Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-04-18 22:45:52 -04:00
Code Issues Packages Projects Releases Wiki Activity

docs: few fixes and rewording

Browse Source
This commit is contained in:
Thomas Tendyck 2023-03-04 18:28:17 +01:00 committed by Thomas Tendyck
parent 5397ce4509
commit c7f0cf1e79
5 changed files with 31 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/docs/architecture/orchestration.md
View File

@ -16,14 +16,14 @@ Note that every operation on a cluster always has to be performed from the direc
## Cluster creation process
To allow for fine-grained configuration of your cluster and cloud environment, Constellation supports an extensive configuration file with strong defaults. [Generating the configuration file](../workflows/create.md#configuration) is typically the first thing you do in the workspace.
To allow for fine-grained configuration of your cluster and cloud environment, Constellation supports an extensive configuration file with strong defaults. [Generating the configuration file](../workflows/config.md) is typically the first thing you do in the workspace.
Altogether, the following files are generated during the creation of a Constellation cluster and stored in the current workspace:
* a configuration file
* an ID file
* a Base64-encoded master secret
* [Terraform artifacts](../reference/terraform.md), stored in the `constellation-terraform` and `constellation-iam-terraform` subdirectories
* [Terraform artifacts](../reference/terraform.md), stored in subdirectories
* a Kubernetes `kubeconfig` file.
After the creation of your cluster, the CLI will provide you with a Kubernetes `kubeconfig` file.
@ -49,9 +49,6 @@ Post-installation the CLI provides a configuration for [accessing the cluster us
The `kubeconfig` file provides the credentials and configuration for connecting and authenticating to the API server.
Once configured, orchestrate the Kubernetes cluster via `kubectl`.
Make sure to keep the Terraform subdirectory such as `constellation-terraform` in the workspace directory to be able to manage your cluster later on.
Without it, you won't be able to modify or terminate your cluster.
After the initialization, the CLI will present you with a couple of tokens:
* The [*master secret*](keys.md#master-secret) (stored in the `constellation-mastersecret.json` file by default)

11
docs/docs/architecture/versions.md
View File

@ -1,7 +1,7 @@
# Versions and support policy
All [microservices](microservices.md) of Constellation use a three-digit version number of the form `v<MAJOR>.<MINOR>.<PATCH>`.
The microservices are released in lock step, usually on the first Tuesday of every month. This release primarily introduces new features, but may also include security or performance improvements. The `MINOR` version will be incremented as part of this release.
All components of Constellation use a three-digit version number of the form `v<MAJOR>.<MINOR>.<PATCH>`.
The components are released in lock step, usually on the first Tuesday of every month. This release primarily introduces new features, but may also include security or performance improvements. The `MINOR` version will be incremented as part of this release.
Additional `PATCH` releases may be created on demand, to fix security issues or bugs before the next `MINOR` release window.
@ -9,7 +9,6 @@ New releases are published on [GitHub](https://github.com/edgelesssys/constellat
### Kubernetes support policy
Constellation is aligned to the [version support policy of Kubernetes](https://kubernetes.io/releases/version-skew-policy/#supported-versions), and therefore supports the most recent three minor versions.
When a new minor version is released upstream, the next Constellation release will include four supported Kubernetes versions.
The fourth version being the newly released Kubernetes version.
Then, the next Constellation release after that will drop the oldest supported Kubernetes version.
Constellation is aligned to the [version support policy of Kubernetes](https://kubernetes.io/releases/version-skew-policy/#supported-versions), and therefore usually supports the most recent three minor versions.
When a new minor version of Kubernetes is released, support is added to the next Constellation release, and that version then supports four Kubernetes versions.
Subsequent Constellation releases drop support for the oldest (and deprecated) Kubernetes version.

23
docs/docs/reference/terraform.md
View File

@ -1,22 +1,25 @@
# Terraform Usage
# Terraform usage
[Terraform](https://www.terraform.io/) is an open-source Infrastructure as Code (IaC) framework which is being used by multiple Constellation components to manage cloud resources. This page describes our policy on using Terraform in Constellation.
[Terraform](https://www.terraform.io/) is an Infrastructure as Code (IaC) framework to manage cloud resources. This page explains how Constellation uses it internally and how advanced users may manually use it to have more control over the resource creation.
:::info
This page assumes familiarity with Terraform. Refer to the [Terraform documentation](https://developer.hashicorp.com/terraform/docs) for an introduction.
Information on this page is intended for users who are familiar with Terraform.
It's not required for common usage of Constellation.
See the [Terraform documentation](https://developer.hashicorp.com/terraform/docs) if you want to learn more about it.
:::
## Interacting with Terraform manually
Manual interaction with Terraform state created by Constellation (i.e. via the Terraform CLI) should only be performed by experienced users and only if absolutely necessary, as it may lead to unrecoverable loss of cloud resources. For the vast majority of users and use-cases, the interaction done by the [Constellation CLI](cli.md) is sufficient.
## Terraform state files
Constellation keeps Terraform state files in subdirectories together with the corresponding Terraform configuration files and metadata. When first performing an action in the Constellation CLI which uses Terraform internally, the needed subdirectory will be created.
Constellation keeps Terraform state files in subdirectories of the workspace together with the corresponding Terraform configuration files and metadata.
The subdirectories are created on the first Constellation CLI action that uses Terraform internally.
Currently, these subdirectories are:
* `constellation-terraform` - Terraform state files for the resources used for the Constellation cluster
* `constellation-terraform` - Terraform state files for the resources of the Constellation cluster
* `constellation-iam-terraform` - Terraform state files for IAM configuration
When working with either of the files, i.e. when running `constellation terminate` to [terminate a cluster](../workflows/terminate.md) (and delete it's cloud resources), the `constellation terraform` subdirectory needs to be in the current working directory. The same applies to the `constellation-iam-terraform` subdirectory when working with IAM configuration. The state directories shouldn't be deleted manually.
As with all commands, commands that work with these files (e.g., `create`, `terminate`, `iam`) have to be executed from the root of the cluster's [workspace directory](../architecture/orchestration.md#workspaces). You usually don't need and shouldn't manipulate or delete the subdirectories manually.
## Interacting with Terraform manually
Manual interaction with Terraform state created by Constellation (i.e., via the Terraform CLI) should only be performed by experienced users. It may lead to unrecoverable loss of cloud resources. For the majority of users and use cases, the interaction done by the [Constellation CLI](cli.md) is sufficient.

16
docs/docs/workflows/config.md
View File

@ -63,8 +63,8 @@ Fill the desired VM type into the **instanceType** field in the `constellation-c
## Choosing a Kubernetes version
To learn which Kubernetes versions can be installed with your current CLI you can run `constellation config kubernetes-versions`.
Our support policy for Kubernetes versions is described in [Kubernetes support policy](../architecture/versions.md#kubernetes-support-policy).
To learn which Kubernetes versions can be installed with your current CLI, you can run `constellation config kubernetes-versions`.
See also Constellation's [Kubernetes support policy](../architecture/versions.md#kubernetes-support-policy).
## Creating an IAM configuration
@ -231,13 +231,13 @@ The following describes the configuration fields and how you obtain the required
* **iamProfileControlPlane**: The name of an IAM instance profile attached to all control-plane nodes.
The resource can be created with [Terraform](https://www.terraform.io/). For that, use the [provided Terraform script](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam) to generate the necessary profile. The profile name will be provided as Terraform output value: `control_plane_instance_profile`.
You can create the resource with [Terraform](https://www.terraform.io/). For that, use the [provided Terraform script](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam) to generate the necessary profile. The profile name will be provided as Terraform output value: `control_plane_instance_profile`.
Alternatively, you can create the AWS profile with a tool of your choice. Use the JSON policy in [main.tf](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam/main.tf) in the resource `aws_iam_policy.control_plane_policy`.
* **iamProfileWorkerNodes**: The name of an IAM instance profile attached to all worker nodes.
The resource can be created with [Terraform](https://www.terraform.io/). For that, use the [provided Terraform script](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam) to generate the necessary profile. The profile name will be provided as Terraform output value: `worker_nodes_instance_profile`.
You can create the resource with [Terraform](https://www.terraform.io/). For that, use the [provided Terraform script](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam) to generate the necessary profile. The profile name will be provided as Terraform output value: `worker_nodes_instance_profile`.
Alternatively, you can create the AWS profile with a tool of your choice. Use the JSON policy in [main.tf](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam/main.tf) in the resource `aws_iam_policy.worker_node_policy`.
@ -250,13 +250,9 @@ Now that you've configured your CSP, you can [create your cluster](./create.md).
## Deleting an IAM configuration
You can keep created IAM configurations and reuse them for new clusters. Alternatively, you can also delete them if they aren't being used anymore.
You can keep a created IAM configuration and reuse it for new clusters. Alternatively, you can also delete it if you don't want to use it anymore.
**Prerequisites:**
* [Terraform](https://developer.hashicorp.com/terraform/downloads) is installed on your machine.
* Access to the [`constellation-iam-terraform`](../reference/terraform.md) directory created by the `constellation iam create` command.
You can delete the IAM configuration by executing the following command in the same directory where you executed `constellation iam create`:
Delete the IAM configuration by executing the following command in the same directory where you executed `constellation iam create` (the directory that contains [`constellation-iam-terraform`](../reference/terraform.md) as a subdirectory):
```bash
constellation iam destroy
```

10
docs/sidebars.js
View File

@ -209,7 +209,7 @@ const sidebars = {
},
{
type: 'doc',
label: 'Components',
label: 'Microservices',
id: 'architecture/microservices',
},
{
@ -258,13 +258,13 @@ const sidebars = {
},
{
type: 'doc',
label: 'SLSA adoption',
id: 'reference/slsa',
label: 'Terraform usage',
id: 'reference/terraform',
},
{
type: 'doc',
label: 'Terraform Usage',
id: 'reference/terraform',
label: 'SLSA adoption',
id: 'reference/slsa',
},
],
},