Documentation for v1beta3 Tenant CR and Extensions CR

content/how-to-guides/extensions.md

@@ -0,0 +1,55 @@
+# Extensions
+
+Extensions in MTO enhance its functionality by allowing integration with external services. Currently, MTO supports integration with ArgoCD, enabling you to synchronize your repositories and configure AppProjects directly through MTO. Future updates will include support for additional integrations.
+
+### Configuring ArgoCD Integration
+
+Let us take a look at how you can create an Extension CR and integrate ArgoCD with MTO.
+
+Before you create an Extension CR, you need to modify the Integration Config resource and add the ArgoCD configuration.
+
+```yaml
+  integrations:
+    argocd:
+      clusterResourceWhitelist:
+        - group: tronador.stakater.com
+          kind: EnvironmentProvisioner
+      namespaceResourceBlacklist:
+        - group: ''
+          kind: ResourceQuota
+      namespace: openshift-operators
+```
+
+The above configuration will whitelist the `EnvironmentProvisioner` CRD and blacklist the `ResourceQuota` resource. Also note that the `namespace` field is mandatory and should be set to the namespace where the ArgoCD is deployed.
+
+Every Extension CR is associated with a specific Tenant. Here's an example of an Extension CR that is associated with a Tenant named `tenant-sample`:
+
+```yaml
+apiVersion: tenantoperator.stakater.com/v1alpha1
+kind: Extensions
+metadata:
+  name: extensions-sample
+spec:
+  tenantName: tenant-sample
+  argoCDConfig:
+    purgeAppProjectOnDelete: true
+    sourceRepos:
+      - "github.com/stakater/repo"
+    appProject:
+      clusterResourceWhitelist:
+        - group: ""
+          kind: "Pod"
+      namespaceResourceBlacklist:
+        - group: "v1"
+          kind: "ConfigMap"
+```
+
+The above CR creates an Extension for the Tenant named `tenant-sample` with the following configurations:
+
+- `purgeAppProjectOnDelete`: If set to `true`, the AppProject will be deleted when the Extension is deleted.
+- `sourceRepos`: List of repositories to sync with ArgoCD.
+- `appProject`: Configuration for the AppProject.
+  - `clusterResourceWhitelist`: List of cluster-scoped resources to sync.
+  - `namespaceResourceBlacklist`: List of namespace-scoped resources to ignore.
+
+In the backend, MTO will create an ArgoCD AppProject with the specified configurations.

content/how-to-guides/integration-config.md

@@ -68,11 +68,11 @@ Spec:
     privileged:
       namespaces:
         - ^default$
-        - ^openshift-*
-        - ^kube-*
+        - ^openshift.*
+        - ^kube.*
       serviceAccounts:
-        - ^system:serviceaccount:openshift-*
-        - ^system:serviceaccount:kube-*
+        - ^system:serviceaccount:openshift.*
+        - ^system:serviceaccount:kube.*
       users:
         - ''
       groups:
@@ -95,7 +95,6 @@ Spec:
         openshift.io/node-selector: node-role.kubernetes.io/worker=
   integrations:
     argocd:
-      enabled: bool
       clusterResourceWhitelist:
         - group: tronador.stakater.com
           kind: EnvironmentProvisioner
@@ -231,11 +230,11 @@ accessControl:
     privileged:
       namespaces:
         - ^default$
-        - ^openshift-*
-        - ^kube-*
+        - ^openshift.*
+        - ^kube.*
       serviceAccounts:
-        - ^system:serviceaccount:openshift-*
-        - ^system:serviceaccount:kube-*
+        - ^system:serviceaccount:openshift.*
+        - ^system:serviceaccount:kube.*
       users:
         - ''
       groups:
@@ -328,11 +327,11 @@ namespaceAccessPolicy:
   privileged:
     namespaces:
       - ^default$
-      - ^openshift-*
-      - ^kube-*
+      - ^openshift.*
+      - ^kube.*
     serviceAccounts:
-      - ^system:serviceaccount:openshift-*
-      - ^system:serviceaccount:kube-*
+      - ^system:serviceaccount:openshift.*
+      - ^system:serviceaccount:kube.*
     users:
       - ''
     groups:

content/how-to-guides/quota.md

@@ -46,16 +46,20 @@ Bill then proceeds to create a tenant for Anna, while also linking the newly cre
 
 ```yaml
 kubectl create -f - << EOF
-apiVersion: tenantoperator.stakater.com/v1beta2
+apiVersion: tenantoperator.stakater.com/v1beta3
 kind: Tenant
 metadata:
   name: bluesky
 spec:
-  owners:
-    users:
-    - anna@stakater.com
   quota: small
-  sandbox: false
+  accessControl:
+    owners:
+      users:
+        - anna@aurora.org
+        - anthony@aurora.org
+  namespaces:
+    sandboxes:
+      enabled: true
 EOF
 ```
 
@@ -94,17 +98,20 @@ Once the quota is created, Bill will create the tenant and set the quota field t
 
 ```yaml
 kubectl create -f - << EOF
-apiVersion: tenantoperator.stakater.com/v1beta2
+apiVersion: tenantoperator.stakater.com/v1beta3
 kind: Tenant
 metadata:
   name: bluesky
 spec:
-  owners:
-    users:
-    - anna@aurora.org
-    - anthony@aurora.org
-  quota: medium
-  sandbox: true
+  quota: small
+  accessControl:
+    owners:
+      users:
+        - anna@aurora.org
+        - anthony@aurora.org
+  namespaces:
+    sandboxes:
+      enabled: true
 EOF
 ```
 
@@ -132,16 +139,20 @@ Once the quota is created, Bill will create the tenant and set the quota field t
 
 ```yaml
 kubectl create -f - << EOF
-apiVersion: tenantoperator.stakater.com/v1beta2
+apiVersion: tenantoperator.stakater.com/v1beta3
 kind: Tenant
 metadata:
-  name: sigma
+  name: bluesky
 spec:
-  owners:
-    users:
-    - dave@aurora.org
   quota: small
-  sandbox: true
+  accessControl:
+    owners:
+      users:
+        - anna@aurora.org
+        - anthony@aurora.org
+  namespaces:
+    sandboxes:
+      enabled: true
 EOF
 ```