From 2370c5dce530786705ec06e2ab465cde3801a2db Mon Sep 17 00:00:00 2001 From: Tal Liron Date: Wed, 24 Mar 2021 15:25:36 -0500 Subject: [PATCH] Small fixes to documentation --- QUICKSTART.md | 29 ++++++++++++++++------------- README.md | 2 +- lab/_env | 2 +- 3 files changed, 18 insertions(+), 15 deletions(-) diff --git a/QUICKSTART.md b/QUICKSTART.md index fbe6a69..f71a71a 100644 --- a/QUICKSTART.md +++ b/QUICKSTART.md @@ -81,12 +81,12 @@ Configuring the Registry You will now use Reposure to configure the "default" registry for Turandot. -This can be simple or complex depending on your Kubernetes cluster. The reason is that -the Turandot operator does more than just deploy TOSCA, it can also deploy artifacts -referred to by your TOSCA, including artifacts of a special type: container images. Container -images are downloaded from a registry by the container runtime (CRI-O, Docker, etc.) that runs -on each of the cluster's hosts, and by default the container runtime is likely configured to -require TLS authentication (HTTPS) and may even require authorization. +This can be simple or complex depending on your Kubernetes cluster. The reason it can be +challenging is that the Turandot operator does more than just deploy TOSCA, it can also deploy +artifacts referred to by your TOSCA, including artifacts of a special type: container images. +Container images are downloaded from a registry by the container runtime (CRI-O, Docker, etc.) +that runs on each of the cluster's hosts, and by the container runtime is likely to be configured +by delay to require TLS authentication (HTTPS) and may even require authorization. Reposure comes with built-in support for the built-in registries of a few Kubernetes distributions, making it easy to make use of them. For Minikube: @@ -110,16 +110,19 @@ small deployments. Installing the "simple" registry is simple, but configuring your Kubernetes container runtime to accept it is beyond the scope of this guide. Specifically you would need to -allow it to accept a TLS certificate or your custom certificate authority. +allow it to accept your TLS certificate or your custom certificate authority. The extra +challenge of working with TLS certificates for cloud workloads is that the certificate +is tied to either an IP address (which may change) or a DNS domain name, which may be +local and custom. However, if you can configure your container runtime to at least accept self-signed -certificates (so-called "insecure" mode), then Reposure's "simple" registry can provision -one using [cert-manager](https://github.com/jetstack/cert-manager). (In Minikube this -is enabled via the -[`--insecure-registry`](https://minikube.sigs.k8s.io/docs/handbook/registry/) flag.) +certificates (so-called "insecure" mode, which in Minikube is enabled via the +[`--insecure-registry`](https://minikube.sigs.k8s.io/docs/handbook/registry/) flag), +then Reposure's "simple" registry can provision such a self-signed certificate for you +by using [cert-manager](https://github.com/jetstack/cert-manager). -So, assuming your container runtime is "insecure", you can start by installing -cert-manager via our included script: +Assuming your container runtime is "insecure", you can start by installing cert-manager +via our included script: lab/cert-manager/deploy diff --git a/README.md b/README.md index 26eed90..c7e06ce 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ Turandot [![Latest Release](https://img.shields.io/github/release/tliron/turandot.svg)](https://github.com/tliron/turandot/releases/latest) [![Go Report Card](https://goreportcard.com/badge/github.com/tliron/turandot)](https://goreportcard.com/report/github.com/tliron/turandot) -Orchestrate and compose [Kubernetes](https://kubernetes.io/) workloads using +Compose and orchestrate [Kubernetes](https://kubernetes.io/) workloads using [TOSCA](https://www.oasis-open.org/committees/tosca/). Want to dive in? diff --git a/lab/_env b/lab/_env index 35c88ef..9ccf94f 100644 --- a/lab/_env +++ b/lab/_env @@ -1,6 +1,6 @@ KUBECTL_VERSION=1.20.5 -K9S_VERSION=0.24.3 +K9S_VERSION=0.24.4 MINIKUBE_VERSION=1.18.1 KUBEVIRT_VERSION=0.39.0 CERT_MANAGER_VERSION=1.2.0