Skip to content

Commit

Permalink
docs: documented non-fips packs in VerteX PEM-3652
Browse files Browse the repository at this point in the history 
* Add non-fips infra packs, add new screenshot

* Optimised images with calibre/image-actions

* Address most review comments

* Add sys-level regstry docs, vertex/palette

* Add tenant registry howto, final edits

* Add  revisions from review

* Minor fix

* Add tabs in add registry docs and more

* Change a word for consistency

* docs: added missing links

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Karl Cardenas <[email protected]>
  • Loading branch information
@ritawatson @github-actions @karl-cardenas-coding
3 people authored Oct 21, 2023
1 parent 398cb3b commit 48d1b40
Show file tree
Hide file tree
Showing 9 changed files with 329 additions and 44 deletions.
85 changes: 85 additions & 0 deletions docs/docs-content/enterprise-version/system-management/add-registry.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
---
sidebar_label: "Add System-Level Registry"
title: "Add System-Level Registry"
description: "Learn how to add a system-level registry in Palette."
icon: ""
hide_table_of_contents: false
sidebar_position: 60
tags: ["enterprise", "management", "registry"]
---

You can add a registry at the system level or tenant level. Registries added at the system level are available to all the tenants. Registries added at the tenant level are available only to that tenant. This section describes how to add a system-level registry. For guidance on adding a registry at the tenant scope, check out [Add Tenant-Level Registry](../../tenant-settings/add-registry.md).

## Prerequisites

- Access to the Palette system console.

## Add an OCI Pack Registry

Use the following steps to add a system-level OCI pack registry.

1. Log in to the Palette system console. You can do this by visiting the IP address or the custom domain name assigned to your Palette cluster and appending the /system path to the URL.

2. From the left **Main Menu** select **Administration**.

3. Select the **Pack Registries** tab, and click on the **Add New Pack Registry** button.

4. Provide a custom name for the registry, and select **OCI** as the registry type.

Accessing the registry is different depending on the OCI authentication type you choose. Select the tab below that applies to your authentication method.


<Tabs groupId="authentication">

<TabItem label="Basic" value="Basic">

5. Provide the registry URL in the **Endpoint** field.

6. In the **Base Content Path** field, provide the base path or namespace of the repository you want to target in the registry.

7. If you have credentials, provide them in the **Username** and **Password** fields. Otherwise, leave these fields blank.

8. Click the **Validate** button. If the credentials you provided are correct, a *Credentials validated* success message with a green check is displayed.

9. If an error message displays that pack registry details could not be validated, you can upload a self-signed Certificate Authority (CA) certificate. To do this, check the **Insecure Skip TLS Verify** box to skip verifying the x509 certificate, and click **Upload file** to upload the certificate.

10. When you have completed inputting values and credentials are validated, click **Confirm** to complete adding the registry.

</TabItem>

<TabItem label="ECR" value="ECR">

5. Provide the URL to the registry endpoint.

6. Provide the base path or namespace of the repository you want to target in the registry.

7. If you are adding an unprotected OCI registry, click the **Validate** button. To add a protected registry, enable the **Protected** toggle and select an AWS authentication method.

8. When accessing a protected registry, if you use **Credentials**, provide these in the **Access Key** and **Secret access key** fields. To use Security Token Service, review the guidance in the right panel that displays when you select **STS**.

9. Click the **Validate** button. If the credentials you provided are correct, a *Credentials validated* success message with a green check is displayed.

10. If an error message displays that pack registry details could not be validated, you can upload a self-signed Certificate Authority (CA) certificate. To do this, check the **Insecure Skip TLS Verify** box to skip verifying the x509 certificate, and click **Upload file** to upload the certificate.

11. When you have completed inputting values and credentials are validated, click **Confirm** to complete adding the registry.

</TabItem>
</Tabs>

You have successfully added a system-level pack registry. Registries added at the system level can only be removed at that level.


## Validate

You can verify the registry has been added if Palette displayed a *Credentials validated* success message with a green check when you added the registry. Use these steps to further verify the registry is added.

1. Log in to the [Palette](https://console.spectrocloud.com) as a tenant admin.

2. From the left **Main Menu** select **Administration**.

3. Select the **Pack Registries** tab and verify the registry you added is listed and available.


## Resources

- [Add Tenant-Level Registry](../../tenant-settings/add-registry.md)
11 changes: 7 additions & 4 deletions docs/docs-content/enterprise-version/system-management/system-management.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ Platform administrators can use the system console to perform the following oper

- Configure and manage SMTP settings.

- Configure and manage Pack registries.
- [Configure and manage Pack registries](add-registry.md).

- [Configure and manage SSL certificates](ssl-certificate-management.md).

Expand All @@ -60,10 +60,13 @@ Check out the following resources to learn more about these operations.
## Resources


* [Tenant Management](tenant-management.md)
- [Add a Tenant-Level Registry](add-registry.md)


* [Configure Reverse Proxy](reverse-proxy.md)
- [Tenant Management](tenant-management.md)


* [SSL Certificate Management](ssl-certificate-management.md)
- [Configure Reverse Proxy](reverse-proxy.md)


- [SSL Certificate Management](ssl-certificate-management.md)
88 changes: 88 additions & 0 deletions docs/docs-content/tenant-settings/add-registry.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
---
sidebar_label: "Add Tenant-Level Registry"
title: "Add Tenant-Level Registry"
description: "Learn how to add a tenant-level registry in Palette."
icon: ""
hide_table_of_contents: false
sidebar_position: 60
tags: ["enterprise", "management", "registry"]
---

You can add a registry at the system level or tenant level. Registries added at the system level are available to all the tenants. Registries added at the tenant level are available only to that tenant. This section describes how to add a tenant-level registry. For guidance on adding a registry at the system scope, check out [Add System-Level Registry](../enterprise-version/system-management/add-registry.md).

## Prerequisites

- You need tenant admin privileges.

## Add an OCI Pack Registry

Use the following steps to add a tenant-level OCI pack registry.

1. Log in to [Palette](https://console.spectrocloud.com) as a tenant admin.

2. From the left **Main Menu** select **Tenant Settings**.

3. On the **Tenant Settings Menu**, select **Registries**.

4. Select the **OCI Registries** tab, and click on the **Add New OCI Registry** button.

5. Provide a custom name for the registry, and select **Pack** as the registry type.

Accessing the registry is different depending on the OCI authentication type you choose. Select the tab below that applies to your authentication method.

<Tabs groupId="authentication">

<TabItem label="Basic" value="Basic">

5. Provide the registry URL in the **Endpoint** field.

6. In the **Base Content Path** field, provide the base path or namespace of the repository you want to target in the registry.

7. If you have credentials, provide them in the **Username** and **Password** fields. Otherwise, leave these fields blank.

8. Click the **Validate** button. If the credentials you provided are correct, a *Credentials validated* success message with a green check is displayed.

9. If an error message displays that pack registry details could not be validated, you can upload a self-signed Certificate Authority (CA) certificate. To do this, check the **Insecure Skip TLS Verify** box to skip verifying the x509 certificate, and click **Upload file** to upload the certificate.

10. When you have completed inputting values and credentials are validated, click **Confirm** to complete adding the registry.

</TabItem>

<TabItem label="ECR" value="ECR">

5. Provide the URL to the registry endpoint.

6. Provide the base path or namespace of the repository you want to target in the registry.

7. If you are adding an unprotected OCI registry, click the **Validate** button. To add a protected registry, enable the **Protected** toggle and select an AWS authentication method.

8. When accessing a protected registry, if you use **Credentials**, provide these in the **Access Key** and **Secret access key** fields. To use Security Token Service, review the guidance in the right panel that displays when you select **STS**.

9. Click the **Validate** button. If the credentials you provided are correct, a *Credentials validated* success message with a green check is displayed.

10. If an error message displays that pack registry details could not be validated, you can upload a self-signed Certificate Authority (CA) certificate. To do this, check the **Insecure Skip TLS Verify** box to skip verifying the x509 certificate, and click **Upload file** to upload the certificate.

11. When you have completed inputting values and credentials are validated, click **Confirm** to complete adding the registry.

</TabItem>
</Tabs>

You have successfully added a tenant-level pack registry. Registries added at the tenant level can only be removed at that level.


## Validate

You can verify the registry has been added if Palette displayed a *Credentials validated* success message with a green check when you added the registry. Use these steps to further verify the registry is added.

1. Log in to the [Palette](https://console.spectrocloud.com) as a tenant admin.

2. From the left **Main Menu** select **Tenant Settings**.

3. In the **Tenant Settings** menu, select **Registries**, and click on the **OCI Registries** tab.

4. Verify the registry you added is listed and available.


## Resources

- [Add System-Level Registry](../enterprise-version/system-management/add-registry.md)
7 changes: 7 additions & 0 deletions docs/docs-content/tenant-settings/tenant-settings.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,14 @@ Use the following resources to become familiar with the available tenant setting

## Resources


- [Add Tenant-Level Registry](add-registry.md)

- [API Key Management](api-key-management.md)

- [Login Banner](login-banner.md)




<br />
96 changes: 96 additions & 0 deletions docs/docs-content/vertex/system-management/add-registry.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
---
sidebar_label: "Add a Registry"
title: "Add a Registry"
description: "Learn how to add a registry in Palette VerteX."
icon: ""
hide_table_of_contents: false
sidebar_position: 50
tags: ["vertex", "management", "registry"]
---

You can add a registry at the system level or the tenant level. Registries added at the system level are available to all the tenants. Registries added at the tenant level are available only to that tenant.

:::info

This section describes how to add a system scope registry. For guidance on adding a registry at the tenant scope, check out [Add a Tenant-Level Registry](../../tenant-settings/add-registry.md).

:::

## Prerequisites

- Access to the Palette VerteX system console.

## Add an OCI Pack Registry

Use the following steps to add a system-level OCI pack registry.

1. Log in to the Palette VerteX system console. Refer to [Access the System Console](system-management.md#access-the-system-console) guide.

2. From the left **Main Menu** select **Administration**.

3. Select the **Pack Registries** tab, and click on the **Add New Pack Registry** button.

4. Provide a custom name for the registry, and select **OCI** as the registry type.

Accessing the registry is different depending on the OCI authentication type you choose. Select the tab below that applies to your authentication method.


<Tabs groupId="authentication">

<TabItem label="Basic" value="Basic">

5. Provide the registry URL in the **Endpoint** field.

6. In the **Base Content Path** field, provide the base path or namespace of the repository you want to target in the registry.

7. If you have credentials, provide them in the **Username** and **Password** fields. Otherwise, leave these fields blank.

8. Click the **Validate** button. If the credentials you provided are correct, a *Credentials validated* success message with a green check is displayed.

9. If an error message displays that pack registry details could not be validated, you can upload a self-signed Certificate Authority (CA) certificate. To do this, check the **Insecure Skip TLS Verify** box skip verifying the x509 certificate, and click **Upload file** to upload the certificate.

10. When you have completed inputting values and credentials are validated, click **Confirm** to complete adding the registry.

</TabItem>

<TabItem label="ECR" value="ECR">

5. Provide the URL to the registry endpoint.

6. Provide the base path or namespace of the repository you want to target in the registry.

7. If you are adding an unprotected OCI registry, click the **Validate** button. To add a protected registry, enable the **Protected** toggle and select an AWS authentication method.

8. When accessing a protected registry, if you use **Credentials**, provide these in the **Access Key** and **Secret access key** fields. To use Security Token Service, review the guidance in the right panel that displays when you select **STS**.

9. Click the **Validate** button. If the credentials you provided are correct, a *Credentials validated* success message with a green check is displayed.

10. If an error message displays that pack registry details could not be validated, you can upload a self-signed Certificate Authority (CA) certificate. To do this, check the **Insecure Skip TLS Verify** box to skip verifying the x509 certificate, and click **Upload file** to upload the certificate.

10. When you have completed inputting values and credentials are validated, click **Confirm** to complete adding the registry.

</TabItem>
</Tabs>


You have successfully added a system-level pack registry. Registries added at the system level can only be removed at that level.


## Validate

You can verify the registry has been added if VerteX displayed a *Credentials validated* success message with a green check when you added the registry. Use these steps to further verify the registry is added.

1. Log in to the Palette VerteX system console. Refer to [Access the System Console](system-management.md#access-the-system-console) guide.

2. From the left **Main Menu** select **Administration**.

3. Select the **Pack Registries** tab and verify the registry you added is listed and available.


## Resources

- [Add a Tenant-Level Registry](../../tenant-settings/add-registry.md)

- [Use non-FIPS Packs](../system-management/enable-non-fips-settings/use-non-fips-addon-packs.md)


4 changes: 2 additions & 2 deletions ...t/vertex/system-management/enable-non-fips-settings/enable-non-fips-settings.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,12 @@ tags: ["vertex", "non-fips"]

Palette VerteX is FIPS-enforced by default, incorporating the Spectro Cloud Cryptographic Module into the Kubernetes Management Platform and the infrastructure components of target clusters. To learn more about our cryptographic library, check out [FIPS 140-2 Certification](../../../compliance.md#fips-140-2).

If desired, you can allow the consumption of certain non-FIPS functionality in Palette VerteX at the tenant level. **Platform Settings** at the tenant level provide toggles to allow non-FIPS-compliant add-on packs and non-FIPS features such as scans, backup, and restore. You can also allow importing clusters created external to Palette.
If desired, you can allow the consumption of certain non-FIPS functionality in Palette VerteX at the tenant level. **Platform Settings** at the tenant level provide toggles to allow non-FIPS-compliant packs and non-FIPS features such as scans, backup, and restore. You can also allow importing clusters created external to Palette.


## Resources

- [Use non-FIPS Add-On Packs](../../system-management/enable-non-fips-settings/use-non-fips-addon-packs.md)
- [Use non-FIPS Packs](../../system-management/enable-non-fips-settings/use-non-fips-addon-packs.md)


- [Use non-FIPS Features](../../system-management/enable-non-fips-settings/use-non-fips-features.md)
Expand Down
Loading

0 comments on commit 48d1b40

Please sign in to comment.