Merge branch 'master' into edge-mgmt-api

docs/docs-content/enterprise-version/install-palette/install-on-vmware/airgap-install/checklist.md

@@ -25,3 +25,8 @@ installation.
 
 - [ ] Review the list of [pack binaries](../../airgap/supplemental-packs.md) to download and upload to your OCI
       registry.
+- [ ] If you have custom SSL certificates you want to include, copy the custom SSL certificates, in base64 PEM format,
+      to the support VM. The custom certificates must be placed in the **/opt/spectro/ssl** folder. Include the
+      following files:
+  - **server.crt**
+  - **server.key**

docs/docs-content/enterprise-version/install-palette/install-on-vmware/airgap-install/vmware-vsphere-airgap-instructions.md

@@ -236,7 +236,25 @@ The default container runtime for OVAs is [Podman](https://podman.io/), not Dock
     sudo --login
     ```
 
-19. Start the airgap initialization process by issuing the following command. The script requires the hostname or IP
+19. If you have custom SSL certificates you want to apply to the image and pack registry, and the Spectro Cloud
+    Repository, copy the custom SSL certificates, in base64 PEM format, to the airgap support VM. The custom
+    certificates must be placed in the **/opt/spectro/ssl** folder. Include the following files:
+
+    - **server.crt**
+    - **server.key**
+
+    If you do not provide a custom SSL certificate, the airgap setup process will generate a self-signed certificate for
+    you.
+
+    :::warning
+
+    The custom SSL certificates must be in base64 PEM format. If you have custom SSL certificates in a different format,
+    convert them to base64 PEM format before copying them to the support VM. The airgap setup process also expects the
+    files to be named **server.crt** and **server.key**.
+
+    :::
+
+20. Start the airgap initialization process by issuing the following command. The script requires the hostname or IP
     address of the airgap support VM. Choose the preferred method for your environment. Be aware that the script will
     generate a self-signed certificate for the value you provide.
 
@@ -317,10 +335,10 @@ The default container runtime for OVAs is [Podman](https://podman.io/), not Dock
         </TabItem>
         </Tabs>
 
-20. The output of the script contains credentials and values you will need when completing the installation with the
+21. The output of the script contains credentials and values you will need when completing the installation with the
     Palette CLI. If you need to review this information in the future, invoke the script again.
 
-21. Review the [Additional Packs](../../airgap/supplemental-packs.md) page and identify any additional packs you want to
+22. Review the [Additional Packs](../../airgap/supplemental-packs.md) page and identify any additional packs you want to
     add to your OCI registry. By default, the installation includes only the minimum required packs. You can also add
     additional packs after the installation is complete.
 

docs/docs-content/enterprise-version/system-management/ssl-certificate-management.md

@@ -9,17 +9,16 @@ tags: ["palette", "management"]
 keywords: ["self-hosted", "enterprise"]
 ---
 
-When you install Palette, a self-signed certificate is generated and used by default. You can upload your own SSL
-certificate to replace the default certificate.
-
-Palette uses SSL certificates to secure external communication. Internal components communication is by default secured
-and use HTTPS. External communication with Palette, such as the system console, gRPC endpoint, and API endpoint,
-requires you to upload an SSL certificate to enable HTTPS.
+Palette uses Secure Sockets Layer (SSL) certificates to secure internal and external communication with Hypertext
+Transfer Protocol Secure (HTTPS). External Palette endpoints, such as the
+[system console](../system-management/system-management.md#system-console),
+[Palette dashboard](../../getting-started/dashboard.md), Palette API, and gRPC endpoints, are enabled by default with
+HTTPS using an auto-generated self-signed certificate. You can replace the self-signed certificate with a custom SSL
+certificate to secure these endpoints.
 
 :::info
 
-Enabling HTTPS is a non-disruptive operation. You can enable HTTPS at any time without affecting the system's
-functionality.
+You can swap out the external endpoint certificate at any time without affecting the system functionality.
 
 :::
 
@@ -69,4 +68,4 @@ You can validate that your certificate is uploaded correctly by using the follow
    with `https://`.
 
 Palette is now using your uploaded certificate to create a secure HTTPS connection with external clients. Users can now
-securely access the system console, gRPC endpoint, and API endpoint.
+securely access the system console, Palette dashboard, the gRPC endpoint, and the Palette API endpoint.

docs/docs-content/tenant-settings/add-registry.md

@@ -4,7 +4,7 @@ title: "Add Tenant-Level Registry"
 description: "Learn how to add a tenant-level registry in Palette."
 icon: ""
 hide_table_of_contents: false
-sidebar_position: 60
+sidebar_position: 10
 tags: ["enterprise", "management", "registry"]
 ---
 

docs/docs-content/tenant-settings/api-key-management.md

@@ -4,7 +4,7 @@ title: "API Key Management"
 description: "Learn how to set a login banner for your Palette tenant."
 icon: ""
 hide_table_of_contents: false
-sidebar_position: 0
+sidebar_position: 20
 tags: ["tenant-administration", "authentication", "api-key"]
 ---
 

docs/docs-content/tenant-settings/login-banner.md

@@ -4,7 +4,7 @@ title: "Login Banner"
 description: "Learn how to set a login banner for your Palette tenant."
 icon: ""
 hide_table_of_contents: false
-sidebar_position: 0
+sidebar_position: 30
 tags: ["tenant-administration"]
 ---
 

docs/docs-content/tenant-settings/palette-resource-limits.md

@@ -0,0 +1,62 @@
+---
+sidebar_label: "Default Resource Limits"
+title: "Default Resource Limits"
+description:
+  "Understand the default resource limits for Palette and learn how to set resource limits for your Palette tenant."
+icon: ""
+hide_table_of_contents: false
+sidebar_position: 25
+tags: ["tenant-administration"]
+---
+
+Tenant administrators can set and update resource limits for Palette. The resource limits determine the maximum number
+of resources that can be created in Palette. The resource limits are set at the tenant level and apply to all projects
+in the tenant.
+
+The following table lists the default resource limits for Palette:
+
+| **Resources**                                       | **Max Limit** | **Scope** |
+| --------------------------------------------------- | ------------- | --------- |
+| Users                                               | 300           | Tenant    |
+| Teams                                               | 100           | Tenant    |
+| Projects                                            | 50            | Tenant    |
+| Workspaces                                          | 50            | Tenant    |
+| Roles                                               | 100           | Tenant    |
+| Cloud Accounts                                      | 200           | Tenant    |
+| Cluster Profiles including Cluster Profile versions | 200           | Tenant    |
+| Registries                                          | 50            | Tenant    |
+| Private Gateway                                     | 50            | Tenant    |
+| API Keys                                            | 20            | User      |
+| Backup Locations                                    | 100           | Tenant    |
+| Certificates                                        | 20            | Tenant    |
+| Macros                                              | 200           | Project   |
+| SSH Keys                                            | 300           | Tenant    |
+| Alerts or Webhook                                   | 100           | Project   |
+| Clusters                                            | 10,000        | Tenant    |
+| Edge Hosts                                          | 200           | Tenant    |
+
+## Set Resource Limit
+
+Use the following steps to set or update resource limits for your Palette tenant.
+
+## Prerequisites
+
+- You must have access to the _tenant admin_ role.
+
+## Update Limits
+
+1. Log in to [Palette](https://console.spectrocloud.com) as a tenant admin.
+
+2. Navigate to the left **Main Menu** and select **Tenant Settings**.
+
+3. Select **Resource Limits** from the **Tenant Settings Menu**.
+
+4. Set the values for the different Palette resources.
+
+5. Save your changes.
+
+## Validate
+
+You can validate the updated resource limits by creating a resource of the same type you updated. For example, you can
+create five API keys if you updated the **API Key** to five. If you attempt to create a sixth API key, you will receive
+an error message.

docs/docs-content/tenant-settings/tenant-settings.md

@@ -36,6 +36,8 @@ Use the following resources to become familiar with the available tenant setting
 
 - [API Key Management](api-key-management.md)
 
+- [Default Resource Limits](./palette-resource-limits.md)
+
 - [Login Banner](login-banner.md)
 
 - [Projects](./projects/projects.md)

docs/docs-content/vertex/install-palette-vertex/install-on-vmware/airgap-install/checklist.md

@@ -25,3 +25,9 @@ installation.
 
 - [ ] Review the list of [pack binaries](../../airgap/supplemental-packs.md) to download and upload to your OCI
       registry.
+
+- [ ] If you have custom SSL certificates you want to include, copy the custom SSL certificates, in base64 PEM format,
+      to the support VM. The custom certificates must be placed in the **/opt/spectro/ssl** folder. Include the
+      following files:
+  - **server.crt**
+  - **server.key**

docs/docs-content/vertex/install-palette-vertex/install-on-vmware/airgap-install/vmware-vsphere-airgap-instructions.md

@@ -237,7 +237,25 @@ If you are working in Vim, press `i` to enter insert mode in the text editor. Pr
     sudo --login
     ```
 
-19. Start the airgap initialization process by issuing the following command. The script requires the hostname or IP
+19. If you have custom SSL certificates you want to apply to the image and pack registry, and the Spectro Cloud
+    Repository, copy the custom SSL certificates, in base64 PEM format, to the airgap support VM. The custom
+    certificates must be placed in the **/opt/spectro/ssl** folder. Include the following files:
+
+    - **server.crt**
+    - **server.key**
+
+    If you do not provide a custom SSL certificate, the airgap setup process will generate a self-signed certificate for
+    you.
+
+    :::warning
+
+    The custom SSL certificates must be in base64 PEM format. If you have custom SSL certificates in a different format,
+    convert them to base64 PEM format before copying them to the support VM. The airgap setup process also expects the
+    files to be named **server.crt** and **server.key**.
+
+    :::
+
+20. Start the airgap initialization process by issuing the following command. The script requires the hostname or IP
     address of the airgap support VM. Choose the preferred method for your environment. Be aware that the script will
     generate a self-signed certificate for the value you provide.
 
@@ -318,10 +336,10 @@ If you are working in Vim, press `i` to enter insert mode in the text editor. Pr
         </TabItem>
         </Tabs>
 
-20. The output of the script contains credentials and values you will need when completing the installation with the
+21. The output of the script contains credentials and values you will need when completing the installation with the
     Palette CLI. If you need to review this information in the future, invoke the script again.
 
-21. Review the [Additional Packs](../../airgap/supplemental-packs.md) page and identify any additional packs you want to
+22. Review the [Additional Packs](../../airgap/supplemental-packs.md) page and identify any additional packs you want to
     add to your OCI registry. By default, the installation includes only the minimum required packs. You can also add
     additional packs after the installation is complete.
 

docs/docs-content/vertex/system-management/ssl-certificate-management.md

@@ -9,17 +9,16 @@ tags: ["vertex", "management"]
 keywords: ["self-hosted", "vertex"]
 ---
 
-When you install Palette VerteX, a self-signed certificate is generated and used by default. You can upload your own SSL
-certificate to replace the default certificate.
-
-Palette VerteX uses SSL certificates to secure external communication. The internal components communication is by
-default secured and use HTTPS. External communication with Palette VerteX, such as the system console, gRPC endpoint,
-and API endpoint, requires you to upload an SSL certificate to enable HTTPS.
+Palette VerteX uses Secure Sockets Layer (SSL) certificates to secure internal and external communication with Hypertext
+Transfer Protocol Secure (HTTPS). External VerteX endpoints, such as the
+[system console](../system-management/system-management.md#system-console),
+[VerteX dashboard](../../getting-started/dashboard.md), the VerteX API, and the gRPC endpoint, are enabled by default
+with HTTPS using an auto-generated self-signed certificate. You can replace the self-signed certificate with your SSL
+certificate to secure these endpoints.
 
 :::info
 
-Enabling HTTPS is a non-disruptive operation. You can enable HTTPS at any time without affecting the system's
-functionality.
+You can swap out the external endpoint certificate at any time without affecting the system functionality.
 
 :::
 
@@ -68,5 +67,5 @@ You can validate that your certificate is uploaded correctly by using the follow
 2. Log back into the Palette VerteX system console. Ensure the connection is secure by checking the URL. The URL should
    start with `https://`.
 
-Palette VerteX is now using your uploaded certificate to create a secure HTTPS connection with external clients. Users
-can now securely access the system console, gRPC endpoint, and API endpoint.
+VerteX is now using your uploaded certificate to create a secure HTTPS connection with external clients. Users can now
+securely access the system console, VerteX dashboard, the gRPC endpoint, and the VerteX API endpoint.