From 56605ad7c1a035f3d30571f4f811465badcaf952 Mon Sep 17 00:00:00 2001 From: Karl Cardenas Date: Wed, 17 Jan 2024 09:09:26 -0700 Subject: [PATCH] docs: DOC-1012 ISO 27001 (#2031) * docs: updated language and added ISO 27001 * docs: fixed broken anchors * docs: more finding * docs: compliance image update * docs: fixed broken achor * docs: updated index page * docs: vale feedback * Optimised images with calibre/image-actions * Apply suggestions from code review Co-authored-by: Lenny Chen <55669665+lennessyy@users.noreply.github.com> * docs: feedback --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Lenny Chen <55669665+lennessyy@users.noreply.github.com> --- docs/docs-content/architecture/grps-proxy.md | 2 +- .../cluster-groups/cluster-group-backups.md | 2 +- .../add-backup-location-dynamic.md | 2 +- .../backup-restore/backup-restore.md | 2 +- .../cluster-tag-filter/cluster-tag-filter.md | 12 ++-- .../cluster-tag-filter/create-add-filter.md | 10 +-- .../monitoring/deploy-agent.md | 2 +- .../cluster-management/palette-webctl.md | 2 +- .../edge/site-deployment/deploy-cluster.md | 2 +- .../clusters/public-cloud/aws/aws.md | 2 +- .../clusters/public-cloud/azure/azure.md | 7 +- .../azure/create-azure-cluster.md | 2 +- .../public-cloud/deploy-k8s-cluster.md | 2 +- docs/docs-content/compliance.md | 44 ------------- docs/docs-content/devx/devx.md | 2 +- .../devx/services/service-listings/vault.md | 2 +- .../vmware-vsphere-airgap-instructions.md | 2 +- .../install-on-vmware/install.md | 2 +- .../integrations/kubernetes-edge.md | 2 +- docs/docs-content/integrations/kubernetes.md | 2 +- docs/docs-content/integrations/ubuntu.md | 8 +-- .../docs-content/introduction/introduction.md | 7 +- .../docs-content/legal-licenses/compliance.md | 57 +++++++++++++++++ .../legal-licenses/legal-licenses.md | 9 +-- .../legal-licenses/oss-licenses.md | 2 +- .../app-profiles/app-profile-output-vars.md | 6 +- .../registries-and-packs/deploy-pack.md | 4 +- docs/docs-content/security/security.md | 2 +- .../troubleshooting/cluster-deployment.md | 60 ++++++++++++++++++ .../palette-rbac/palette-rbac.md | 10 +-- .../user-management/user-management.md | 4 -- .../vmware-vsphere-airgap-instructions.md | 2 +- .../enable-non-fips-settings.md | 4 +- .../workspace/workload-features.md | 4 +- docusaurus.config.js | 1 + redirects.js | 4 ++ .../IconMapper/dynamicFontAwesomeImports.js | 2 - .../legal-licenses_compliance_iso-27001.png | Bin 0 -> 19110 bytes 38 files changed, 183 insertions(+), 108 deletions(-) delete mode 100644 docs/docs-content/compliance.md create mode 100644 docs/docs-content/legal-licenses/compliance.md create mode 100644 static/assets/docs/images/legal-licenses_compliance_iso-27001.png diff --git a/docs/docs-content/architecture/grps-proxy.md b/docs/docs-content/architecture/grps-proxy.md index 3b27e782fc..9c12ae0bf8 100644 --- a/docs/docs-content/architecture/grps-proxy.md +++ b/docs/docs-content/architecture/grps-proxy.md @@ -35,7 +35,7 @@ The following sections provide more information about gRPC and proxies. ## Proxy Without SSL Bump -Because gRPC is based on HTTP/2, any proxy server that supports the [HTTP CONNECT](https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/CONNECT) method can be used to forward gRPC traffic. No configuration is required for this scenario. The exception is when the proxy server performs an SSL bump, discussed in the [Proxy With SSL Bump](/architecture/grps-proxy#proxywithsslbump) section. +Because gRPC is based on HTTP/2, any proxy server that supports the [HTTP CONNECT](https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/CONNECT) method can be used to forward gRPC traffic. No configuration is required for this scenario. The exception is when the proxy server performs an SSL bump, discussed in the [Proxy With SSL Bump](#proxy-with-ssl-bump) section. :::info diff --git a/docs/docs-content/clusters/cluster-groups/cluster-group-backups.md b/docs/docs-content/clusters/cluster-groups/cluster-group-backups.md index bc90317991..133937d2d2 100644 --- a/docs/docs-content/clusters/cluster-groups/cluster-group-backups.md +++ b/docs/docs-content/clusters/cluster-groups/cluster-group-backups.md @@ -11,7 +11,7 @@ Palette [Virtual Clusters](../palette-virtual-clusters/palette-virtual-clusters. ## Prerequisites -* A project or tenant backup location. Refer to the [cluster backup and restore](../cluster-management/backup-restore/backup-restore.md#clusterbackupandrestore) document to learn how to configure a backup location. +* A project or tenant backup location. Refer to the [cluster backup and restore](../cluster-management/backup-restore/backup-restore.md#get-started) document to learn how to configure a backup location. * Cluster group modification [permissions](../../user-management/palette-rbac/palette-rbac.md). diff --git a/docs/docs-content/clusters/cluster-management/backup-restore/add-backup-location-dynamic.md b/docs/docs-content/clusters/cluster-management/backup-restore/add-backup-location-dynamic.md index 3d61c401bd..d6fcc9584c 100644 --- a/docs/docs-content/clusters/cluster-management/backup-restore/add-backup-location-dynamic.md +++ b/docs/docs-content/clusters/cluster-management/backup-restore/add-backup-location-dynamic.md @@ -8,7 +8,7 @@ tags: ["clusters", "cluster management", "backup"] --- -This guide provides instructions for how to add a backup location in Palette using dynamic access credentials. You use the dynamic access credentials to authenticate Palette with the backup location service provider. Refer to the [Backup Location](backup-restore.md#backuplocation) section to learn more about the supported service providers. +This guide provides instructions for how to add a backup location in Palette using dynamic access credentials. You use the dynamic access credentials to authenticate Palette with the backup location service provider. Refer to the [Backup Location](./backup-restore.md#backup-locations-and-credentials) section to learn more about the supported service providers. Depending on the infrastructure provider, there may be limitations or different prerequisites. diff --git a/docs/docs-content/clusters/cluster-management/backup-restore/backup-restore.md b/docs/docs-content/clusters/cluster-management/backup-restore/backup-restore.md index d1a3617924..efa60f9ca8 100644 --- a/docs/docs-content/clusters/cluster-management/backup-restore/backup-restore.md +++ b/docs/docs-content/clusters/cluster-management/backup-restore/backup-restore.md @@ -23,7 +23,7 @@ To get started with creating a backup, check out the [Add a Backup Location usin :::info -If you are using a workspace, refer to the [Manage Palette Workspace](/workspace/workload-features#managepaletteworkspace) guide to learn more about backup and restore actions for a workspace. +If you are using a workspace, refer to the [Manage Palette Workspace](../../../workspace/workload-features.md) guide to learn more about backup and restore actions for a workspace. ::: diff --git a/docs/docs-content/clusters/cluster-management/cluster-tag-filter/cluster-tag-filter.md b/docs/docs-content/clusters/cluster-management/cluster-tag-filter/cluster-tag-filter.md index 0e852e21f5..dbe746fe8e 100644 --- a/docs/docs-content/clusters/cluster-management/cluster-tag-filter/cluster-tag-filter.md +++ b/docs/docs-content/clusters/cluster-management/cluster-tag-filter/cluster-tag-filter.md @@ -15,20 +15,20 @@ To get started with an attribute access control through tags, check out the [Cre - [Cluster Resource Filter](create-add-filter.md) -- [Create Resource Filter](create-add-filter.md#createresourcefilter) +- [Create Resource Filter](create-add-filter.md#create-resource-filter) -- [Add Resource Role](create-add-filter.md#addresourcerole) +- [Add Resource Role](create-add-filter.md#add-resource-role) - [Palette Resource Roles](../../../user-management/palette-rbac/resource-scope-roles-permissions.md) -- [Palette Global Resource Roles](../../../user-management/palette-rbac/resource-scope-roles-permissions.md#paletteglobalresourceroles) +- [Palette Global Resource Roles](../../../user-management/palette-rbac/resource-scope-roles-permissions.md#palette-global-resource-roles) -- [Palette Custom Resource Roles](../../../user-management/palette-rbac/resource-scope-roles-permissions.md#palettecustomresourceroles) +- [Palette Custom Resource Roles](../../../user-management/palette-rbac/resource-scope-roles-permissions.md#palette-custom-resource-roles) -- [Create Custom Role](../../../user-management/new-user.md#createcustomrole) +- [Create Custom Role](../../../user-management/new-user.md#create-custom-role) -- [Create New User in Palette](../../../user-management/new-user.md#createanewuser) +- [Create New User in Palette](../../../user-management/new-user.md#create-a-new-user) diff --git a/docs/docs-content/clusters/cluster-management/cluster-tag-filter/create-add-filter.md b/docs/docs-content/clusters/cluster-management/cluster-tag-filter/create-add-filter.md index 2fcc4f7dec..49a46d4d41 100644 --- a/docs/docs-content/clusters/cluster-management/cluster-tag-filter/create-add-filter.md +++ b/docs/docs-content/clusters/cluster-management/cluster-tag-filter/create-add-filter.md @@ -47,17 +47,17 @@ Upon creating a filter, a display message will pop up to confirm the successful ## Add Resource Role -You can assign the resource filter created, in combination with roles, to a [user](../../../user-management/new-user.md#createanewuser) to enforce access restriction. Palette provisions two types of roles: +You can assign the resource filter created, in combination with roles, to a [user](../../../user-management/new-user.md#create-a-new-user) to enforce access restriction. Palette provisions two types of roles: -* [Palette Global Roles](../../..//user-management/palette-rbac/resource-scope-roles-permissions.md#paletteglobalresourceroles), the set of roles that are available in Palette console +* [Palette Global Roles](../../..//user-management/palette-rbac/resource-scope-roles-permissions.md#palette-global-resource-roles), the set of roles that are available in Palette by default. -* [Custom Resource Roles](../../..//user-management/palette-rbac/resource-scope-roles-permissions.md#palettecustomresourceroles), can be generated according to your requirements from the available set of permissions and operations. +* [Custom Resource Roles](../../..//user-management/palette-rbac/resource-scope-roles-permissions.md#palette-custom-resource-roles), can be generated according to your requirements from the available set of permissions and operations. ### Prerequisites * A [Palette account](https://console.spectrocloud.com) with Tenant scope privileges. -* A [user created](../../../user-management/new-user.md#createanewuser) to assign the resource privileges. +* A [user created](../../../user-management/new-user.md#create-a-new-user) to assign the resource privileges. To assign the resource roles and filter to the user follow the below steps:
@@ -104,5 +104,5 @@ Upon creating a filter, a display message will pop up to confirm the successful ## Resource -* [Create a New User](../../..//user-management/new-user.md#createanewuser) +* [Create a New User](../../..//user-management/new-user.md#create-a-new-user) diff --git a/docs/docs-content/clusters/cluster-management/monitoring/deploy-agent.md b/docs/docs-content/clusters/cluster-management/monitoring/deploy-agent.md index a5c68860d1..edeb071e85 100644 --- a/docs/docs-content/clusters/cluster-management/monitoring/deploy-agent.md +++ b/docs/docs-content/clusters/cluster-management/monitoring/deploy-agent.md @@ -177,7 +177,7 @@ Example: `https://metrics.example.com:9090/api/v1/write` - url: "https://metrics.example.com:9090/api/v1/write" ``` -8. Add the `basic_auth` parameters shown below. Replace `` and `` with the actual credential values. Use the username you created to authenticate with the Prometheus API server. If you followed the [Deploy a Monitoring Stack](deploy-monitor-stack.md#deployamonitoringstack) with authentication guide, then the username is `agent`. +8. Add the `basic_auth` parameters shown below. Replace `` and `` with the actual credential values. Use the username you created to authenticate with the Prometheus API server. If you followed the [Deploy a Monitoring Stack](deploy-monitor-stack.md#deploy-a-monitoring-stack) with authentication guide, then the username is `agent`.
diff --git a/docs/docs-content/clusters/cluster-management/palette-webctl.md b/docs/docs-content/clusters/cluster-management/palette-webctl.md index f2ae782ef4..b3a1f33f89 100644 --- a/docs/docs-content/clusters/cluster-management/palette-webctl.md +++ b/docs/docs-content/clusters/cluster-management/palette-webctl.md @@ -32,7 +32,7 @@ If you are using Palette Virtual Machine (VM) Management, you can find steps on :::warning -If you are using [OIDC](/clusters/cluster-management/cluster-rbac#userbacwithoidc) with your host cluster, you will need the kubelogin plugin. Refer to the kubelogin GitHub repository [README](https://github.com/int128/kubelogin#setup) for installation guidance. +If you are using [OIDC](./cluster-rbac.md) with your host cluster, you will need the kubelogin plugin. Refer to the kubelogin GitHub repository [README](https://github.com/int128/kubelogin#setup) for installation guidance. ::: diff --git a/docs/docs-content/clusters/edge/site-deployment/deploy-cluster.md b/docs/docs-content/clusters/edge/site-deployment/deploy-cluster.md index dcfff2a793..9a32df6d0e 100644 --- a/docs/docs-content/clusters/edge/site-deployment/deploy-cluster.md +++ b/docs/docs-content/clusters/edge/site-deployment/deploy-cluster.md @@ -416,7 +416,7 @@ The next step is to use the following `docker run` command to trigger Packer bui - The `sh -c "cd edge/vmware/packer/ && packer build -force --var-file=vsphere.hcl build.pkr.hcl` shell sub-command changes to the container's **edge/vmware/packer/** directory and invokes `packer build` to create the VM template. The `packer build` command has the following options: - The `-force` flag destroys any existing template. - - The `--var-file` option reads the **vsphere.hcl** file from the container. This file contains the VM template name, VM configuration, and ISO file name to use. The VM configuration conforms to the [minimum device requirements](../architecture/#minimum-device-requirements). + - The `--var-file` option reads the **vsphere.hcl** file from the container. This file contains the VM template name, VM configuration, and ISO file name to use. The VM configuration conforms to the [minimum device requirements](../architecture.md#minimum-device-requirements). The **vsphere.hcl** file content is shown below for your reference. This tutorial does not require you to modify these configurations.
diff --git a/docs/docs-content/clusters/public-cloud/aws/aws.md b/docs/docs-content/clusters/public-cloud/aws/aws.md index 4094e3fa46..c7e162aca0 100644 --- a/docs/docs-content/clusters/public-cloud/aws/aws.md +++ b/docs/docs-content/clusters/public-cloud/aws/aws.md @@ -7,7 +7,7 @@ hide_table_of_contents: false --- -Palette supports integration with [Amazon Web Services](https://aws.amazon.com). You can deploy and manage [Host Clusters](../../../glossary-all.md#hostcluster) in AWS. To get started check out the [Register and Manage AWS Accounts](add-aws-accounts.md). +Palette supports integration with [Amazon Web Services](https://aws.amazon.com). You can deploy and manage [Host Clusters](../../../glossary-all.md#host-cluster) in AWS. To get started check out the [Register and Manage AWS Accounts](add-aws-accounts.md). diff --git a/docs/docs-content/clusters/public-cloud/azure/azure.md b/docs/docs-content/clusters/public-cloud/azure/azure.md index e082bf3a82..f2887d08a5 100644 --- a/docs/docs-content/clusters/public-cloud/azure/azure.md +++ b/docs/docs-content/clusters/public-cloud/azure/azure.md @@ -8,7 +8,7 @@ tags: - azure --- -Palette supports integration with [Microsoft Azure](https://azure.microsoft.com/en-us). You can deploy and manage [Host Clusters](../../../glossary-all.md#hostcluster) in Azure. To get started check out the [Register and Manage Azure Cloud Account](azure-cloud.md#manage-azure-accounts). +Palette supports integration with [Microsoft Azure](https://azure.microsoft.com/en-us). You can deploy and manage [Host Clusters](../../../glossary-all.md#host-cluster) in Azure or Azure Government. To get started check out the [Register and Manage Azure Cloud Account](azure-cloud.md). @@ -23,7 +23,10 @@ To learn more about Palette and Azure cluster creation and its capabilities chec - [Register and Manage Azure Cloud Account](azure-cloud.md) -- [Create and Manage Azure Cluster](create-azure-cluster.md#deploy-an-azure-cluster-with-palette) +- [Create and Manage IaaS Azure Cluster](create-azure-cluster.md) + + +- [Create and Manage Azure AKS Cluster](aks.md) - [Deleting an Azure Cluster](../../cluster-management/remove-clusters.md) diff --git a/docs/docs-content/clusters/public-cloud/azure/create-azure-cluster.md b/docs/docs-content/clusters/public-cloud/azure/create-azure-cluster.md index 386a128e38..0b73eedadc 100644 --- a/docs/docs-content/clusters/public-cloud/azure/create-azure-cluster.md +++ b/docs/docs-content/clusters/public-cloud/azure/create-azure-cluster.md @@ -86,7 +86,7 @@ Use the following steps to deploy an Azure cluster. :::warning - If the Azure account is registered with **Disable Properties** and **Static Placement** options enabled, then Palette will not import the network information from your Azure account. You can manually input the information for the **Control Plane Subnet** and the **Worker Network**, but be aware that **drop-down Menu** selections will be empty. To learn more about these settings and certain requirements to use them, refer to [Disable Properties](azure-cloud.md#disable-properties). + If the Azure account is registered with **Disable Properties** and **Static Placement** options enabled, then Palette will not import the network information from your Azure account. You can manually input the information for the **Control Plane Subnet** and the **Worker Network**, but be aware that **drop-down Menu** selections will be empty. To learn more about these settings and certain requirements to use them, refer to [Disable Properties](azure-cloud.md#disable-palette-network-calls-to-azure-account). ::: diff --git a/docs/docs-content/clusters/public-cloud/deploy-k8s-cluster.md b/docs/docs-content/clusters/public-cloud/deploy-k8s-cluster.md index 5ae8a1af78..73db36173a 100644 --- a/docs/docs-content/clusters/public-cloud/deploy-k8s-cluster.md +++ b/docs/docs-content/clusters/public-cloud/deploy-k8s-cluster.md @@ -1243,7 +1243,7 @@ In this tutorial, you created a cluster profile, which is a template that contai Palette assures consistency across cluster deployments through cluster profiles. Palette also enables you to quickly deploy applications to a Kubernetes environment with little or no prior Kubernetes knowledge. In a matter of minutes, you were able to provision a new Kubernetes cluster and deploy an application. -We encourage you to check out the [Deploy an Application using Palette Dev Engine](/devx/apps/deploy-app) tutorial to learn more about Palette. Palette Dev Engine can help you deploy applications more quickly through the usage of [virtual clusters](/glossary-all#palettevirtualcluster). Feel free to check out the reference links below to learn more about Palette. +We encourage you to check out the [Deploy an Application using Palette Dev Engine](/devx/apps/deploy-app) tutorial to learn more about Palette. Palette Dev Engine can help you deploy applications more quickly through the usage of [virtual clusters](../../glossary-all.md#palette-virtual-cluster). Feel free to check out the reference links below to learn more about Palette.
diff --git a/docs/docs-content/compliance.md b/docs/docs-content/compliance.md deleted file mode 100644 index 922debd194..0000000000 --- a/docs/docs-content/compliance.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -sidebar_label: "Compliance" -title: "Certification of Compliance" -description: "Certification of Compliance" -hide_table_of_contents: false -sidebar_position: 220 -sidebar_custom_props: - icon: "user-shield" -tags: ["compliance", "soc2", "fips"] ---- - -We have two Security Operations Center (SOC) certifications and a FIPS certificate for a Cryptographic Module. - -## SOC 2 Type II - -![soc2.png](/soc2.png "#width=180px") - -Spectro Cloud is certified against SOC2 Type II, compliance with the AICPA’s (American Institute of Certified Public Accountants) TSC (Trust Services Criteria). -* Spectro Cloud SOC 2 Type II audit report assures our organization’s: - * Security - * Availability - * Processing integrity - * Confidentiality - * Privacy -* SOC 2 audits are an important component in regulatory oversight, vendor management programs, internal governance, and risk management. -* These reports help the users and their auditors to understand the Spectro Cloud controls established to support operations and compliance. -* The annual certification of SOC2 is Independent 3rd Party Auditor. -* Spectro Cloud SOC 2 Type II report is available upon request for any customers or prospects with signed MNDA. - -## FIPS 140-2 - - -![FIPS-Compliance](/docs_compliance_compliance_fips-logo.png "#width=180px") - -Spectro Cloud is certified against FIPS 140-2 with [Certificate number 4349](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4349) in compliance with the Cryptographic Module Validation Program (CMVP). - -Our Spectro Cloud Cryptographic Module is a general-purpose cryptographic library. The FIPS-enforced Palette VerteX edition incorporates the module in the Kubernetes Management Platform and the infrastructure components of target clusters to protect the sensitive information of regulated industries. Palette VerteX supports FIPS at the tenant level. For more information about the FIPS-enforced Palette edition, check out [Palette VerteX](vertex/vertex.md). - -The module is tested against these configurations: - -* Red Hat Enterprise Linux 8 on Dell PowerEdge R440 with Intel Xeon Silver 4214R _with and without_ PAA -* SUSE Linux Enterprise Server 15 on Dell PowerEdge R450 with Intel Xeon Silver 4309Y _with and without_ PAA -* Ubuntu 18.04 on Dell PowerEdge R450 with Intel Xeon Silver 4309Y _with and without_ PAA -* Ubuntu 20.04 on Dell PowerEdge R450 with Intel Xeon Silver 4309Y _with and without_ PAA diff --git a/docs/docs-content/devx/devx.md b/docs/docs-content/devx/devx.md index fab0832f11..e872f8a67c 100644 --- a/docs/docs-content/devx/devx.md +++ b/docs/docs-content/devx/devx.md @@ -60,7 +60,7 @@ The PDE dashboard provides a snapshot of resource utilization in your PDE enviro ## Automation Support -You can manage PDE resources through the [Palette API](/api/introduction), [Spectro Cloud Terraform provider](https://registry.terraform.io/providers/spectrocloud/spectrocloud/latest/docs), and the Palette CLI. Download the Palette CLI from the [Downloads](/spectro-downloads#palettecli) page to start programmatically using PDE. +You can manage PDE resources through the [Palette API](/api/introduction), [Spectro Cloud Terraform provider](https://registry.terraform.io/providers/spectrocloud/spectrocloud/latest/docs), and the Palette CLI. Download the Palette CLI from the [Downloads](../spectro-downloads.md#palette-cli) page to start programmatically using PDE. ![A view of the Palette CLI menu from a terminal](/devx_devx_cli-display.png) diff --git a/docs/docs-content/devx/services/service-listings/vault.md b/docs/docs-content/devx/services/service-listings/vault.md index 7ac5671913..2e70faddb2 100644 --- a/docs/docs-content/devx/services/service-listings/vault.md +++ b/docs/docs-content/devx/services/service-listings/vault.md @@ -140,7 +140,7 @@ You can validate the Vault instance deployed successfully by using the following 10. Open your browser and visit [https://localhost:8200/ui](https://localhost:8200/ui) to access the Vault UI. You will receive a warning due to the usage of a self-signed certificate but you can ignore this warning. -To acquire the Vault root token, review the [Vault Credentials](vault.md#vault-credentials) section. +To acquire the Vault root token, review the [Vault Credentials](#vault-credentials) section. # Output Variables diff --git a/docs/docs-content/enterprise-version/install-palette/airgap/vmware-vsphere-airgap-instructions.md b/docs/docs-content/enterprise-version/install-palette/airgap/vmware-vsphere-airgap-instructions.md index 26efdaead0..e5e0425d28 100644 --- a/docs/docs-content/enterprise-version/install-palette/airgap/vmware-vsphere-airgap-instructions.md +++ b/docs/docs-content/enterprise-version/install-palette/airgap/vmware-vsphere-airgap-instructions.md @@ -75,7 +75,7 @@ Carefully review the [prerequisites](#prerequisites) section before proceeding. - Palette CLI installed and available. Refer to the Palette CLI [Install](../../../palette-cli/install-palette-cli.md#download-and-setup) page for guidance. -- Review the required vSphere [permissions](../install-on-vmware/vmware-system-requirements.md). Ensure you have created the proper custom roles and zone tags. Zone tagging is required for dynamic storage allocation across fault domains when provisioning workloads that require persistent storage. Refer to [Zone Tagging](../install-on-vmware/install-on-vmware.md#vsphere-machine-configuration) for information. +- Review the required vSphere [permissions](../install-on-vmware/vmware-system-requirements.md). Ensure you have created the proper custom roles and zone tags. Zone tagging is required for dynamic storage allocation across fault domains when provisioning workloads that require persistent storage. Refer to [Zone Tagging](../install-on-vmware/vmware-system-requirements.md) for information.
diff --git a/docs/docs-content/enterprise-version/install-palette/install-on-vmware/install.md b/docs/docs-content/enterprise-version/install-palette/install-on-vmware/install.md index 424d52683e..3583cdd479 100644 --- a/docs/docs-content/enterprise-version/install-palette/install-on-vmware/install.md +++ b/docs/docs-content/enterprise-version/install-palette/install-on-vmware/install.md @@ -64,7 +64,7 @@ If you are installing Palette in an airgap environment, ensure you complete all - x509 SSL certificate authority file in base64 format. This file is optional. -- Zone tagging is required for dynamic storage allocation across fault domains when provisioning workloads that require persistent storage. Refer to [Zone Tagging](../install-on-vmware/install-on-vmware.md#vsphere-machine-configuration) for information. +- Zone tagging is required for dynamic storage allocation across fault domains when provisioning workloads that require persistent storage. Refer to [Zone Tagging](../install-on-vmware/vmware-system-requirements.md) for information. - Assigned IP addresses for application workload services, such as Load Balancer services. diff --git a/docs/docs-content/integrations/kubernetes-edge.md b/docs/docs-content/integrations/kubernetes-edge.md index 20004a893d..b0034b925e 100644 --- a/docs/docs-content/integrations/kubernetes-edge.md +++ b/docs/docs-content/integrations/kubernetes-edge.md @@ -41,7 +41,7 @@ We also offer Palette eXtended Kubernetes (PXK) for cloud and data center deploy ### PXK and Palette VerteX -The PXK-E used in [Palette VerteX](../vertex/vertex.md) is compiled and linked with our [NIST-certified FIPS crypto module](../compliance.md#fips-140-2). PXK-E is by default enabled with [Ubuntu Pro](https://ubuntu.com/pro) with FIPS mode enabled. Additionally, the Operating System (OS) is hardened based on the NIST-800 standard. Refer to the [Build Edge Artifacts](../clusters/edge/edgeforge-workflow/build-artifacts.md) guide to learn more on how to build the PXK-E image with FIPS mode enabled. +The PXK-E used in [Palette VerteX](../vertex/vertex.md) is compiled and linked with our [NIST-certified FIPS crypto module](../legal-licenses/compliance.md#fips-140-2). PXK-E is by default enabled with [Ubuntu Pro](https://ubuntu.com/pro) with FIPS mode enabled. Additionally, the Operating System (OS) is hardened based on the NIST-800 standard. Refer to the [Build Edge Artifacts](../clusters/edge/edgeforge-workflow/build-artifacts.md) guide to learn more on how to build the PXK-E image with FIPS mode enabled. The combined usage of PXK-E and Palette VerteX provides a secure and FIPS-compliant experience as the Kubernetes distribution, OS, and management platform VerteX is FIPS-compliant. diff --git a/docs/docs-content/integrations/kubernetes.md b/docs/docs-content/integrations/kubernetes.md index 1af9b12ac7..a456646ef2 100644 --- a/docs/docs-content/integrations/kubernetes.md +++ b/docs/docs-content/integrations/kubernetes.md @@ -36,7 +36,7 @@ We also offer Palette eXtended Kubernetes Edge (PXK-E) for Edge deployments. Ref ### PXK and Palette VerteX -The PXK used in [Palette VerteX](../vertex/vertex.md) is compiled and linked with our [NIST-certified FIPS crypto module](../compliance.md#fips-140-2). PXK is by default enabled with [Ubuntu Pro](https://ubuntu.com/pro) with FIPS mode enabled. Additionally, the Operating System (OS) is hardened based on the NIST-800 standard. However, if you use a different OS through the [BYOOS](./byoos.md) pack, then you are responsible for ensuring FIPS compliance and hardening of the OS. +The PXK used in [Palette VerteX](../vertex/vertex.md) is compiled and linked with our [NIST-certified FIPS crypto module](../legal-licenses/compliance.md#fips-140-2) PXK is by default enabled with [Ubuntu Pro](https://ubuntu.com/pro) with FIPS mode enabled. Additionally, the Operating System (OS) is hardened based on the NIST-800 standard. However, if you use a different OS through the [BYOOS](./byoos.md) pack, then you are responsible for ensuring FIPS compliance and hardening of the OS. The combined usage of PXK and Palette VerteX provides a secure and FIPS-compliant experience as the Kubernetes distribution, OS, and management platform VerteX is FIPS-compliant. diff --git a/docs/docs-content/integrations/ubuntu.md b/docs/docs-content/integrations/ubuntu.md index 7a753b8d16..1d6b977777 100644 --- a/docs/docs-content/integrations/ubuntu.md +++ b/docs/docs-content/integrations/ubuntu.md @@ -74,7 +74,7 @@ Palette applies a default set of configuration options when deploying Ubuntu. Yo | `controllerManager` | Extra settings for the Kubernetes controller manager control plane component. Review the [Kubernetes controller manager](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/) documentation for more information. | object | No | | `scheduler` | Extra settings for the Kubernetes scheduler control plane component. Refer to the [Kube scheduler](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-scheduler) documenation for more details. | object | No | | `kubeletExtraArgs` | Extra arguments for kubelet. Refer to the [Kubeadm init](https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-init) documentation for more details. | map | No | -| `files` | Create or specify additional files for the `kubeadmconfig`. Refer to the [Customize Pack](/integrations/ubuntu?22.04.x#customizepack) section to learn more. | list | No | +| `files` | Create or specify additional files for the `kubeadmconfig`. Refer to the [Customize Pack](#customize-pack) section to learn more. | list | No | | `preKubeadmCommands` | Extra commands to issue before kubeadm starts. | list | No | | `postKubeadmCommands` | Extra commands to issue after kubeadm starts. | list | No | | `imageRepository` | The container registry to pull images from. If empty, `k8s.gcr.io` will be used by default. | string | No | @@ -178,7 +178,7 @@ Review the parameter documentation before you make changes to the kubeadm config ::: -Palette also supports Ubuntu Pro. Refer to the [Ubuntu Pro](ubuntu.md?22.04.x#ubuntupro) section below for more details. +Palette also supports Ubuntu Pro. Refer to the [Ubuntu Pro](#ubuntu-pro) section below for more details.
@@ -415,7 +415,7 @@ Palette applies a default set of configuration options when deploying Ubuntu. Yo | `controllerManager` | Extra settings for the Kubernetes controller manager control plane component. Review the [Kubernetes controller manager](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/) documentation for more information. | object | No | | `scheduler` | Extra settings for the Kubernetes scheduler control plane component. Refer to the [Kube scheduler](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-scheduler) documenation for more details. | object | No | | `kubeletExtraArgs` | Extra arguments for kubelet. Refer to the [Kubeadm init](https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-init) documentation for more details. | map | No | -| `files` | Additional files to pass to kubeadmconfig. Refer to the [Customize Pack](/integrations/ubuntu?22.04.x#customizepack) section to learn more. | list | No | +| `files` | Additional files to pass to kubeadmconfig. Refer to the [Customize Pack](#add-custom-files-1) section to learn more. | list | No | | `preKubeadmCommands` | Extra commands to issue before kubeadm starts. | list | Yes - Auto generated | | `postKubeadmCommands` | Extra commands to issue after kubeadm starts. | list | Yes - Auto generated | | `imageRepository` | The container registry to pull images from. If empty, `k8s.gcr.io` will be used by default. | string | No | @@ -519,7 +519,7 @@ Review the parameter documentation before you make changes to the kubeadm config ::: -Palette also supports Ubuntu Pro. Refer to the [Ubuntu Pro](ubuntu.md?22.04.x#ubuntupro) section below for more details. +Palette also supports Ubuntu Pro. Refer to the [Ubuntu Pro](#ubuntu-pro-1) section below for more details.
diff --git a/docs/docs-content/introduction/introduction.md b/docs/docs-content/introduction/introduction.md index fcb3b3eb41..98c99f5aeb 100644 --- a/docs/docs-content/introduction/introduction.md +++ b/docs/docs-content/introduction/introduction.md @@ -59,10 +59,9 @@ With Palette’s Cluster Profiles, teams can define full-stack clusters that inc Development teams will get the flexibility and freedom they are looking for to increase the speed of innovation, whether it is the cluster template with the add-on application services or choosing a Kubernetes version with integrations like logging, monitoring, and service mesh for your application development. They need not worry about Kubernetes configurations but focus on the stuff that matters. ### IT Operations and SREs - -Declarative management makes life easier for IT teams, with consistency, repeatability, and all the enterprise-grade controls and governance they need - especially when moving to production [Cluster Profiles](/glossary-all#clusterprofile) enable them to define and re-use full-stack clusters and support them across the entire lifecycle without having to write scripts, as well as integrate with existing tools and methodologies. - - + +Declarative management makes life easier for IT teams, with consistency, repeatability, and all the enterprise-grade controls and governance they need - especially when moving to production [Cluster Profiles](../profiles/cluster-profiles/cluster-profiles.md) enable them to define and re-use full-stack clusters and support them across the entire lifecycle without having to write scripts, as well as integrate with existing tools and methodologies. + ### IT Executives With an open and enterprise-grade platform, IT leaders can get peace of mind without being locked into proprietary orchestration technologies or one-size-fits-all solutions. This helps lower the total cost of ownership (TCO) and reduce operational risk. diff --git a/docs/docs-content/legal-licenses/compliance.md b/docs/docs-content/legal-licenses/compliance.md new file mode 100644 index 0000000000..db38dbc682 --- /dev/null +++ b/docs/docs-content/legal-licenses/compliance.md @@ -0,0 +1,57 @@ +--- +sidebar_label: "Compliance" +title: "Certification of Compliance" +description: "Certification of Compliance" +hide_table_of_contents: false +sidebar_position: 10 +tags: ["compliance", "soc2", "fips"] +--- + + + +## ISO 27001 + +![ISO 27001 logo](/legal-licenses_compliance_iso-27001.png "#width=300px") + +The International Organization for Standardization 27001 Standard (ISO 27001) is one of the leading international standards focused on information security. Spectro Cloud has obtained the ISO 27001 Certification and undergoes periodic audits to maintain this certification. ISO 27001 Certification provides assurances that Spectro Cloud is identifying and managing risks effectively, consistently, and measurably. + + +Below are some reasons why an ISO 27001 Certification is important: + +- Customer trust and confidence: Clients and partners often look for assurances that their sensitive information is handled securely. Achieving ISO 27001 certification can enhance customer trust and confidence, potentially leading to increased business opportunities. + +- Risk Management: By implementing ISO controls and measures, companies can mitigate these risks, protecting sensitive data from unauthorized access or disclosure. + +- Legal and regulatory compliance: Adhering to ISO 27001 demonstrates a commitment to information security, which can help organizations comply with various legal and regulatory requirements related to data protection and privacy. + +- Global recognition: ISO 27001 is globally recognized. This helps organizations communicate their commitment to information security across borders. + + +## SOC 2 Type II + +![soc2.png](/soc2.png "#width=180px") + +The American Institute of Certified Public Accountants (AICPA) Service Organization Controls (SOC) Attestation provides assurances over control environments. Spectro Cloud’s SOC 2 Type II audit report provides assurances of our organization’s security and availability. + +- SOC 2 audits are an important component in regulatory oversight, vendor management programs, internal governance, and risk management. + +- These reports help our users and their auditors understand the controls established at Spectro Cloud to support operations and compliance. + +- Spectro Cloud’s SOC 2 Type II report is available upon request for any customers or prospects with a signed non-disclosure agreement in place. + + +## FIPS 140-2 + + +![FIPS-Compliance](/docs_compliance_compliance_fips-logo.png "#width=180px") + +Spectro Cloud is validated against FIPS 140-2 with [Certificate number 4349](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4349) in compliance with the Cryptographic Module Validation Program (CMVP). + +Our Spectro Cloud Cryptographic Module is a general-purpose cryptographic library. The FIPS-enforced Palette VerteX edition incorporates the module in the Kubernetes Management Platform and the infrastructure components of target clusters to protect the sensitive information of regulated industries. Palette VerteX supports FIPS at the tenant level. For more information about the FIPS-enforced Palette edition, check out [Palette VerteX](vertex/vertex.md). + +The module is tested against these configurations: + +* Red Hat Enterprise Linux 8 on Dell PowerEdge R440 with Intel Xeon Silver 4214R _with and without_ PAA +* SUSE Linux Enterprise Server 15 on Dell PowerEdge R450 with Intel Xeon Silver 4309Y _with and without_ PAA +* Ubuntu 18.04 on Dell PowerEdge R450 with Intel Xeon Silver 4309Y _with and without_ PAA +* Ubuntu 20.04 on Dell PowerEdge R450 with Intel Xeon Silver 4309Y _with and without_ PAA diff --git a/docs/docs-content/legal-licenses/legal-licenses.md b/docs/docs-content/legal-licenses/legal-licenses.md index 61c029fde1..37e4f55106 100644 --- a/docs/docs-content/legal-licenses/legal-licenses.md +++ b/docs/docs-content/legal-licenses/legal-licenses.md @@ -1,8 +1,8 @@ --- -sidebar_label: "Legal & Acknowledgments" -title: "Legal & Acknowledgments" -description: "Review the legal and open source components used in Palette." -sidebar_position: 10 +sidebar_label: "Compliance & Legal" +title: "Compliance & Legal" +description: "Review legal, compliance, and open source components used in Palette." +sidebar_position: 0 hide_table_of_contents: false sidebar_custom_props: icon: "gavel" @@ -16,6 +16,7 @@ This section contains legal information and acknowledgments for Palette and Pale ## Resources - [About Us](https://www.spectrocloud.com/company) +- [Compliance](compliance.md) - [Open-Source Licenses](oss-licenses.md) - [Partners](https://www.spectrocloud.com/partners) - [Security Bulletins](../security/security-bulletins/security-bulletins.md) \ No newline at end of file diff --git a/docs/docs-content/legal-licenses/oss-licenses.md b/docs/docs-content/legal-licenses/oss-licenses.md index 68a046d41e..92984ecdbd 100644 --- a/docs/docs-content/legal-licenses/oss-licenses.md +++ b/docs/docs-content/legal-licenses/oss-licenses.md @@ -2,7 +2,7 @@ sidebar_label: "Open-source Licenses" title: "Open-source Licenses" description: "Review the open-source licenses tied to the libraries and modules currently in use by Palette." -sidebar_position: 10 +sidebar_position: 30 tags: ["legal", "licenses"] --- diff --git a/docs/docs-content/profiles/app-profiles/app-profile-output-vars.md b/docs/docs-content/profiles/app-profiles/app-profile-output-vars.md index 32228a6126..ae6c8b3fae 100644 --- a/docs/docs-content/profiles/app-profiles/app-profile-output-vars.md +++ b/docs/docs-content/profiles/app-profiles/app-profile-output-vars.md @@ -8,7 +8,7 @@ tags: ["devx", "app mode", "pde", "app profiles"] --- -Palette Dev Engine output variables are defined in the [app profile](/glossary-all#appprofile) and are only resolved at cluster deployment time. The output variables have the following properties: +Palette Dev Engine output variables are defined in the [app profile](../../glossary-all.md#app-profile) and are only resolved at cluster deployment time. The output variables have the following properties: * May be referenced by specifying them during app profile creation. @@ -75,7 +75,7 @@ Each database service exposes a set of output variables. To learn about each dat ## Resources -* [Palette System Macros](/registries-and-packs/pack-constraints#packmacros) +* [Palette System Macros](../../registries-and-packs/pack-constraints.md#pack-macros) -* [Palette User Macros](/clusters/cluster-management/macros#overview) +* [Palette User Macros](../../clusters/cluster-management/macros.md)
diff --git a/docs/docs-content/registries-and-packs/deploy-pack.md b/docs/docs-content/registries-and-packs/deploy-pack.md index 1235db0350..801e0fdf8f 100644 --- a/docs/docs-content/registries-and-packs/deploy-pack.md +++ b/docs/docs-content/registries-and-packs/deploy-pack.md @@ -920,7 +920,7 @@ cd /terraform/pack-tf ### Set Up the Spectro Cloud API Key -To get started with Terraform code, you need a Palette API key to authenticate and interact with the Palette API endpoint. To add a new API key, log in to Palette, click on the **User Menu** at the top right, and select **My API Keys**, as shown in the screenshot below. Visit the [Create API Key](https://docs.spectrocloud.com/user-management/authentication/api-key/create-api-key/) guide for more information. +To get started with Terraform code, you need a Palette API key to authenticate and interact with the Palette API endpoint. To add a new API key, log in to Palette, click on the **User Menu** at the top right, and select **My API Keys**, as shown in the screenshot below. Visit the [Create API Key](../user-management/authentication/api-key/create-api-key.md) guide for more information. ![Screenshot of generating an API key in Palette.](/tutorials/deploy-pack/registries-and-packs_deploy-pack_generate-api-key.png) @@ -1260,7 +1260,7 @@ Packs are the building blocks of cluster profiles, allowing you to customize you To learn more about packs in Palette, we encourage you to check out the reference resources below. -- [Custom OS Pack](add-custom-packs.md#add-a-custom-pack) +- [Custom OS Pack](../integrations/byoos.md) - [Add-on Packs](adding-add-on-packs.md) diff --git a/docs/docs-content/security/security.md b/docs/docs-content/security/security.md index 7b2fa45aee..ef8c81f4ae 100644 --- a/docs/docs-content/security/security.md +++ b/docs/docs-content/security/security.md @@ -28,7 +28,7 @@ Palette uses a micro services-based architecture, and we take steps to ensure ea ## Compliance & Standards -We believe adherence to industry standards and regulations is critical to maintaining the highest levels of security for our customers. We ensure our software complies with all relevant laws and regulations, and we continuously evaluate and update our compliance efforts to stay current with emerging regulations and requirements. To learn about our product certifications, check out the [Compliance](/compliance) reference. +We believe adherence to industry standards and regulations is critical to maintaining the highest levels of security for our customers. We ensure our software complies with all relevant laws and regulations, and we continuously evaluate and update our compliance efforts to stay current with emerging regulations and requirements. To learn about our product certifications, check out the [Compliance](../legal-licenses/compliance.md) reference.
diff --git a/docs/docs-content/troubleshooting/cluster-deployment.md b/docs/docs-content/troubleshooting/cluster-deployment.md index 6ac9a30ce6..135fd2b8f1 100644 --- a/docs/docs-content/troubleshooting/cluster-deployment.md +++ b/docs/docs-content/troubleshooting/cluster-deployment.md @@ -94,6 +94,66 @@ Common reasons for why a service may fail are: 6. Check stdout for errors. You can also open a support ticket. Visit our [support page](http://support.spectrocloud.io/). +## Deployment Violates Pod Security +Cluster deployment fails with the following message. + +``` +Error creating: pods is forbidden: violates PodSecurity "baseline:v": non-default capabilities … +``` + +This can happen when the cluster profile uses Kubernetes 1.25 or later and also includes packs that create pods that require elevated privileges. + +### Debug Steps + +To address this issue, you can change the Pod Security Standards of the namespace where the pod is being created. + +1. Log in to [Palette](https://console.spectrocloud.com). + +2. Navigate to the left **Main Menu** and click on **Profiles**. + +3. Select the profile you are using to deploy the cluster. Palette displays the profile stack and details. +4. Click on the pack layer in the profile stack that contains the pack configuration. + +5. In the pack's YAML file, add a subfield in the `pack` section called `namespaceLabels` if it does not already exist. + +6. In the `namespaceLabels` section, add a line with the name of your namespace as the key and add `pod-security.kubernetes.io/enforce=privileged,pod-security.kubernetes.io/enforce-version=v` as its value. Replace `` with the version of Kubernetes on your cluster and only include the major and minor version following the lowercase letter `v`. For example, `v1.25` and `v1.28`. +7. If a key matching your namespace already exists, add the labels to the value corresponding to that key. + +:::warning + +We recommend only applying the labels to namespaces where pods fail to be created. +If your pack creates multiple namespaces, and you are unsure which ones contain pods that need the elevated privileges, you can access the cluster with the kubectl CLI and use the `kubectl get pods` command. +This command lists pods and their namespaces so you can identify the pods that are failing at creation. + +For guidance in using the CLI, review [Access Cluster with CLI](../clusters/cluster-management/palette-webctl.md#access-cluster-with-cli). To learn more about kubectl pod commands, refer to the [Kubernetes](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#get) documentation. + +::: + +### Examples + +The following example shows a pack that creates a namespace called `"monitoring"`. In this example, the `monitoring` namespace does not have any pre-existing labels. +You need to add the `namespaceLabels` line as well as the corresponding key-value pair under it to apply the labels to the `monitoring` namespace. + +```yaml +pack: + namespace: "monitoring" + + namespaceLabels: + "monitoring": "pod-security.kubernetes.io/enforce=privileged,pod-security.kubernetes.io/enforce-version=v1.28" + +``` + +This second example is similar to the first one. However, in this example, the `monitoring` key already exists under `namespaceLabels`, with its original value being `"org=spectro,team=dev"`. Therefore, you add the labels to the existing value: + +```yaml +pack: + namespace: "monitoring" + + namespaceLabels: + "monitoring": "org=spectro,team=dev,pod-security.kubernetes.io/enforce=privileged,pod-security.kubernetes.io/enforce-version=v1.28" +``` + + ## Gateway Installer Registration Failures diff --git a/docs/docs-content/user-management/palette-rbac/palette-rbac.md b/docs/docs-content/user-management/palette-rbac/palette-rbac.md index 604650507f..bf3eff5dcd 100644 --- a/docs/docs-content/user-management/palette-rbac/palette-rbac.md +++ b/docs/docs-content/user-management/palette-rbac/palette-rbac.md @@ -109,7 +109,7 @@ Tenant is an isolated workspace within the Palette. `Users` and `Teams` with spe ### Project -The Global Project Scope holds a group of resources, in a logical grouping, to a specific project. The project acts as a namespace for resource management. Users and Teams with specific roles can be associated with the project, cluster, or cluster profile you create. Users are members of a tenant who are assigned [project scope roles](project-scope-roles-permissions.md#global-project-scope) that control their access within the platform. +The Global Project Scope holds a group of resources, in a logical grouping, to a specific project. The project acts as a namespace for resource management. Users and Teams with specific roles can be associated with the project, cluster, or cluster profile you create. Users are members of a tenant who are assigned [project scope roles](./project-scope-roles-permissions.md) that control their access within the platform.
## Palette Specific (Default) Roles: @@ -203,7 +203,7 @@ The Default (built-in) roles of Palette can be directly assigned to a user. The 1. Login to Palette console as `Tenant Admin`. -2. Select **Users and Teams** from the left **Main Menu** to list the [created users](../user-management.md#user-management). +2. Select **Users and Teams** from the left **Main Menu** to list the created users. 3. From the list of users **select the user** to be assigned with role to open the role addition wizard. @@ -261,7 +261,7 @@ Palette enables the users to have custom Roles. These custom roles can be create To create a custom role, login to the Palette console as `Tenant Admin`: -1. Go to **Roles** from the left ribbon menu +1.From the left **Main Menu**, click on **Tenant Settings** and select **Roles**. 2. Click **Create Role**, to open the `Add New Role` wizard @@ -292,7 +292,7 @@ To create a custom role, login to the Palette console as `Tenant Admin`: **Example:** -If the user is creating a role under the Tenant scope for API Key operations, select the `API Key Permissions` and then from the drop-down menu of that permission, check (tick) the required API operations listed under API Key permissions. Similarly, several permissions can be combined to create a **Custom Role**. [The created role can be assigned to an existing or new user.](/user-management#rolesandpermissions) +If the user is creating a role under the Tenant scope for API Key operations, select the `API Key Permissions` and then from the drop-down menu of that permission, check (tick) the required API operations listed under API Key permissions. Similarly, several permissions can be combined to create a **Custom Role**. The created role can be assigned to an existing or new user.

@@ -302,7 +302,7 @@ If the user is creating a role under the Tenant scope for API Key operations, se 1. Login to Palette console as `Tenant Admin`. -2. Select **Users and Teams** from the left ribbon menu to list the [created users](../user-management.md#user-management). +2. Select **Users and Teams** from the left ribbon menu to list the [created users](../user-management.md). 3. From the list of users **select the user** to be assigned with role to open the role addition wizard. diff --git a/docs/docs-content/user-management/user-management.md b/docs/docs-content/user-management/user-management.md index 61070ee354..6be6bcde1d 100644 --- a/docs/docs-content/user-management/user-management.md +++ b/docs/docs-content/user-management/user-management.md @@ -9,10 +9,6 @@ tags: ["user-management"] --- - - -# User Management - This section touches upon the initial login aspects for Tenant Admins and non-admin users and the RBAC setup within Palette. ## User Login diff --git a/docs/docs-content/vertex/install-palette-vertex/airgap/vmware-vsphere-airgap-instructions.md b/docs/docs-content/vertex/install-palette-vertex/airgap/vmware-vsphere-airgap-instructions.md index 0ee9c8ccb9..cb2bdf3e30 100644 --- a/docs/docs-content/vertex/install-palette-vertex/airgap/vmware-vsphere-airgap-instructions.md +++ b/docs/docs-content/vertex/install-palette-vertex/airgap/vmware-vsphere-airgap-instructions.md @@ -75,7 +75,7 @@ Carefully review the [prerequisites](#prerequisites) section before proceeding. - Palette CLI installed and available. Refer to the Palette CLI [Install](../../../palette-cli/install-palette-cli.md#download-and-setup) page for guidance. -- Review the required vSphere [permissions](../install-on-vmware/vmware-system-requirements.md). Ensure you have created the proper custom roles and zone tags. Zone tagging is required for dynamic storage allocation across fault domains when provisioning workloads that require persistent storage. Refer to [Zone Tagging](../install-on-vmware/install-on-vmware.md#vsphere-machine-configuration) for information. +- Review the required vSphere [permissions](../install-on-vmware/vmware-system-requirements.md). Ensure you have created the proper custom roles and zone tags. Zone tagging is required for dynamic storage allocation across fault domains when provisioning workloads that require persistent storage. Refer to [Zone Tagging](../install-on-vmware/vmware-system-requirements.md) for information.
diff --git a/docs/docs-content/vertex/system-management/enable-non-fips-settings/enable-non-fips-settings.md b/docs/docs-content/vertex/system-management/enable-non-fips-settings/enable-non-fips-settings.md index f3bc781139..c08065107f 100644 --- a/docs/docs-content/vertex/system-management/enable-non-fips-settings/enable-non-fips-settings.md +++ b/docs/docs-content/vertex/system-management/enable-non-fips-settings/enable-non-fips-settings.md @@ -10,7 +10,7 @@ tags: ["vertex", "non-fips"] -Palette VerteX is FIPS-enforced by default, incorporating the Spectro Cloud Cryptographic Module into the Kubernetes Management Platform and the infrastructure components of target clusters. To learn more about our cryptographic library, check out [FIPS 140-2 Certification](../../../compliance.md#fips-140-2). +Palette VerteX is FIPS-enforced by default, incorporating the Spectro Cloud Cryptographic Module into the Kubernetes Management Platform and the infrastructure components of target clusters. To learn more about our cryptographic library, check out [FIPS 140-2 Certification](../../../legal-licenses/compliance.md#fips-140-2). If desired, you can allow the consumption of certain non-FIPS functionality in Palette VerteX at the tenant level. **Platform Settings** at the tenant level provide toggles to allow non-FIPS-compliant add-on packs and non-FIPS features such as scans, backup, and restore. You can also allow importing clusters created external to Palette. @@ -26,6 +26,6 @@ If desired, you can allow the consumption of certain non-FIPS functionality in P - [Allow Cluster Import](../../system-management/enable-non-fips-settings/allow-cluster-import.md) -- [Spectro Cloud FIPS 140-2 Certification](../../../compliance.md#fips-140-2) +- [Spectro Cloud FIPS 140-2 Certification](../../../legal-licenses/compliance.md#fips-140-2) diff --git a/docs/docs-content/workspace/workload-features.md b/docs/docs-content/workspace/workload-features.md index 846691fb15..b7d48a494d 100644 --- a/docs/docs-content/workspace/workload-features.md +++ b/docs/docs-content/workspace/workload-features.md @@ -416,7 +416,7 @@ Palette enables the users to limit resource usage within the workspace optionall ## To set your Resource Quota: -1. During [Step: 3 Associate Namespaces](adding-a-new-workspace#3-associate-namespaces) of Namespace creation, **Workspace Quota** can be set by giving the **Maximum CPU** and **Maximum Memory**. Then, all the clusters launched within the Namespace can use the set Quota. +1. During [Step: 3 Associate Namespaces](./adding-a-new-workspace.md#create-your-workspace) of Namespace creation, **Workspace Quota** can be set by giving the **Maximum CPU** and **Maximum Memory**. Then, all the clusters launched within the Namespace can use the set Quota. 2. Namespace Quota can be set for an already deployed workspace as: @@ -552,7 +552,7 @@ Palette users can restrict a few container images from getting deployed into a s To restrict a container image for a particular namespace within the workspace: -1. During [Step: 4 Settings](adding-a-new-workspace.md#4-settings) of workspace creation, select the **Container Images** tab from the left ribbon. +1. During [Step: 4 Settings](adding-a-new-workspace.md#create-your-workspace) of workspace creation, select the **Container Images** tab from the left ribbon. 2. Click on **+ Add New Container Image** and provide the **Namespace** and **Restricted Images**. Multiple images can be restricted within a namespace by separating them with commas. diff --git a/docusaurus.config.js b/docusaurus.config.js index efad1dcdb6..175672eef0 100644 --- a/docusaurus.config.js +++ b/docusaurus.config.js @@ -25,6 +25,7 @@ const config = { // Usually your repo name. onBrokenLinks: "throw", + onBrokenAnchors: "throw", onBrokenMarkdownLinks: "throw", // Even if you don't use internalization, you can use this field to set useful // metadata like html lang. For example, if your site is Chinese, you may want diff --git a/redirects.js b/redirects.js index 931115e11d..d27336117d 100644 --- a/redirects.js +++ b/redirects.js @@ -338,6 +338,10 @@ const redirects = [ { from: `/enterprise-version/ssl-certificate-management`, to: `/enterprise-version/system-management/ssl-certificate-management` + }, + { + from: `/compliance`, + to: `/legal-licenses/compliance` } ]; diff --git a/src/components/IconMapper/dynamicFontAwesomeImports.js b/src/components/IconMapper/dynamicFontAwesomeImports.js index e3e762977c..1a53dbda4b 100644 --- a/src/components/IconMapper/dynamicFontAwesomeImports.js +++ b/src/components/IconMapper/dynamicFontAwesomeImports.js @@ -6,7 +6,6 @@ import { faDatabase } from '@fortawesome/free-solid-svg-icons'; import { faHdd } from '@fortawesome/free-solid-svg-icons'; import { faCloudArrowDown } from '@fortawesome/free-solid-svg-icons'; import { faServer } from '@fortawesome/free-solid-svg-icons'; -import { faUserShield } from '@fortawesome/free-solid-svg-icons'; import { faUsers } from '@fortawesome/free-solid-svg-icons'; import { faWarehouse } from '@fortawesome/free-solid-svg-icons'; import { faBook } from '@fortawesome/free-solid-svg-icons'; @@ -27,7 +26,6 @@ export const fontAwesomeIcons = { "hdd": faHdd, "cloud-arrow-down": faCloudArrowDown, "server": faServer, - "user-shield": faUserShield, "users": faUsers, "warehouse": faWarehouse, "book": faBook, diff --git a/static/assets/docs/images/legal-licenses_compliance_iso-27001.png b/static/assets/docs/images/legal-licenses_compliance_iso-27001.png new file mode 100644 index 0000000000000000000000000000000000000000..41a0a08a27bbe4a865f423859d7e631d61ab8984 GIT binary patch literal 19110 zcmeEui8qvQ__wh{_C$q{w4jEHu{KN;$~GBfmxPQxYZ#`ol(p5qj4;O7m$8N-WG7=L zV^3LTFv>D^@8kRXy??}e&f7Uo=kPrDecji7eXi?%Uc-%ac{oKlnV6V(?&{q(VPayz zF)=Z};y4EU29-v}1OFZO*0c0wV&W1w`T_lz2-{;~I>&VP_AS#O%JPJ|=heH-64Ru( zQ-k`_)~E7?&T4aE6apU~U;i`sCYK%a!X14W zjy1BCG4n)8g@2jCCsL=_FC1fRI=nUen7GwGE1?N&^Z)<-e-8XV%z^Z^+I>$3d4Hv+ zY{(h`}$A1-9V=#>+~vP%N$^b(mB>%+IMFL(>4l*S`>t{f8N|si7Xe<@jzJv zf4&kRCcN*l>T|H2%0l&kqt@d=OiY5mQNf;_=pDrym}bI$!nGaMTQJliihb%D6BBIi z`TFpag|I;Kj0?k2$G9;L6V+1o7lI_!a25g!vLQL1mLMK!OMXgX+VSIQ;WHat;t$?s zB~rpegh!x+2qOE`O<);M5Tr7pS|60FG2`=XiZK|tkHk%i>fB2w<>6O>bC#psU?CjV zr4jf0limoYV?&U;P(zw_0X{=?e^doq7}m9R8T6F19rP|E+*4OSI>9-?GFrr%KC1L|Ov+E9BMu$KxW{oLZL$(d*gwGS6t|l9Sg1*qgcQVdr_n1nGFfl#!ZHP2U$f{QT)4l5e_p@J4_hjroZ2rw0C-6iMZ z$H!bEY8SoIenGI5qNA0993skT=9g!t`kHLJ2j6zoGfxYGHuh>Y+wB||{GI>|8{zo6 z;CydchIJ&tf#$IgmQS}PR)0Rg_~VAo8-ZKO+ICTADm{!kTbBD$IhdH-tnRonK4 z1up!nGHieMNRlyo3SyXBqD{^*s(9d9)-u1h8yrfixIc5*MG6q@AMYJCzm_3P;gdm+ zGocdTl3kQxZVvFY9n0!(NpAyK$%|)g%@ww~B>+cABJgybb+vd-B_aJC6)Uw189V?} z1M+;S(;+;Rf{JViAVP{Zbu8tR){uYd$z`b8V=<&+kaDpQs*EZcrnJfUc96txGZlWY zi91O6IWTVUKq(jqVyoJ|kjc`>5Q>hT^`->WsEL>0bR`*Oc9&5(zgS_cLg!bC{(Q*p zA_-6&OqQwfDjBO(WGhR`ZaUaQ3_J|r)EsvD?fqSi*pa=cfww*lw~s_TtU4H3TL}%d z{Jqt-mdSUPi6mqs5iBUw;KuphW7qfp9^nJe@qv>Oot<6wYjX;j$TAD1arD3j|5Xw# zQL|}(H86VWlzQt%Lde&5;}*_@mYB%Dwuv&y25)?D3jm z!6hr2;Xz@A8rhmRHBINMXruK$A*N#9$^&>!4b5QludJnrV0%%m2a1EXy0_T9Uj8t> z>bmq~=8Zp&g&dnTNyd^4|2Cb{2<8YM@CVaoXjY_#M~LLbk(m~#@bwWDzuT>}kX#=c zPsg~~6yn7i3j^&8zLNGBE7E%<)~_AjyBl7w_73DU z$NmLw*hO23!nK21j&-X9xwVZJ4;mS5{^{KKehg#YPSO{S}Cl45|B+teVcaU!;gHNNeUC=+|ri160z8sf)d zY8`t%?VP2Hg%G@;#rSy9DujQMV3x#_n~Z98m~F=HPE;(qh{j&@#~mC07udde4)ydB z#;5MJYmm+l6Aqp=WUzHB-Trc92wWU-ldtIbIcDnTOpz5!_YwcYANLW#qOH@k!IJwT zFMf}uFn0ZS{yL?360nGhoa!*fu>Gd0gh=!Y*^?aEfxJ?Sb?m95l9(hVJoQ<7lHX{c zpTYgCBuKUwIDD*aP^Q&T>x__|0v9fPXS+6oFTU*~yBU<&V-f6@`qRO%G6bG=i_m+* z4CFsbz-K)uwuD61INkFiFV=}^t@?1<9AWYo~0YV1Wx3@0vO=h&y{gKs=PZKI_4Nxt>$e>Bs8 zoqG=)SZ3A<9F|amHohP!Njr=-;icc!-_mako@LFAvl|9^cyR!!MmRc z2BE)iz3hkLK5&+9XB9CcjmAz-H2U1nKnkv{aV#!6ew?I z!$G_l`oC+ux>}R;ccOv4o*S;Av8LP0%n|(G=mA5NH!rOs@tTWj0F>Oaw=TMQu!aEw3+c} zywAe(7UnyOHXf?8;urEbaaoq|I5)Nl>;|q(+fLcwPi8LvN#Hr^&)$OnGkm6hl`2Uoj#7Mr!RZF zK1);V3?>@yre}pmzeNDFj;JVJG_9-n6GtDsKS&7znYkRhz+L#hOqVA&e}4832oQF> zHuQ%ZmvX8n_+&Qcyt+T1Y(?AE{hIU4_GAHi$ye6v z<9(rSsREn>9JmA%olaI$1S-dwxSr$l*!LHcW&EJhA#eL7emH~|!dZ*|-9eSemOwpU zxuw?2YHB_3rOtbYD3f9Y_h+=xJL@^b=jaDFI;J=xkaVl&mnzX?t*2G6c3BUt-E zt3FRunvM~NpdMnRTumZn^GHvytrbNyI1$T#Qeun0}Z2U(Sl2hLA+;3^!U&mfA zaU6F=zL-rRVmLZ!kzj0w_7HZ+{N?3pkr*tZe$V>L!h9*!^-x61MTYa~J(83xU@*MH zp}U+s60~hr)6SZHThNG=X~Zzrl_0@5>9NB=uzg2fNv9ts%*qxpqA+K$cOtGem`b^8 zU;N5Ov=ND(pGvh#xz69ezskfD`RZvIN8?+gJYL3kcB%W!)W;(_MX9Q)!IIi9i$uf>%V+jF zf@^^j5+K#)An7)p+^hx0+D0Aztxx3bA8f=7H5YB`>9NYp+{JX&c#QM<=U}=8O5(fT zkf$Od!lZQ(f(c7iz%(DCic)@v>S*Dk2W{e~`I=fs76$!GsEp3J7(c-Fku4o?qgxx# z4%0YvYvo(mI z+sWv;1gvSb3LS19h$H%3*q{XyNrhkc6J$S=BB!-Hk1?7;O5{dnct-}P4wOeQ)b4(E zSeRbuBquKa=4!1w*t$ph!g-9*TB?}R>6@%XNtR1|sm0o;AIwhGNlD1>lh!1u+-0; zaxHI?C$-ty@Z=;t3s1nJ!kRyLQ?8_#3k6Cj4XyISMH8nE7w2bHQ^L|ZPBRysznc%? zgifD!|FH5dBYQLd6ujq2V%|isYnLpMnOZk*PIVI4)V}DdH$m5cK5R3chI7cUlFOT` z1FXDzG>TFcKLjtuZiW7|8Lj3-hv7Jfb3GCpxROW3zz_T^!i>4 zUF(nCSnm_S=YX3IViO;0NHk9{Air3N%z0`LTH^Pn!0Q@p#0ryyPf>ra5At)`M+r*e z@f!hLg)~)Ai%0M{IK{Jxvkbk10_COf8@07m@Zo(Y7OeCgWxobbjdcXX5X!8_pX$Ie ze<|E74SQ?=1Aoq}`84p>H4>`pRY2UF2wxX5Ni34}Bl=0X(_IA&*ocWU>x+({JZp#B zgvEI_)Abz97P2 zf~Ixf;91#h?6_~Wqh4Rj>d^eLp~4Mj#A^eX#}%|6Z97@Q>&gaTaCjY)f`On#nb?i7 z&w2G_nK#v0i3iz^FZu;RgqxYi99T_H!G)yod~duQnI9K4ndoyA+R7@KLyhK{V$nNx zOp61Wwb^`<86-h%0eCDQ?l>vLW8vVvvs3QbN`Z?D@EN;(EqXZh`TAw!3(5c%kygIj88%dAysp+^}JkxjOd&d^X) zRvh4oC|P!r#VAD#w=AV|o}1vzEkd;wqOD%x5&9OXhG`{E31IT~CZ>y+owIC2Gd+eX zC(g!nH<`rV`NV=-DwBSQ9oQk#1~Ox$)BHv?<{maBqt(ogWEtWAgyR%ER%IYrVq(l> zC_~Y@r`ou{(8S{R_B4=Y9^=k3F|p9i@Ay$FIZd_Oxi zH7qv$fn+o!7};aR-Oh61RKpY4K_if#GdJr`!|(nQ5tusfuqL;o04-ptjUs+-bzKV{ zzE%?F!A{H$)5z3zKI~4-Ib)J|uZbC%!?$M|-vT!CHM}2(8{lwC^PT<;oH$_b?6BZn zEByWiOcJWe!$aOngUe0VajaXh7z#D0H%7iOyq~A960f-@q(upU@wCSU3&M5;jo6Pg zhbwqG(5k9=buz>4!=oL)sbdKIv40eG8CIg}1P(TG11`8K z^8B<`>e?><=Q_zuy)EYYdIiCZbRb*Dfog~aRktY3DaWoSFtM&-~6fGvKZ%62Je?;f)M2%S4`Z&3hQegS#PBbj^he7+IAl^ z@cC*xY{W|S8#UE7k(9x$iwy^g0;bXKT)q>#>uYXzNOjJqj5dC`Lof%)hkt$P%zCw1 z;oCm$`F0@4uv@w8r+|Y-lY|scAHLqlIbPGMDUY*B9|Q56IEC70&KjqdRRrNZjbzW& zRGp@4?}Py;Vp#iTIz69(kj_;BTXM8c??PUyavfsMjjFu-e^(XD>#6lt1`BlA94~nYLr_4H* zh7OL4phSN=odw7xtnq{q@q2czNg0~zUA9A+9v2e*XHxRVYS!Q!h)~R%MIY#FWTT&E zrowZiB$q2cc1mEn2(Ny)B@Pj1ca?6C-~Ob8zh7+g@aJj9zdScQ`)BH)=P)bi+q#O= zOUM34dO#JWOW|{^NlLBE`GB?f;p0F59BpNOxoa8aHp&YI`Tu&{lRThSw*6B;tBTX-Mo<5nU~M$BL%a zvMa@fPE1D`zZcR$HmsW4lstenjYc_A-~Gukp=$vS$y67zQ~sxNS0;wL@A|(K{Ob3# zelZXseKoT{gfK93RuH}$@F?S-%7ZL=J^>sx>^1CZ?6`SOtTGT;2{kUl`@ikz>#luw z0-nw18>a%c1(b1O@57{r*Rzj#IjX~(&@P=SbAoa%n(`;@ZiT(Kk(nhMQ7(H(uBxfY zkUo*-W;R({ShQ%T`#4do)wSW>&`_+`{xC<4D7*j+M6y85eWz?~6(M-7x9R*}&o#dC zpplIm1yWcJUN;I5r#*JuR}{F;F6y+i60r%DjTabZ!y(%^*X0F4sdR8iLDuAzUFWrP zW8cN~)46bFZC+URnKgM$ERJ{u4b}^ZF*{X1<`ihCf%>Dy6ec!V(ebVLm zT)60~{qJStqTKS;jE(N}o_S>bi7oyTcY%bCTg!50@WIptuLi3?tB_ls$k-?kR${8? z-<&f)fONG7oWY4p7cqpo*SM(OX+ypqQ0x75U28_XIuf#8s5bfzsBAAWgq=SP4YSEo zqt4&!;*@G9XL=$j;|(m-z4*M2hFGqvL-^%V91J8I=z@1N#M z;?9cE3><&iZHayJ4sG>A37MWcs)vB3dLz9o?9+;wOi;KwYrh^QkbgZ|L_9#>5L9no zdlD#AtFqLT=No9mABu9x6Ti-pQX9Tm-2;tOY-)KiBPGRz$3$=52o@o|Ah8qg2FsT2 z;=?9%E*V_zukPHh9@((IavayQ%wkz$d!Pih0m|gwLzSsDQc$>lC0lFj@CkW>K#g+c zAAmn6D%RC6a^RfeD!rQcr!Td2g)uBnbI);qdCgFtC~K%b*kq=<4#{H8ocieMDnMD^ z_DBao_RH268aH9xe;jh+luhDSsGh?GkeS1U81Y*ZIDq*3(mgEnd{?KRC{ zC1sQl$`0}QKW6H7h)u9yZjK2Kz&tD-L%#i>hun=}zj*e(!F_K0Z?MbwOVec`xY@E3 z3bb+dyu_v8{p2)q*uB;A24zC+I#7`2?!KEIcXeMls_NTI^}&!l>`$vp8)>~4#uf!{ z{#p@#d@LGG-M(EvH^~AqI9>W|*{O&n>iy@MT3foo2@oVSP)1EauKkS_IqW#Fga{}$ z+rG2UjL=kE4;_8l0mUus8hWx4Z;~&2RX>qYZrzk0LSK7Ylp3`flHC5Xo9#^q47y(y zemHRG`>x~u$eAUje4`@}VM>stiT8ZSY1()7zTOWb;YB4ozUB5Jo=abc}GeW)o{KW2Q# z%)QMEy)6!JkZ!5o8qrbiyt?mx!Pz`Fro|seMWOL0U-~D03ggCmNLd>`4;)(c88z2& z$P)m>v&R)OcS$_+jA_JeSYMux1!TO9^6e}itt}$qm-@ACNM9#)B&;Z@>RfIlPdl zj*QR;GD_Wvg4UgZ&{kx#ko9|ys$X@MMSG^bgo_x8qb00w%g$uE|6!Aia0KxzDT`u$ zDHbjA!nKlFFI(+;2RjRplV+CYd}#BVHqh*RguPc5`ndSRsw4(0?Y#z{Ly;M^TM8W? z?4meka)#50;xw*gK5-r6DlXjagrqAdkFM*uf~6qf02!Cf;&GQo>Hn;?6*}KK^EBF! zVn3eHVkJ81lJt4bGE*yaX*Ge5IY%_G4)N39@x`%;Ny5;+E0{Sr)8el8&NU|{emH=X zsKd=qXqhY@E=mU;)w-#iP5JD+ApgRLNc5{`FOX(}g%Oab3Y4+!*&cS{{t7rl-OZ~S zz(%N4Eu@iS40%dHG+Cya=jQOT{zz8 z4TDDdo@+bSb2axGkmxsbcOc~C5Lu8-cc5s+imTesQf`6#cP^fHqkcgziYP$F_5IJ9{Tw)*J~q>_4wxiQ{qA|ru;S~OIa8)Z z^OQ@fzAO&_F1dKZmX*c^aV-Vv|7~;TmaXF-0Fh1*K2?+WoX_DmzYY)3AN-$LfID9O zt)Pt?`RW7dLw~+1>{1{{;yPS2s4zwzi~Qpbe$Oz~0F4km0oVBv00R6ze7(8#jF}q7 zNHTMp9LN;n)1QcA18|-ISCT_k<>&w1Go$rc3qGU>-Owj|>PbANZJwdNK0~?lVUPa_O} z26iEMCzqJl41Xyn#OXXK1o`(5NX6Ytr8d4ptIe*-CJ%bx<5Yg^#F;1-_=s= zJij+8($g&orZAHDP^!*;I6MdKG@|3 z`M0P$Tc*}FzdS$sBo-(oOO-HDn3UgHo^HZN60l56h;&&IL53DXFw|c3S!U$&WI?wL z9}l3jZX~uh&3pxXg$2xj?5Ic6~X>j#aI=rptWDNYhtJDPp4>Dh{?&$CyLM}q(q zpV&_Kb=xzLXB&vPdBir9y60Nz9O}W7u}AwLNI_w9ewlUDEvQy~$xDX~o(D&#r*m|@ z=(*?)u1b(fMrK+c$H`2&tpKto8cY@yHoF_zw)Nd@kv*K5+M^vNg}gKX2zxNLYJ;!v z_#erz1wIxEm6$Yv#q%tsQ1v<6mt004Oza@WdWv@QR?Xskj=T}M0_`+spB)P^{!wf}k3RLw8AEO7@GwMDs`ECbmB+SpsxL*<2{LBs7 z+-tdFsr+VW=X6JA?TigHyXwfiyP|C;HZ5fmoL2tSBmv+)+Uj3ODJ}226TTLmHWXsl z)!@`o)H?40TYhT8yhP^TrG*7b*jSNGmD}z zHMe$J*AI`Js)Ob4Kg`07G*Mo$K!VVV=ATSjjd>k8XX#UvnerCv(o?9jf-wMLSy#S!HK zk7!mRJ(a3|Z$xo&kp($hG2T{yy|3LhvtF?hDgcOcMB_Ieh0;cU&#$}tLRhAYH0qgm z%e3XemQqc|C=zD4J*l5TZ5%BC%(r--d=I`nQ6#=kHj3{T9&ZZLltW5Gy^#?ap ztvGzGfiJsKOl&L|um@qm2G7*Hx`mSz9d+%8b)KqgK@%_LyunfH6bL3N+gci5=Zcs$agBT7M4HF*btTxl#KBGUa<_`J|tA zd7bz!?e9~b3NJF*dhV9#gRkV{w%y+swX^R(1C-Ri*gN)(>3pZT3&n=2lwlsCaU5ru zc@n$BiJMqCv2D5m-TQ*oDY2v0#C3Uw4;w+DkkcnFMhq7;4|f1gVWgt@GFwU!%7BLmBlCMZcMK<{Iq3U>1p-`@;VyJN8%2Lb!jv=~y zua?kT6Y^*Hl)jq#ocIUY)7((}&fJLINw_9Alhch6<$3>}-WxB>8p)4Sm~DE~%i9fn zW~v9&od2U8wXQfyx91*ZS+{^Q`g+N9;uM{AMK-HT2*y`=`pK9G1+Aq!E zdFpW;@uNOKx#nK=QGe8&ct&sJ%sA2~Z$R>ogF+7At+typ22AZiklcZ9ruI2ASgPll z8Cfb1(N0C!eqjtcAddans`nq|A~W|0yg!s4D^K0}w9%p;D8PYxJJ1fiOL&=q-I=TL zOigXmzMG4kvRB-M^&Rd7XCS?7|D!oCxgp?L6v1E&86>A7avnqKDZ+d0yt#zwppyZ9 z6XFsDg2Ua!)kvrQ2paJrB9Gd6{>8YQ4@(*4PG6&sZF`>NF$59fc6~W|nUST8m{9DF z$SW^-_ z;0MxA;DvWl4wb)dz7}n%zh`;Xwb1AUh_HP2+Qaty?X>8+uKp0wiCZ5Ei~$)9haO!iE`nm$7KNta8+D>?I9KzIMx>oSM6NMAZGQ zv|hh>(e}4bn{<*bj4xr5AZn-73`}gwj{1%N1W4RbLuKV724+8FC9@=*^m0+}G)h;jAX z4O=;BG#qjQUZr+AAw2_dOG&%#$|He7Ilolg-dNlK60AZsm6f@xQ5TLH=E7Q5)Q+bO zB~F66-TUfkAs?(^%c8`8K#uWS?HS1b3xV+0zeiB<7h$RitTgceW_ZF#!X)B99pDaq zGS5Hw!^7$6Q?lG|t4!ZMAgjStozE?7cJKrG#R$MJjfhAqS=|FLml@DA{*%ca5wYqpfMYbSK9*oeOd(i?65M+%-;delI5 zM973w_k!!k_)&d`Kik}dR#U3`V>-f6ncWqH>)N{k z(a;t-apM{L_l9%tuVSc>)L)^`zRRQ>rC^-8Ft5b6KMD;AF{Op?!J~Q^@ngDo)&4=- zC=Nh-%P2OVB+G@H{R0ry1&&FP!$c7ZPBsO2{LO%;xIT}fH$`>*p6^B^0O}1^!7wv@ zDS>~iE&X~(3sVlNzP{(~vD#GXW&1mRWHaD6E|(dJ{m%|SOct+Y4LWL*pYec{_R^y~ zoW${OLJGG+mdc&_ZnRPT5ywqE1py`lLuKeCpe4iRWfW^bN7epj4hD{YG@thH#q^0O zE`N$+ONhmKeBtC#R=_OF#PnwyF!f5jH^A_;{d%CL`EQNS`?FyT$71Tr_lLnZC0sWb zxZI31%e0%;Jh+a!44h0bP-$dhf+IQ2+(Fsw8p=iff7%5gCTV+VXF=?ru#$f37JDjf zH@wmOA4*UBUJD;?Q|l-|9?iYocvvJ1ByCbleZWkhd&<4$|JG#seF6@&s00O9vcuQE z0!0!)Ua=l-?240w@ITPTHU|CSW z8koLh+?h1+{}DFsIk(+adljICO-VqGFJrcxE@`^K8##PQ`h$7vGlliQsO38Rz*cCe z8+yWc$6I1g%z0Iq+}wYgz>^d_fI!*HtN^ps3qIfKQ8%&ZsE{U)d` zax_yq(vB|I5Js4r8W?V~8ipTb>^*QH_4Lmb{tZf|(GxF8XW?U72ZHe-@h%{O{g>Sv z1FBWC*4eOm^P@!RuZesps`B@!}W|&_=tm96)huz2d0^ zD0%0s8>iIS(lTGqvMI0Rdi4+FieYfR&W$enm&>nJur=%<}A z9&xcUBp-N}+8%^=u1Lzx1Zt20pURA!_qLi~;oX?h?+GlHGn@lmC>F|;$uLKR0^`9S zu3|bogXS^-b3{7NRO>tD$W9KU`o4!ad^F~1KM@~c0dF+*$yhn#n;3%%u+=DIaCVKb zG`9u*V1Oh<#I!ZvV+j%Zp&ha8#1nLIz;6+_`V>nkt)n5TXO-UClKoG7aDx%>Orv+` zlux|j#^=RaqwO2uCT*X5;r^!5Oab3&-8oKNJPlb!3u&xnYbI(8&t(PosZ?wfXcw%9 zF&Zjjn)OR=#cw=Ho4W#VXZs1N&W>ez;h5usB~O4O_ z*-2tSCLe1v>AA#8^gl+dffQUcYAXU$P1ZDgtyyX}(N?wl(+tEj`sJHt>9O*Ls=*J! zGqX-{?)kD3lk)~dZtzL&+Rlq-xk;mt6D%A58lvw^*+4RL=d{fFj!=`~7$cdUAZ(jC z3)1?H#iP*(bOX?rY811Xsmi1x?LVI`?AjNum~*>IIu*+2>ubPpx6xIddEz|bPf@($ zK=Hnbf*BG#Gq|<&_QUcE8s3QLXogSFSK8EmENB$`omC8=u72TKc(eaK4zLwZL&V~i zjVRWd7Z*P@Y9Mr%jp)x##1hc?a_xmY$H@NChKGi*%xw|3G>ZD{eo<-LBdYJ`6}1vI zv?H0EHxoobi&(dKtov1gHhiALPB43=v2|658v>ae#7t@>=erCloex(bGs>m-2w0kp zSmW<}G3JzR!!gVbBeWaqJ!@4~f&FBrf79#HOb|Zc$yJO}KRo5?ma!PTMX+K#+UXm9 z*(hKsu&k?fksM{Voc1PUsu>`B?kTk2^xG|1=89Kb!m+FT(tt47h(DnZ`=O%qho7mj zQcbajYkf}DK_z61&}XeTGFjq>V=q66?qEi)g=9N-7o)qEZavPrPaOVa-M!xQ%0T!C zk`pBVLRDmwf!gi!UvGo;W>%sA3vzg8?Oo9lIWR&(BNQ9$u0BT!j&D!Cbd@prsLB}o zB$`xqYd=8jPQgyUSvm~nwDTr7<;k~oFzfIIn&Ir_{r*pGN7{29BOb#M48$r~O#eyv zeAd4dZ2aH+VTE&~Tgh!%ac-YG(y;Y%swPv4eL+i8_d_x#Lp=?}v>a>I($p{=&cZ)Y zFKK#IS3PN-kD=Okrrf7&R@gWJKKq{pL2ir`M!Y@wU$71zTZdwd7ZTW3#DsL8S{PtS#XHW22`9d>x zSh>{5=qUOd2J;xT)P6!Y_`%FB+=VS)N@`bB+f{r6ML z(3TmgqC1PoOdM`5NZq^z_A!2ZhWygWvk^G+B@`^VQrzZk9;&h<3*C@_7SS4`U{~8G z5$=y=n?H7FM==swS&)9!VcRkzzJ0Jo0k~-R;j6;tHCAG@S?T>~(BeCl1vpVM&i3HYqrV9&C2X`>uPZGx)alPEl?-rdyki6(rq?`JBFz9<5h&y+EK zZ?2dng;9dKO%}AdRaM>FplQZ^;>0@X=!O>F60BtO^$YGDK_y7zI~6^xSE zZa5!N2Vp6ei!0*59Wpczs>pO^tAx&s`1l5P?G>|Y^W%x&(W!9WCpnUeBX1pHO~s-H z)<1P%ws&EDPrCmoW)C?G2LIS<7%BL?;>AooPbQ{>glD5EA_u_%f_*~pSu$zf&10qJ z)YWcjB=pR1kT*j1M1STB#7M@D1h}?*d zvL^q0wfbR;(k+RxQxmhlluA{1fh~)hw8S$dtDR)=lN>Rh2Pm2yD(`RS52&lX`-poB#>n~fe|~%d?wEN61(<>u zTz)yTGizW7;eUA5-~8Be=~&;*h;ysJZI(ZwOY!;duVx68S8=;N~%dXGI8m~NMIp) z$5venK2hAV9N1`@BNd0c+Kk!@!w7%pdn6Kr9ROMF?|tuF-kDr-k7J7#m*JV4;-{J& z&bq5hVdf+fJ|SLq%PawEA`JJfJM9U^*pYaQ6=XI2XaXRDo%^#vr^eWWJH?N3k@~0g zt;QgycC+4j{(0{JbgLUFD~G_=W5F>Zm+VFKjdnLb#*m<%>{S9ove7(5;V6|&!z49+yr_=ob2_joKpynbgM%YoA_ z*qIZAx3~>I2q(KHrCtP7OM>>|))`xmoqG7&+O{E!(ZIjTqM5(Sm!Th7iE*O0>*L%F zhsv+y`&cb;AUj*G+qtTuF26uGyhDqm$2|C6rPSc;hjr`<+1t^9(?8|9SWa}#)nSi? zdTIke%o(`XOQc`Gi%+;aMfh#f=^Iw_-yiM2^c_Z^*oasAd-joP#=qi+Z|J-ri^Juo zh9r9!GMG{+Ob0$H=_%h6w^bvJ_OP$PX8=F`G|fbuHh!jYG6>M=t+<4UoeUOgZAkyi z`$WjG5Bn?d)4W>wQzK2I7G7gf1pt87-*u-oK!)zZ1tPfOA9Mq-ioX~LGC31)^|!dU zl@dnI;;QRM0Bo{UuaMny%nnB!BVv)e{$-Y0uqMB&Q0MFV&+oEOZ7-a?S@MskQ#?zw z1V9%q36@Z-S8-v(9n;K6jc`ZB+ZS#!fG7!!6}bMcpCXIsK61X9#EB^4#tjKe$|Svm z_N|L2_LypxT3)ff2lJp7|J*WZ{-KSWNKz=c#uhX;wX4FQFZc^2T7El9S%;w(Jx!^0 zobTGjL;1GDFN+?>nK|NXd@tCt8T?28P8e4m`?n-e-{kXJctsw>&T+^nl9dK`WDqMn zdJ0*Pjw!pV^&bV{vjpdES*5PPTYnw8mLKBpkL|BOMuW)cYhiYex&0#+Hu^FKkj%e+0X5C@07zyuIu{MP*PAl#6L#Pato~F`!Ggk z9LTy#5h%Cplc^d#vu2rW#8z#pwIM7e)Z;d8daM??`U&LVNW0HQya3ET)AprxmA~k? zbIM`lc9lC~t;7_b*#pClppBfm5SV-L95EB}*MEnvwBq%^>_zoZ$IKfDKkwcX@bv!n zF>ia(9bo*>^z_*>sf_nf113 ziizXmVhS@gm>KC#|C=Anys?{L6gyt_i9F8C=pfiR_KBTeOZ?Q|gd*F32!+sp2L>nL zcfqF1@evVsLonxQw!?x>c=1nTcBX*;o#2Sc@N%OGzAi26+jFQOphdpbj;M_0-iL|( zrR+wPm}T8)w4act+&wAkk>2?JX&>3bdhp&~n`|U&U@4k%s#Lo%FApt}Eu0#@&t=s% zyJX#O^K#X7Wr!kvdEGXzfKd%p&&){P91k{{k*4N)nsVd7#`B7HG)09%c=(1NP8I?f zQ8c~++Ia5M%$sHk;UI;^L+FvJQz7mYiKVQm+92ccn`1}GaGUJ6Ya(Wo0K9~){Epf4Zt3xI&12T9Htb&&7ShT3c&V> zpE8aeu(DW#m^X#FU+~5HmMk`_I?Ydxg9tu&uL+kl2UvU}Yj)Vfi_ia9*)nEDhJ?cg zd|qF>+05=b@e#1<2(fcB9rcete!ajm9d%4QVHi~_0vBy5ikxgY%DE|j#QC$DWU?zN z_@RN<3xe)r*~verU6yTUai|5qlwUSQ&g_a{$JDwBl|YyWZ_u#D$+;(MiYR(L`0_(j z?@*lRD7ST+!CuIU$cwvaGg}Khm)Bb5n2{YIa8=38B))ktPZZ4{Qbxon=N7-6OD~Ie z4Uj)at3^szFre*(ogk)-25m)|5|2QK$i*dOP3$O6~eW( zja9-q1i3$x+TfL$S&=HHswCykK3sdvWQ*azLt7q_IX7Y~V+7!!j*>vO$=_WQG`utk z+uu9)8A=i57-k2C$GZ+YUNcjjOfUDD%7FZvK>pn!Fk0nvaq@#=T(^n7{HG0h=LS-Z z0K74ZXzT`N&v4ThB-sE{wEmP{A-K9dgRVQj+ab&TapA^#ms7V-eWkA$gPgtgt$Y zyLgCvPxZy6$J3uvJM%yN1yVglOpTcz0K5_ZGPwKNYBf%EvXqqJKhkTnJMXdq}cO zBPwBVO?`W(KmI5K{1x`sAIeM(V5Vj;(51PSg)vein#xJST@%0!fd}y^4{mKJ-sh*t zo1^`0QQFDh&v@bB@o#BQDj~H$8MO2sPT&pV$VlKp| zwu!uHBXYcxHZW=Y6s$vTG6;>cEHY&T`x?07MSKb2yEhT%XyN3i?ce71_6w)174yv4 zUTYkB0I*ZebK(9HjprNt;)8_p9}I{5m2vafMJ6Ur*wJ?Z)b0&SiZ_yM9DVo27*qZG z2~zp=fi%Gp2Ca1Xj%<-`e~(O-GF_;4Dto_49WM|j@q1o^(I}y8c~w{Mj*9I;8W*(0 zKbpof&hk)}E|f##{kJU_D)EiD@^;4|BxTjh^UAi}A${Lpgzox8kLP1#6;EL@im?96 z{l0sZ|BN6L)7*$kQ|+wP&^24-h(5cVjXnB1qqSuL6L|#eYX4-+U=O)2K}&^=32oUP zBOHnUEM?Cq70Kio32iwP%R&FpHkZ&6G7+umF2BCIL-0uc^i7qCsaIaDt$xVmf&U$(W9fHTr}uUQoYWw8|d7rJp3>?X;E zV}n?jzL>PC4O;l*^@T~t-+5}VZ5vr;EuiS`k5K?#O*(BIEpl);YSfiE=9K>Sy-dp$ zqEfyx>w_sU6I0%O53%9$zTPNpr0?Gg2w2Y#wMgsh7nqp7Yngc{H-md+itkQ5hA#^s zb~N&p_tb&Wjm9@SBtbZU zFVv`a6KfvKh2&3#Z|t>?ey|{Tz|C?PL;)j)##LY!mAnIBy5Kb%v9DCOY2-7cD`Zvm z%t!qTaRJe?pFPBmd7e5HV z#M~UMBT34;6W86nd=b#CAPrv2)2`H;?;fz3xtT`eWo2uP%1FSiUMB9fqwDsN4+kWN zqV(G00?|O(AHG%5_@O4bneYdZeWlq&yuf1*Um?F$>tEYHYntegxg`67>Lfz7!|j}l zV90(8Jf8nT2DpSi=sz_=zBRKx=EFJsqADyG^@195J$qHbIx|f~_QK)c?LzIpGG76@ zzhBCjOu)|BJJbcjn~Xrbnzfs&LL_<=oWfW;VE|%67q>3fqO4j3Pj&T20+ zZU19gTrpX~;lo0y8>*j;qs{k#i`Qq05ZCkEB=g2fJha%RlCq&rO_vCAc^k5O2nC_7 zO3w}bO$V^S7>X}Xd#daO@V$;NAAr``vO3VH#X=uwdwa-cnEqxz`QkxslWDr{DS1iH zaIjqU9%Y>WgZ!|+ggi}8-J@}MFRRrpwFBU*!C9jg142^uBB65f3PJx1msI>qER(X) zYp5Nww~(DYNQt$Jk!#5Ds`l{UhRDu=Rp-#Hbzf=JJ%MuITpmws11VL5_x%)Wi1&#N zjAxzvv50UsE+=b%_s_|Fq@ zD-W2mk~rS9YZ&&kmZmMw_C6t&ZHPfAO@2GH@85*~r2{;yVTE7Oh;Fx}NARZd}ufhez3RT)?_FlKMu zdW+r)bTGc$yHoIsH{+M6j;8gd>Aq=DAw_`zXl5EYNCaVf2Dq5d4RKc(4v9^5Q-MNQ zduqQAh^a>pr?(7P0bhDRe{}uHJLgpCEh3ZPcTnF6n(?cAWCW=1Zy|U~+;OyRtLxPz zB_Ra$gh?WH51^y?wgq`qkck#^G7|pNg1^wI!Q1g#b84&TL9K^~clMAS@a{jp!ZHuZ zYpg$Le}O639dX4r4z~%q8)vQm^Z&CQxmF);tStm8I^ps@YnN=FftS?p+KUal?#oKo zJ@Y;sX3{<@;CD#4CCK4#TdrKw+RdxHVmV*^_ z?Q%3IzxAHqwd>;b{x>tDqzlgf z-}bKD%!jq^>sz32L^Res%$fO3df9ooHlO*qT2rnpeGwRHu`;bU^Q-xB=Pjnd#b*qv z+>9nYQTxI_@jl$Jk|Rib;@2f}yL7g)Tu+{_n-7$KU^I0{qHXqlho1{Ag0h#!1BHI9 z+Ng24?)#O`Tjxo|y*{^`7noW?Zin2rdmSz64zzbcVDyQcTV=~$Ux_(75vV?cyRSdC zOU~5it8M8Y+b(6G|32I-ef93);b|u2yo{goUYNv#6?U|r{q;9^w)3k4y6GYylN96v zk{dq?1=+9V%#CWlrMO_9W*-aCHXRc?lNR89iTFcyD-x^TmD*nkeskaK@4RVyL%=S0 z5Z$=M(4AwG?|$V!G$3CD<5!~*yRTwR$Bni=3yvZ zb@AMfxTRZJ`))0Jp#`$%Ktkx&d(#$3xw!#%aDla{70L$IawLBF%kjVb`XM*4UnaQk z2$kUk#^@D@o4FyPa~^pB4NY+b>jSO~0E=$e5^(hUF5R=UA(9KDChxj$`xE4#Q7{?; el!k!D#sBPIRSlLTdEIyhGRxD|&t;ucLK6TU$E{TW literal 0 HcmV?d00001