You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+9-11Lines changed: 9 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -63,7 +63,6 @@ The pattern has been tested on Azure for two installation methods:
63
63
1. Installing onto an ARO cluster
64
64
2. Self managed OpenShift install using the `openshift-install` CLI.
65
65
66
-
67
66
### `1.0.0`
68
67
69
68
1.0.0 supports OpenShift Sandboxed containers version `1.8.1` along with Trustee version `0.2.0`.
@@ -73,18 +72,16 @@ The pattern has been tested on Azure for one installation method:
73
72
1. Self managed OpenShift install using the `openshift-install` CLI
74
73
2. Installing on top of an existing Azure Red Hat OpenShift (ARO) cluster
75
74
76
-
## Validated pattern flavours
75
+
## Changing deployment topoloiges
76
+
77
+
**Today the demo has two deployment topologies**
78
+
The most important change is what `clusterGroup` is deployed to your main or 'hub' cluster.
77
79
78
-
**Today the demo has two flavour**.
79
-
A number are planned based on various different hub cluster-groups.
80
80
You can change between behaviour by configuring [`global.main.clusterGroupName`](https://validatedpatterns.io/learn/values-files/) key in the `values-global.yaml` file.
81
81
82
-
`values-simple.yaml`: or the `simple` cluster group is the default for the pattern.
83
-
It deploys a hello-openshift application 3 times:
82
+
-`values-simple.yaml`: or the `simple` cluster group is the default for the pattern. It deploys everything in one cluster.
83
+
-`values-trusted-hub`: or the `trusted-hub` cluster group can be configured as the main cluster group. A second cluster should be deployed with the `spoke` cluster group. Follow [instructions here](https://validatedpatterns.io/learn/importing-a-cluster/) to add the second cluster.
84
84
85
-
- A standard pod
86
-
- A kata container with peer-pods
87
-
- A confidential kata-container
88
85
89
86
## Setup instructions
90
87
@@ -110,12 +107,13 @@ This only has to be done once.
110
107
> [!NOTE]
111
108
> Once generated this script will not override secrets. Be careful when doing multiple tests.
112
109
113
-
#### Configuring let's encrypt
110
+
#### Configuring let's encrypt (deprecated)
111
+
114
112
115
113
> [!IMPORTANT]
116
114
> Ensure you have password login available to the cluster. Let's encrypt will replace the API certificate in addition to the certificates to user with routes.
117
115
118
-
Trustee requires a trusted CA issued certificate. Let's Encrypt is included for environments without a trusted cert on OpenShift's routes.
116
+
Trustee (guest agents) requires that Trustee uses a Mozilla trusted CA issued certificate, or a specific certificate which is known in advance. Today the pattern uses specific self signed certs. Let's encrypt was an option for getting a trusted certificate onto OpenShift's routes, and therefore Trustee. Ths functionality will be removed at a later date.
119
117
120
118
If you need a Let's Encrypt certificate to be issued the `letsencrypt` application configuration needs to be changed as below.
0 commit comments