feat: add helm charts feature (#106)

Author: srodenhuis

.cspell.json

@@ -23,6 +23,7 @@
     "srodenhuis",
     "Traefik",
     "rbaumgar",
+    "Kwasm",
     "ebpf",
     "syscalls",
     "Ficy",

docs/for-devs/console/builds.md

@@ -14,7 +14,7 @@ Ask your platform administrator to activate the Harbor App to use this feature.
 
 ## Builds (all)
 
-All Builds of the team are listed here.
+All Builds of the Team are listed here.
 
 ![Team builds](../../img/team-builds.png)
 

docs/for-devs/console/catalog.md

@@ -4,48 +4,56 @@ title: Catalog
 sidebar_label: Catalog
 ---
 
-## About the Catalog quick starts
+## About the Catalog Helm charts
 
 The Catalog is a library of curated Helm charts to create Kubernetes resources. By default the Catalog contains a set of Helm charts provided to get started quickly, but they can also be modified depending on your requirements or be removed from the Catalog. 
 
 The contents of the Catalog and the RBAC configuration (which Team can use which Helm chart) are managed by the platform administrator. Contact the platform administrator if you would like to add your own charts to use within your Team.
 
 The Catalog contains a set of Helm charts that can be used as quick starts. The following quick starts are available:
 
-### Kubernetes Deployment
+1. Kubernetes Deployment
 
 The `k8s-deployment` Helm chart can be used to create a Kubernetes `Deployment` (to deploy a single image), a `Service` and a `ServiceAccount`. Optionally a `HorizontalPodAutoscaler`, a Prometheus `ServiceMonitor` and a `Configmap` can be created.
 
-### Kubernetes Deployment with Open Telemetry Instrumentation
+2. Kubernetes Deployment with Open Telemetry Instrumentation
 
 The `k8s-deployment-otel` Helm chart can be used to create a Kubernetes `Deployment` (to deploy a single image), a `Service`, a `ServiceAccount` and an `Instrumentation` resource. Optionally a `HorizontalPodAutoscaler`, a Prometheus `ServiceMonitor` and a `Configmap` can be created.
 
-### Kubernetes Canary Deployments
+3. Kubernetes Canary Deployments
 
 The `k8s-deployments-canary` Helm chart can be used to create 2 Kubernetes `Deployments` (to deploy 2 versions of an image), a `Service` and a `ServiceAccount` resource. Optionally a `HorizontalPodAutoscaler`, a Prometheus `ServiceMonitor` and a `Configmap` (for each version) can be created.
 
-### Knative-service
+4. Knative-service
 
 The `knative-service` Helm chart can be used to create a Knative `Service` (to deploy a single image), a `Service` and a  `ServiceAccount`. Optionally a Prometheus `ServiceMonitor` can be created.
 
-### PostgreSQL cluster
+5. PostgreSQL cluster
 
 The `postgresql-cluster` Helm chart can be used to create a cloudnativepg PostgreSQL `Cluster`. Optionally a Prometheus `PodMonitor` and a `Configmap` (for adding a postgresql dashboard to Grafana) can be created.
 
-### Redis master-replica cluster
+6. Redis master-replica cluster
 
 The `redis-cluster` Helm chart can be used to create a Redis master-replica cluster.
 
-### RabbitMQ Cluster and/or Queues
+7. RabbitMQ Cluster and/or Queues
 
-The `rabbitmq-cluster` Helm chart can be used to create a `RabbitmqCluster`, `queues` and `Policy`s
+The `rabbitmq-cluster` Helm chart can be used to create a `RabbitmqCluster`, `queues` and `Policy`s.
+
+Using the `rabbitmq-cluster` Helm chart requires `RabbitMQ` to be enabled by a platform administrator. 
+
+8. SpinApp
+
+The `spin-app` Helm chart can be used to create a `SpinApp`. A SpinApp is a Custom Resource to deploy WebAssembly microservices and web applications based on Spin.
+
+Using the `spin-app` Helm chart requires a `spin-shim-executor` to be added to the Team by a platform administrator.
 
 
 ## Using the Catalog
 
 1. Click on `Catalog` in the left menu
 
-2. You will now see all the templates that are available to use
+2. You will now see all the templates that are available for use
 
 ![Team catalog](../../img/team-catalog.png)
 

docs/for-devs/console/netpols.md

@@ -12,7 +12,7 @@ When the Network Policies `Egress control` option is enabled for the team, all t
 
 ## Network Policies (all)
 
-All Network Policies of the team are listed here.
+All Network Policies of the Team are listed here.
 
 | Property      | Description                                                     |
 | ------------- | --------------------------------------------------------------- |

docs/for-devs/console/overview.md

@@ -14,22 +14,22 @@ The Team view in the Console gives access to 2 sections:
 
 Self-service section:
 
-- [Apps](dashboard.md): An overview of Team Pod status, resource utilization and vulnerabilities.
-- [Apps](apps.md): All the apps available to the team on this platform.
+- [Dashboard](dashboard.md): An overview of Team Pod status, resource utilization and vulnerabilities.
+- [Apps](apps.md): All the apps available to the Team.
 - [Catalog](catalog.md): The Helm charts available for the Team in the Catalog.
-- [Projects](projects.md): A list of all Projects created by the team.
-- [Builds](builds.md): A list of all Builds created by the team.
-- [Sealed Secrets](sealed-secrets.md): A list of all Sealed Secrets created by the Team.
-- [Workloads](workloads.md): A list of all Workloads created by the Team.
-- [Network Policies](netpols.md): A list of all Network Policies created by the team.
-- [Services](services.md): A list of all team services.
+- [Projects](projects.md): A self-service form to create Projects.
+- [Builds](builds.md): A self-service form to create Builds.
+- [Sealed Secrets](sealed-secrets.md): A self-service form to create Sealed Secrets.
+- [Workloads](workloads.md): A self-service form to create Workloads.
+- [Network Policies](netpols.md): A self-service form to create Network Policies.
+- [Services](services.md): A self-service form to create Services.
 - [Security Policies](security-policies.md): A list of all Security Policies applicable to the Team.
 - [Settings](settings.md): Specific Team configuration options.
-- [Shell](shell.md): Access to the cloud Shell within the context of the Team.
 
-Download links section:
+Access Section:
 
+- [Shell](shell.md): Access to the cloud Shell within the context of the Team.
 - A "Download KUBECFG" link to download a KUBECONFIG file that gives access to the namespace of the team selected. Admins can download one with `cluster-admin` permissions (giving access to all namespaces) by setting the team selector to '-'. You can use it like `export KUBECONFIG=$file_location` or by merging it with another KUBECONFIG file like `.kube/config`. Please visit the official Kubernetes [documentation about managing kube contexts](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/).
 - When Harbor is enabled, a link to download the Dockercfg file.
-- When an automatic generated CA or Let's Encrypt staging certificates are used, a "Download CA" link is provided.
+- When automatic generated CA or Let's Encrypt staging certificates are used, a "Download CA" link is provided.
 

docs/for-ops/console/team-admin-builds.md

@@ -0,0 +1,10 @@
+---
+slug: team-admin-builds
+title: Team Admin Builds
+sidebar_label: Builds
+---
+
+The Builds self-service feature for the Team Admin is the same as for regular teams. See [here](../../for-devs/console/builds.md) for more information about Builds.
+
+
+

docs/for-ops/console/team-admin-catalog.md

@@ -0,0 +1,70 @@
+---
+slug: team-admin-catalog
+title: Team Admin Catalog
+sidebar_label: Catalog
+---
+
+## About the Catalog Helm charts
+
+The Catalog is a library of curated Helm charts to create Kubernetes resources. By default the Catalog contains a set of Helm charts provided to get started quickly, but they can also be modified depending on your requirements or be removed from the Catalog. 
+
+The contents of the Catalog and the RBAC configuration (which Team can use which Helm chart) are managed by the platform administrator.
+
+The Catalog contains a set of Helm charts that can be used as quick starts, but also offers the option (for platform administrators only) to add more Helm charts to the Catalog, using the `+ Add Helm Chart` option.
+
+## Helm charts available for platform administrators
+
+Next to the Helm charts that are by default included in the Catalog and made available for Teams, the Catalog also by default includes a set of curated Helm charts that can only be installed by platform administrators. These Helm charts are visible in the Catalog for the Team `Admin`.
+
+The Helm charts that are by default added to the Catalog are maintained in the [apl-charts](https://github.com/linode/apl-charts) GitHub repository. Currently the following Helm charts are made available for platform-administrators:
+
+1. Kwasm Operator
+
+The `kwasm-operator` Helm chart can be used to add WebAssembly support to the Kubernetes Nodes. `kwasm-operator` is a prerequisite for installing `spin-operator`
+
+2. Spin Operator
+
+The `spin-operator` Helm chart can be used to enable deploying Spin applications to Kubernetes.
+
+3. Spin Shim Executor
+
+The `spin-shim-executor` Helm chart can be used to create a `SpinAppExecutor` utilized by Spin Operator to determine which executor type should be used in running a SpinApp.
+
+4. KubeFlow Pipelines Cluster Resources
+
+The `kfp-cluster-resources` Helm chart can be used to install the KubeFlow Pipelines CRDs.
+
+5. Kubeflow Pipelines
+
+The `kubeflow-pipelines` Helm chart can be used to install KubeFlow Pipelines in any Team.
+
+## Adding Helm charts to the Catalog
+
+1. Select view `team` and select team `admin` in the top bar.
+
+2. Click on `Catalog` in the left menu.
+
+3. You will now see all the templates that are available for use.
+.
+4. Click on `+ Add Helm Chart`.
+
+5. Fill in a URL that points to a `Chart.yaml`.
+
+6. Click on `GET DETAILS`.
+
+![catalog](../../img/add-helm-chart.png)
+
+7. Optionally change the `Icon URL` to point to an icon you want to use for this hem chart in the Catalog.
+
+8. If the Helm chart should be made available for all Teams, select `Allow teams to use this chart`.
+
+8. Click `ADD CHART`.
+
+The Helm chart will now be added to the `charts` repository in the Local Git service (Gitea) and will be visible in the Catalog:
+
+![catalog](../../img/team-admin-catalog.png)
+
+
+
+
+

docs/for-ops/console/team-admin-netpols.md

@@ -0,0 +1,9 @@
+---
+slug: team-admin-netpols
+title: Team Admin Network Policies
+sidebar_label: Network Policies
+---
+
+The Network Policies self-service feature for the Team Admin is the same as for regular teams. See [here](../../for-devs/console/netpols.md) for more information about Network Policies.
+
+

docs/for-ops/console/team-admin-overview.md

@@ -0,0 +1,30 @@
+---
+slug: team-admin-overview
+title: Team Admin Overview
+sidebar_label: Overview
+---
+
+## The Console - Team Admin
+
+The Console is the web UI of the platform and offers access to all integrated apps and self-service tasks. The Console has a topbar showing a View and a Team selector. The View selector allows to switch between the `Platform` and the `Team` view.
+
+Self-service section:
+
+- [Catalog](team-admin-catalog.md): The Helm charts available for platform administrators to install in any namespace
+- [Projects](team-admin-projects.md): A self-service form for platform administrators to create Projects.
+- [Builds](team-admin-builds.md): A self-service form for platform administrators to create Builds.
+- [Sealed Secrets](team-admin-sealed-secrets.md): A self-service form for platform administrators to create Sealed Secrets.
+- [Workloads](team-admin-workloads.md): A self-service form to create for platform administrators Workloads in any namespace.
+- [Network Policies](team-admin-netpols.md): A self-service form for platform administrators to create Network Policies (in the `team-admin` namespace only).
+- [Services](team-admin-services.md): A self-service form for platform administrators to create Services to expose endpoints (`ClusterIP` services) from any namespace.
+- [Security Policies](team-admin-security-policies.md): A list of all Security Policies applicable to the `team-admin` namespace only.
+
+Access Section:
+
+- [Shell](shell.md): Access to the cloud Shell within the context of the complete cluster (all namespaces).
+- The `Download KUBECFG` is disabled for platform administrators.
+- When Harbor is enabled, a link to download the Dockercfg file.
+- When automatic generated CA or Let's Encrypt staging certificates are used, a "Download CA" link is provided.
+
+
+

docs/for-ops/console/team-admin-projects.md

@@ -0,0 +1,15 @@
+---
+slug: team-admin-projects
+title: Team Admin Projects
+sidebar_label: Projects
+---
+
+The Projects self-service feature for the Team Admin is the same as for regular Teams, but with the following differences:
+
+- The Workload created by the Project can be used to deploy Helm charts from the Catalog in any namespace.
+
+- The Service created by the Project can expose any K8s `ClusterIP` service that exist in any namespace (but needs to be the same namespace as where the Workload is deployed).
+
+See [here](../../for-devs/console/projects.md) for more information about Projects.
+
+

docs/for-ops/console/team-admin-sealed-secrets.md

@@ -0,0 +1,9 @@
+---
+slug: team-admin-sealed-secrets
+title: Team Admin Sealed Secrets
+sidebar_label: Sealed Secrets
+---
+
+The Sealed Secrets self-service feature for the Team Admin is the same as for regular teams. Sealed Secrets can only be created in the `team-admin` namespace. See [here](../../for-devs/console/sealed-secrets.md) for more information about Sealed Secrets.
+
+

docs/for-ops/console/team-admin-security-policies.md

@@ -0,0 +1,9 @@
+---
+slug: team-admin-security-policies
+title: Team Admin Security Policies
+sidebar_label: Security Policies
+---
+
+The Security Policies self-service feature for the Team Admin is the same as for regular teams. Security Policies are only applied in the `team-admin` namespace. See [here](../../for-devs/console/security-policies.md) for more information about Security Policies.
+
+

docs/for-ops/console/team-admin-services.md

@@ -0,0 +1,14 @@
+---
+slug: team-admin-services
+title: Team Admin Services
+sidebar_label: Services
+---
+
+The Services self-service feature for the Team Admin is the same as for regular Teams, but with the following difference:
+
+- The Service created can be used to expose any K8s `ClusterIP` service in any namespace.
+
+See [here](../../for-devs/console/services.md) for more information about Services.
+
+
+

docs/for-ops/console/team-admin-workloads.md

@@ -0,0 +1,16 @@
+---
+slug: team-admin-workloads
+title: Team Admin Workloads
+sidebar_label: Workloads
+---
+
+The Workload self-service feature for the Team Admin is the same as for regular Teams, but with the following differences:
+
+- The Workload can be used to deploy Helm charts from the Catalog in any namespace.
+
+- If the namespace does not exist, the namespace can be automatically created.
+
+- Istio sidecars can optionally be enabled for all Pods in the Workload.
+
+See [here](../../for-devs/console/workloads.md) for more information about Workloads.
+

docs/img/add-helm-chart.png

@@ -98,13 +98,25 @@ module.exports = {
           },
         ],
       },
+      {
+        "Console - Team-Admin": [
+          "for-ops/console/team-admin-overview",
+          "for-ops/console/team-admin-catalog",
+          "for-ops/console/team-admin-projects",
+          "for-ops/console/team-admin-builds",
+          "for-ops/console/team-admin-sealed-secrets",
+          "for-ops/console/team-admin-workloads",
+          "for-ops/console/team-admin-netpols",
+          "for-ops/console/team-admin-services",
+          "for-ops/console/team-admin-security-policies",
+        ],
+      },
       {
         "How To": [
           "for-ops/how-to/overview",
           "for-ops/how-to/use-catalog",
           "for-ops/how-to/ingress-classes",
           "for-ops/how-to/use-team-admin",
-          // "for-ops/how-to/core-only",
           "for-ops/how-to/backups",
           "for-ops/how-to/clone-apl",
           "for-ops/how-to/manage-age",