Merge pull request #93 from stakater/console-docs

Update docs to reflect default console settings

content/explanation/console.md

@@ -8,6 +8,38 @@ The Multi Tenant Operator (MTO) Console is a comprehensive user interface design
 
 The dashboard serves as a centralized monitoring hub, offering insights into the current state of tenants, namespaces, and quotas. It is designed to provide a quick summary/snapshot of MTO resources' status. Additionally, it includes a Showback graph that presents a quick glance of the seven-day cost trends associated with the namespaces/tenants based on the logged-in user.
 
+By default, MTO Console will be disabled and has to be enabled by setting the below configuration in IntegrationConfig.
+
+```yaml
+provision:
+    console: true
+    ingress:
+      console:
+        host: tenant-operator-console.<hostname>
+        ingressClassName: <ingress-class-name>
+        tlsSecretName: <tls-secret-name>
+      gateway:
+        host: tenant-operator-gateway.<hostname>
+        ingressClassName: <ingress-class-name>
+        tlsSecretName: <tls-secret-name>
+      keycloak:
+        host: tenant-operator-keycloak.<hostname>
+        ingressClassName: <ingress-class-name>
+        tlsSecretName: <tls-secret-name>
+    showback: true
+    trustedRootCert: <root-ca-secret-name>
+```  
+
+`<hostname>` : hostname of the cluster  
+`<ingress-class-name>` : name of the ingress class  
+`<tls-secret-name>` : name of the secret that contains the TLS certificate and key  
+`<root-ca-secret-name>` : name of the secret that contains the root CA certificate
+
+>Note: `trustedRootCert` and `tls-secret-name` are optional. If not provided, MTO will use the default root CA certificate and secrets respectively.
+
+Once the above configuration is set on the IntegrationConfig, MTO would start provisioning the required resources for MTO Console to be ready. In a few moments, you should be able to see the Console Ingress in the `multi-tenant-operator` namespace which gives you access to the Console.
+
+For more details on the configuration, please visit [here](../how-to-guides/integration-config.md).
 ![dashboard](../images/dashboard.png)
 
 ### Tenants

content/how-to-guides/integration-config.md

@@ -77,6 +77,23 @@ spec:
     clusterResourceWhitelist:
       - group: tronador.stakater.com
         kind: EnvironmentProvisioner
+  provision:
+    console: true
+    ingress:
+      console:
+        host: tenant-operator-console.apps.mycluster-ams.abcdef.cloud
+        tlsSecretName: tenant-operator-tls
+        ingressClassName: nginx
+      gateway:
+        host: tenant-operator-gateway.apps.mycluster-ams.abcdef.cloud
+        tlsSecretName: tenant-operator-tls
+        ingressClassName: nginx
+      keycloak:
+        host: tenant-operator-keycloak.apps.mycluster-ams.abcdef.cloud
+        tlsSecretName: tenant-operator-tls
+        ingressClassName: nginx
+    showback: true
+    trustedRootCert: my-custom-cert
   rhsso:
     enabled: true
     realm: customer
@@ -326,19 +343,59 @@ argocd:
 ```yaml
 provision:
   console: true
+  ingress:
+    console:
+      host: tenant-operator-console.apps.mycluster-ams.abcdef.cloud
+      ingressSecretName: tenant-operator-tls
+      ingressClassName: nginx
+    gateway:
+      host: tenant-operator-gateway.apps.mycluster-ams.abcdef.cloud
+      ingressSecretName: tenant-operator-tls
+      ingressClassName: nginx
+    keycloak:
+      host: tenant-operator-keycloak.apps.mycluster-ams.abcdef.cloud
+      ingressSecretName: tenant-operator-tls
+      ingressClassName: nginx
   showback: true
+  trustedRootCert: my-custom-cert
 ```
 
-`provision.console:` Can be used to enable/disable console GUI for MTO.
-`provision.showback:` Can be used to enable/disable showback feature on the console.
+`provision.console:` Enables or disables the console GUI for MTO.  
+`provision.ingress:` Configures the ingress settings for various components:  
+ `console:` Settings for the console's ingress.  
+ `gateway:` Settings for the gateway's ingress.  
+ `keycloak:` Settings for the Keycloak's ingress.  
+ (including host, TLS secret, and ingress class)  
+`provision.showback:` Enables or disables the showback feature on the console.  
+`provision.trustedRootCert:` Name of the secret containing the root CA certificate.  
+
+Here's an example of how to generate the secrets required to configure MTO:
+
+**TLS Secret for Ingress:**  
+
+Create a TLS secret containing your SSL/TLS certificate and key for secure communication. This secret will be used for the Console, Gateway, and Keycloak ingresses.
+
+```bash
+kubectl -n multi-tenant-operator create secret tls <tls-secret-name> --key=<path-to-key.pem> --cert=<path-to-cert.pem>
+```
+
+**Trusted Root Certificate Secret:**  
+
+If using a custom certificate authority (CA) or self-signed certificates, create a Kubernetes secret containing your root CA certificate. This is required in order to ensure MTO Components trust the custom certificates.
+
+```bash
+kubectl -n multi-tenant-operator create secret generic <root-ca-secret-name> --from-file=<path-to-rootCA.pem>
+```
+
+>Note: `trustedRootCert` and `tls-secret-name` are optional. If not provided, MTO will use the default root CA certificate and secrets respectively.
 
 Integration config will be managing the following resources required for console GUI:
 
+- `MTO Postgresql` resources.
+- `MTO Prometheus` resources.
+- `MTO Opencost` resources.
+- `MTO Console, Gateway, Keycloak` resources.
 - `Showback` cronjob.
-- `Keycloak` deployment.
-- `MTO-OpenCost` operator.
-- `MTO-Prometheus` operator.
-- `MTO-Postgresql` stateful set.
 
 Details on console GUI and showback can be found [here](../explanation/console.md)