allows you to fetch all the environment variables define in this configmap.
 
@@ -62,12 +62,12 @@ This comprehensive tutorial will walk you through the process of effectively uti
 
     It should look like this:
 
-    ![envfrom configmap](images/envfrom-config.png)
+    ![configmap](images/envfrom-config.png)
 
     Look at the different colors that indicates indentation.
 
     !!! note
-        The indentation for `envFrom` in `deploy/values.yaml` is **application.deployment.envFrom**. You can also reference secret in envFrom, to see more [click](https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#configure-all-key-value-pairs-in-a-secret-as-container-environment-variables).
+        The indentation for `envFrom` in `deploy/values.yaml` is `application.deployment.envFrom`. You can also reference secret in `envFrom`, to see more [click](https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#configure-all-key-value-pairs-in-a-secret-as-container-environment-variables).
 
 ### Define Configmap Data in `values.yaml`
 
@@ -169,7 +169,7 @@ If your application requires a configuration file with sensitive information, yo
 
     It should look like this:
 
-    ![configmao volumes and volume mounts](images/volume-config.png)
+    ![configmap volumes and volume mounts](images/volume-config.png)
 
     Look at the different colors that indicates indentation.