Updated documentation and added sealed secrets lab (#64)

* fix: outdated documentation

* fix: outdated documentation

* fix: outdated documentation

* fix: review comments

* fix: use team-demo in example

docs/for-devs/console/workloads.md

@@ -27,7 +27,7 @@ Before creating a workload from the developer catalog, we'll need the `repositor
 
 1. Go to the list of Builds and add the `repository` of the build to use to your clipboard. Remember the tag.
 
-2. Go to `Workloads` in the left menu and click on `New Workload`
+2. Go to `Workloads` in the left menu and click on `Create Workload`
 
 3. Select a template from the catalog to use
 

docs/get-started/installation/scaleway.md

@@ -84,9 +84,9 @@ dns:
   domainFilters: 
     - example.com
   provider:
-    scaleway:
-      scwAccessKey: $SCW_ACCESS_KEY
-      scwSecretKey: $SCW_SECRET_KEY
+    cloudflare:
+      apiToken: $CF_API_TOKEN
+      proxied: false
 apps:
   cert-manager:
     issuer: letsencrypt
@@ -119,4 +119,4 @@ Follow the activation steps [here.](https://otomi.io/docs/get-started/activation
 
 :::tip
 Like to learn how to use Otomi? Go through the [Get Started labs](../labs/overview.md)
-:::
+:::

docs/get-started/labs/lab-11.md

@@ -16,9 +16,9 @@ Before creating a workload from the developer catalog, we'll need the `repositor
 
 You can now create a workload from the developer catalog:
 
-1. Go to `Workloads` in the left menu and click on `New Workload`
-2. Add the Name `green` for the workload
-3. Select `otomi-quickstart-k8s-deployment` from the catalog
+1. Go to `Workloads` in the left menu and click on `Create Workload`
+2. Select `k8s-deployment` from the catalog
+3. Add the Name `green` for the workload
 4. Set the `Auto image updater` to `Digest` and fill in the `ImageRepository` from the clipboard.
 
 `Digest` is the update strategy and will update the image to the most recent pushed version of a given tag.

docs/get-started/labs/lab-14.md

@@ -22,7 +22,7 @@ In this lab we're going to create a workload in Otomi to create a Knative servic
 
 You can create a workload to deploy your own Helm chart, or you can use one of the `otomi-charts` Helm charts. In this case we'll use the deployment chart in the `otomi-charts` repository.
 
-1. Go to `Workloads` in the left menu and click on `New Workload`
+1. Go to `Workloads` in the left menu and click on `Create Workload`
 2. Choose `Function as a Service`
 
 ![kubecfg](../../img/ksvc-app.png)

docs/get-started/labs/lab-20.md

@@ -34,7 +34,7 @@ When you created a custom query that you would like to use more often, or would
 - In the apps section, click on the `Settings` icon of the Loki app
 - Click on the `Shortcuts` tab
 - Click `edit`
-- Click on `Edd item`
+- Click on `Add item`
 - Fill in the `Title`, `Description` and the `Path` for the shortcut
 
 ![kubecfg](../../img/new-loki-shortcut.png)

docs/get-started/labs/lab-26.md

@@ -11,7 +11,7 @@ In the previous lab we created a build in Otomi using the `blue` repo in Gitea.
 1. In the left menu, click on `Builds`
 2. Click on `Create Build`
 3. Fill in the name `green` for your build
-4. Choose `./Dockerfile` and fill in the repo URL for the `green` repo created in the previous lab.
+4. Choose `./Dockerfile` and fill in the repo URL for the `green` repo created in the previous lab: `https://gitea.<your-domain>/<gitea-username>/green`
 5. Enable `Trigger`
 6. Click `Submit`
 

docs/get-started/labs/lab-27.md

@@ -12,6 +12,8 @@ For this lab it is required to:
 
 - Enable `Tempo`
 - Enable `Otel`
+- Enable `Loki`
+- Enable `Grafana`
 - Enable tracing for `Istio` and `Nginx Ingress`
 
 ## Build an image from source code
@@ -46,9 +48,9 @@ git push --mirror https://gitea.<your-domain>/<your-user-name>/petclinic.git
 
 Go to the list of Builds and add the repository of the `petclinc` build to your clipboard. Remember that the tag is latest.
 
-1. Go to `Workloads` in the left menu and click on `New Workload`
-2. Add the Name `petclinic` for the workload
-3. Select `otomi-quickstart-k8s-deployment-otel` from the catalog
+1. Go to `Workloads` in the left menu and click on `Create Workload`
+2. Select `k8s-deployment-otel` from the catalog
+3. Add the Name `petclinic` for the workload
 4. Leave the `Auto image updater` to `Disabled`
 5. In the workload `values`, change the following parameters:
 

docs/get-started/labs/lab-28.md

@@ -15,13 +15,15 @@ For this lab we need the 2 images (`blue` and `green`) we already created in the
 - [Build images](lab-6.md)
 - [Trigger builds](lab-26.md)
 
+Or you can use public images e.g. `nginx:latest` and `tomcat:latest` for this lab.
+
 ## Create a workload from the developer catalog
 
 Go to the list of Builds and add the repository of the `green` build to your clipboard.
 
-1. Go to `Workloads` in the left menu and click on `New Workload`
-2. Add the Name `canary` for the workload
-3. Select `otomi-quickstart-k8s-deployment-canary` from the catalog
+1. Go to `Workloads` in the left menu and click on `Create Workload`
+2. Select `k8s-deployment-canary` from the catalog
+3. Add the Name `canary` for the workload
 4. Set the `Auto image updater` to `Digest` and fill in:
 
 - imageRepository = paste from the clipboard

docs/get-started/labs/lab-3.md

@@ -88,14 +88,74 @@ Add `blue.html`:
         font-weight: normal;
         margin-bottom: 0;
       }
+      .centered-text {
+          text-align: center;
+      }
     </style>
   </head>
   <body>
-    <div align="center">
+  <div class="centered-text">
       <h1>Welcome to Blue</h1>
-    </div>
+  </div>
   </body>
 </html>
 ```
 
-In the following labs we are going to use the `blue` repository, but we'll also need a `green` repository. Create the `green` repository and add the 2 files, but change `blue` into `green`.
+In the following labs we are going to use the `blue` repository, but we'll also need a `green` repository. Create the `green` repository and add the 2 files, but change `blue` into `green`.
+
+- Click on `+ New Repository`
+
+![kubecfg](../../img/new-gitea-repo.png)
+
+- Add the name `green` for the repository
+- Optional: Enable `Initialize Repository`
+- Make Repository Private
+- Click on `Create Repository`
+
+Add the following 2 files to the repository:
+
+Add `Dockerfile`:
+
+```Dockerfile
+FROM nginxinc/nginx-unprivileged:stable
+COPY green.html /usr/share/nginx/html/index.html
+EXPOSE 8080
+```
+
+Add `green.html`:
+
+```html
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="utf-8" />
+    <title>Sample Deployment</title>
+    <style>
+      body {
+        color: #ffffff;
+        background-color: green;
+        font-family: Arial, sans-serif;
+        font-size: 14px;
+      }
+      h1 {
+        font-size: 500%;
+        font-weight: normal;
+        margin-bottom: 0;
+      }
+      h2 {
+        font-size: 200%;
+        font-weight: normal;
+        margin-bottom: 0;
+      }
+      .centered-text {
+          text-align: center;
+      }
+    </style>
+  </head>
+  <body>
+    <div class="centered-text">
+      <h1>Welcome to Green</h1>
+    </div>
+  </body>
+</html>
+```

docs/get-started/labs/lab-33.md

@@ -26,13 +26,43 @@ To configure the RabbitMQ Cluster workload go to the `Values` tab and fill in a
 ## Adding Queues and Policies
 
 To configure `Queues` and `Policies` for the rabbitMQ Cluster you can add them to the `queues` and `policies` parameters respectively.
-For example we create a rabbitMQ Cluster workload with the name `rabbit1` with 2 `queues` and 2 `policies`.
+For example, we create a rabbitMQ Cluster workload with the name `rabbit1` with 2 `queues` and 2 `policies`.
 
 ![Fill In Values](../../img/rabbitmq-3-add-queues-and-policies.png)
 
 :::info ALERT
 Do remember that even though these values can be edited afterwards, not all specifications or definitions can be updated after a `queue` or `policy` has been created. Please make sure everything is filled in correctly.
 :::
+```yaml
+queues:
+  - name: my-quorum-queue1
+    spec:
+      durable: true
+      arguments:
+        x-queue-type: quorum
+  - name: my-quorum-queue2
+    spec:
+      arguments:
+        autoDelete: true
+
+policies:
+  - name: my-policy1
+    pattern: ".*"
+    definition:
+      dead-letter-exchange: cc
+      ha-mode: all
+    spec:
+      applyTo: classic_queues
+      priority: 1
+      vhost: "/"
+  - name: my-policy2
+    pattern: ".*"
+    definition:
+      dead-letter-exchange: cc
+      max-age: 1h
+    spec:
+      applyTo: quorum_queues
+```
 
 When everything is filled in correctly you can `submit` and click the `deploy changes` button.
 
@@ -46,8 +76,11 @@ ArgoCD Status:
 
 ## Accessing the RabbitMQ Management UI
 
-To access the `RabbitMQ Management UI` you have to retrieve the default user credentials and `port-forward` the `rabbitMQ server`.
-To do this connect to your k8s cluster with `kubectl`.
+To access the `RabbitMQ Management UI` you have two options:
+- retrieve the default user credentials and `port-forward` the `rabbitMQ server`.
+- Create a service to expose the `rabbitMQ server` and access the `Management UI` publicly. This is not recommended for production services
+
+In this lab we are going to use the cluster. To do this connect to your k8s cluster with `kubectl`.
 
 :::info NOTE
 In this example the `rabbitMQ cluster` was created in the demo team so we have to get the `secret` from the `team-demo` namespace. Please retrieve the `secret` from the namespace where the `rabbitMQ cluster` was created.

docs/get-started/labs/lab-34.md

@@ -0,0 +1,70 @@
+---
+slug: lab-34
+title: Use Sealed Secrets
+sidebar_label: Use Sealed Secrets
+---
+
+In this lab we will create sealed secrets and see how to securely sensitive information in git repository.
+
+## Enabling Sealed Secrets
+
+As an `Admin` go to the `Apps` panel and activate `sealed-secrets`, afterwards click the `deploy` button.
+If you are not and `Admin` then ask your `Admin` to enable the `sealed-secrets` application.
+
+## Creating a Sealed Secret
+
+To create a sealed secret, on the team overview click on the `Sealed Secrets` in the sidebar and select the `Create SealedSecret`. This will take you to the page where you can create a sealed secret.
+
+![Sealed secrets](../../img/sealed-secrets.png)
+
+To configure the sealed secret fill in a name for your secret and the desired namespace. 
+Afterwards you can add the `secret` data that you want to store in the sealed secret. 
+The secret data is stored as 'key' 'value'. In the example below we created a secret named 'secret-credentials' in the namespace 'team-demo'. 
+The secret has the key values `password=helloworld` and `username=labs-user`. Now click on `submit` and `Deploy Changes`.
+
+![Create sealed secret](../../img/create-sealed-secrets.png)
+
+Once the secret is created you cannot see the values anymore.
+
+![Created sealed secret](../../img/created-sealed-secrets.png)
+
+## Checking the repository
+
+Now go to Gitea and check the otomi/values repository. You will see that under `values/env/teams/sealedsecrets.<team-name>.yaml` the secret is stored in yaml, but the values are encrypted.
+
+![Repository sealed secret](../../img/repository-sealed-secrets.png)
+
+## Checking the cluster
+
+The only way to see the values of the secret is to have access to the cluster and decrypt the secret. The secrets are there stored as base64 encoded values.
+
+```bash
+kubectl get secret secret-credentials -o yaml -n team-demo
+```
+This wil return the secret in yaml format. The values are stored as base64 encoded values.
+```yaml
+apiVersion: v1
+data:
+  password: aGVsbG93b3JsZA==
+  username: bGFicy11c2Vy
+kind: Secret
+metadata:
+  creationTimestamp: "2024-04-11T14:33:37Z"
+  name: secret-credentials
+  namespace: team-demo
+  ownerReferences:
+  - apiVersion: bitnami.com/v1alpha1
+    controller: true
+    kind: SealedSecret
+    name: secret-credentials
+    uid: 4ead6ffe-f1e9-4b30-91d7-94011af12452
+  resourceVersion: "4085462"
+  uid: 48d84c95-0eb1-47d8-acae-b0d3d7474921
+type: kubernetes.io/opaque
+```
+If you want to decode the secret you can use base64 decode:
+
+```bash
+kubectl get secret secret-credentials -n team-demo -o jsonpath="{.data.password}" | base64 --decode
+helloworld
+```

docs/get-started/labs/lab-6.md

@@ -39,6 +39,8 @@ When the build is ready you can see the image in Harbor:
 
 ## Re-run the build (optional)
 
+For this step you need to have the Tekton cli installed. If you don't have the Tekton cli installed, you can install it from this page: [https://tekton.dev/docs/cli/](https://tekton.dev/docs/cli/)
+
 To run the build again using Otomi Console, follow these steps:
 
 1. Change the tag of the build for example to `v1.0.0`

docs/get-started/labs/lab-8.md

@@ -1,7 +1,7 @@
 ---
 slug: lab-8
-title: Create secrets
-sidebar_label: Create secrets
+title: Create secrets in Vault
+sidebar_label: Create secrets in Vault
 ---
 
 :::info

sidebar-docs.js

@@ -33,7 +33,7 @@ module.exports = {
           "get-started/labs/lab-6",
           "get-started/labs/lab-26",
           "get-started/labs/lab-8",
-          "get-started/labs/lab-10",
+          "get-started/labs/lab-34",
           "get-started/labs/lab-29",
           "get-started/labs/lab-13",
           "get-started/labs/lab-18",