Merge pull request #54522 from sounix000/4719

RHDEVDOCS-4719+4724 Improve Tekton Hub config UX + Support for Crunchy Postgres with Tekton Hub

Author: rolfedh

cicd/pipelines/using-tekton-hub-with-openshift-pipelines.adoc

@@ -10,21 +10,27 @@ toc::[]
 include::snippets/technology-preview.adoc[]
 
 [role="_abstract"]
-{tekton-hub} helps you discover, search, and share reusable tasks and pipelines for your CI/CD workflows. A public instance of {tekton-hub} is available at link:https://hub.tekton.dev/[hub.tekton.dev]. Cluster administrators can also install and deploy a custom instance of {tekton-hub} for enterprise use. 
+{tekton-hub} helps you discover, search, and share reusable tasks and pipelines for your CI/CD workflows. A public instance of {tekton-hub} is available at link:https://hub.tekton.dev/[hub.tekton.dev]. Cluster administrators can also install and deploy a custom instance of {tekton-hub} by modifying the configurations in the `TektonHub` custom resource (CR). 
 
 include::modules/op-installing-and-deploying-tekton-hub-on-an-openshift-cluster.adoc[leveloffset=+1]
 
 include::modules/op-installing-tekton-hub-without-login-and-rating.adoc[leveloffset=+2]
 
 include::modules/op-installing-tekton-hub-with-login-and-rating.adoc[leveloffset=+2]
 
-include::modules/op-adding-new-users-in-tekton-hub-configuration.adoc[leveloffset=+1]
-
 include::modules/op-using-a-custom-database-in-tekton-hub.adoc[leveloffset=+1]
 
-include::modules/op-disabling-tekton-hub-authorization-after-upgrade.adoc[leveloffset=+1]
+include::modules/op-installing-crunchy-postgres-database-and-tekton-hub.adoc[leveloffset=+2]
+
+include::modules/op-migrating-tekton-hub-data-to-an-existing-crunchy-postgres-database.adoc[leveloffset=+2]
+
+include::modules/op-updating-tekton-hub-with-custom-categories-and-catalogs.adoc[leveloffset=+1]
 
-include::modules/op-opting-out-of-tekton-hub-in-the-developer-perspective.adoc[leveloffset=+1]
+include::modules/op-modifying-catalog-refresh-interval-tekton-hub.adoc[leveloffset=+1]
+
+include::modules/op-adding-new-users-in-tekton-hub-configuration.adoc[leveloffset=+1]
+
+include::modules/op-disabling-tekton-hub-authorization-after-upgrade.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 [id="additional-resources-tekton-hub"]

modules/op-adding-new-users-in-tekton-hub-configuration.adoc

@@ -4,11 +4,14 @@
 
 :_content-type: PROCEDURE
 [id="adding-new-users-in-tekton-hub-configuration_{context}"]
-= Optional: Adding new users in {tekton-hub} configuration
+= Adding new users in {tekton-hub} configuration
+
+[role="_abstract"]
+Cluster administrators can add new users to {tekton-hub} with different scopes.
 
 [discrete]
 .Procedure
-. Depending on the intended scope, cluster administrators can add new users in the `config.yaml` file.
+. Modify the `TektonHub` CR to add new users with different scopes.
 +
 [source,yaml]
 ----
@@ -31,10 +34,29 @@ default:
 +
 [NOTE]
 ====
-When any user logs in for the first time, they will have only the default scope even if they are added in the `config.yaml`. To activate additional scopes, ensure the user has logged in at least once.
+A new user signing in to {tekton-hub} for the first time will have only the default scope. To activate additional scopes, ensure the user's username is added in the `scopes` field of the `TektonHub` CR.
 ==== 
 
-. Ensure that in the `config.yaml` file, you have the `config-refresh` scope.
+. Apply the updated `TektonHub` CR.
++
+[source,terminal]
+----
+$ oc apply -f <tekton-hub-cr>.yaml
+----
+
+. Check the status of the {tekton-hub}. The updated `TektonHub` CR might take some time to attain a steady state.
++
+[source,terminal]
+----
+$ oc get tektonhub.operator.tekton.dev
+----
++
+.Sample output
+[source,terminal]
+----
+NAME   VERSION   READY   REASON   APIURL                    UIURL
+hub    v1.9.0    True             https://api.route.url/    https://ui.route.url/
+----
 
 . Refresh the configuration.
 +

modules/op-installing-crunchy-postgres-database-and-tekton-hub.adoc

@@ -0,0 +1,167 @@
+// This module is included in the following assembly:
+//
+// *cicd/pipelines/using-tekton-hub-with-openshift-pipelines.adoc
+
+:_content-type: PROCEDURE
+[id="installing-crunchy-postgres-database-and-tekton-hub_{context}"]
+= Optional: Installing Crunchy Postgres database and {tekton-hub}
+
+[role="_abstract"]
+Cluster administrators can install the Crunchy Postgres database and configure {tekton-hub} to use it instead of the default database.
+
+[discrete]
+.Prerequisites
+
+* Install the Crunchy Postgres Operator from the Operator Hub.
+* Create a Postgres instance that initiates a Crunchy Postgres database.
+
+[discrete]
+.Procedure
+
+. Get into the Crunchy Postgres pod.
++
+.Example: Getting into the `test-instance1-m7hh-0` pod
+[source,terminal]
+----
+$ oc exec -it -n openshift-operators test-instance1-m7hh-0 -- /bin/sh
+
+Defaulting container name to database.
+Use 'oc describe pod/test-instance1-m7hh-0 -n openshift-operators' to see all of the containers in this pod.
+sh-4.4$ psql -U postgres
+psql (14.4)
+Type "help" for help.
+----
+
+. Find the `pg_hba.conf` file.
++
+[source,terminal]
+----
+postgres=# SHOW hba_file;
+         hba_file
+--------------------------
+ /pgdata/pg14/pg_hba.conf
+(1 row)
+
+postgres=#
+----
+
+. Exit from the database.
+
+. Check if the `pg_hba.conf` file has the entry `host all all 0.0.0.0/0 md5`, required to access all incoming connections. In addition, add the entry at the end of the `pg_hba.conf` file.
++
+.Example: `pg_hba.conf` file
+[source,terminal]
+----
+sh-4.4$ cat /pgdata/pg14/pg_hba.conf
+
+# Do not edit this file manually!
+# It will be overwritten by Patroni!
+local all "postgres" peer
+hostssl replication "_crunchyrepl" all cert
+hostssl "postgres" "_crunchyrepl" all cert
+host all "_crunchyrepl" all reject
+hostssl all all all md5
+host  all  all 0.0.0.0/0 md5
+----
+
+. Save the `pg_hba.conf` file and reload the database.
++
+[source,terminal]
+----
+sh-4.4$ psql -U postgres
+psql (14.4)
+Type "help" for help.
+
+postgres=# SHOW hba_file;
+         hba_file
+--------------------------
+ /pgdata/pg14/pg_hba.conf
+(1 row)
+
+postgres=# SELECT pg_reload_conf();
+ pg_reload_conf
+----------------
+ t
+(1 row)
+----
+
+. Exit the database.
+
+. Decode the secret value of the Crunchy Postgres host.
++
+.Example: Decode the secret value of a Crunchy Postgres host
+[source,terminal]
+----
+$ echo 'aGlwcG8tcHJpbWFyeS5vcGVuc2hpZnQtb3BlcmF0b3JzLnN2YyA=' | base64 --decode
+test-primary.openshift-operators.svc
+----
+
+. Create a secret named `tekton-hub-db` in the target namespace with the following keys:
+* `POSTGRES_HOST`
+* `POSTGRES_DB`
+* `POSTGRES_USER`
+* `POSTGRES_PASSWORD`
+* `POSTGRES_PORT`
+
++
+.Example: Custom database secrets
+[source,yaml]
+----
+apiVersion: v1
+kind: Secret
+metadata:
+  name: tekton-hub-db
+  labels:
+    app: tekton-hub-db
+type: Opaque
+stringData:
+  POSTGRES_HOST: test-primary.openshift-operators.svc
+  POSTGRES_DB: test
+  POSTGRES_USER: test
+  POSTGRES_PASSWORD: woXOisU5>ocJiTF7y{{;1[Q(
+  POSTGRES_PORT: '5432'
+...
+----
+
++
+[NOTE]
+====
+The default target namespace is `openshift-pipelines`.
+====
+
+. In the `TektonHub` CR, set the value of the database secret attribute to `tekton-hub-db`.
++
+.Example: Adding custom database secret
+[source,yaml]
+----
+apiVersion: operator.tekton.dev/v1alpha1
+kind: TektonHub
+metadata:
+  name: hub
+spec:
+  targetNamespace: openshift-pipelines
+  db:
+    secret: tekton-hub-db
+...
+----
+
+. Use the updated `TektonHub` CR to associate the custom database with {tekton-hub}.
++
+[source,terminal]
+----
+$ oc apply -f <tekton-hub-cr>.yaml
+----
+
+. Check the status of the installation. The `TektonHub` CR might take some time to attain a steady state.
++
+[source,terminal]
+----
+$ oc get tektonhub.operator.tekton.dev
+----
++
+.Sample output
+[source,terminal]
+----
+NAME   VERSION   READY   REASON   APIURL                    UIURL
+hub    v1.9.0    True             https://api.route.url/    https://ui.route.url/
+----

modules/op-installing-tekton-hub-with-login-and-rating.adoc

@@ -3,7 +3,7 @@
 // *cicd/pipelines/using-tekton-hub-with-openshift-pipelines.adoc
 
 :_content-type: PROCEDURE
-[id="installing-tekton-hub-with-login-and-rating.adoc_{context}"]
+[id="installing-tekton-hub-with-login-and-rating_{context}"]
 = Installing {tekton-hub} with login and rating
 
 [role="_abstract"]
@@ -16,10 +16,6 @@ You can install {tekton-hub} on your cluster with custom configuration that supp
 [discrete]
 .Procedure 
 
-. Create a fork of the link:https://github.com/tektoncd/hub[Tekton Hub] repository.
-
-. Clone the forked repository.
-
 . Create an OAuth application with your Git repository hosting provider, and note the Client ID and Client Secret. The supported providers are GitHub, GitLab, and BitBucket.
 
 ** For a link:https://docs.github.com/en/developers/apps/creating-an-oauth-app[GitHub OAuth application], set the Homepage URL and the Authorization callback URL as `<auth-route>`.
@@ -28,7 +24,7 @@ You can install {tekton-hub} on your cluster with custom configuration that supp
 
 ** For a link:https://support.atlassian.com/bitbucket-cloud/docs/use-oauth-on-bitbucket-cloud[BitBucket OAuth application], set the `Callback URL` as `<auth-route>`.
 
-. Edit the `<tekton_hub_repository>/config/02-api/20-api-secret.yaml` file of your cloned repository to include the {tekton-hub} API secrets:
+. Edit the `<tekton_hub_root>/config/02-api/20-api-secret.yaml` file to include the {tekton-hub} API secrets. For example:
 +
 [source,yaml]
 ----
@@ -80,32 +76,72 @@ metadata:
   name: hub
 spec:
   targetNamespace: openshift-pipelines <1>
+  db: <2>                     
+    secret: tekton-hub-db <3> 
+
+  categories: <4>             
+    - Automation
+    - Build Tools
+    - CLI
+    - Cloud
+    - Code Quality
+      ...
+
+  catalogs: <5>               
+    - name: tekton
+      org: tektoncd
+      type: community
+      provider: github
+      url: https://github.com/tektoncd/catalog
+      revision: main
+
+  scopes: <6>                  
+    - name: agent:create
+      users: [<username>]
+    - name: catalog:refresh
+      users: [<username>]
+    - name: config:refresh
+      users: [<username>]
+
+  default: <7>                  
+    scopes:
+      - rating:read
+      - rating:write
+
   api:
-    hubConfigUrl: https://raw.githubusercontent.com/tektoncd/hub/main/config.yaml <2>
-    catalogRefreshInterval: 30m <3>
+    catalogRefreshInterval: 30m <8>   
 ----
 <1> The namespace in which {tekton-hub} must be installed; default is `openshift-pipelines`.
-<2> Substitute with the URL of the `config.yaml` file.
-<3> The time interval after which the catalog refreshes automatically. The supported units of time are seconds (`s`), minutes (`m`), hours (`h`), days (`d`), and weeks (`w`). The default interval is 30 minutes.
+<2> Optional: Custom database, such as a Crunchy Postgres database.
+<3> The name of the database secret must be `tekton-hub-db`.
+<4> Optional: Customized categories for tasks and pipelines in {tekton-hub}.
+<5> Optional: Customized catalogs for {tekton-hub}.
+<6> Optional: Additional users. You can metion multiple users, such as `[<username_1>, <username_2>, <username_3>]`.
+<7> Optional: Customized default scopes.  
+<8> The time interval after which the catalog refreshes automatically. The supported units of time are seconds (`s`), minutes (`m`), hours (`h`), days (`d`), and weeks (`w`). The default interval is 30 minutes.
++
+[NOTE]
+====
+If you don't provide custom values for the optional fields in the `TektonHub` CR, the default values configured in the {tekton-hub} API config map is used.
+====
 
 . Apply the `TektonHub` CR.
 +
 [source,terminal]
 ----
-$ oc apply -f <TektonHub>.yaml <1>
+$ oc apply -f <tekton-hub-cr>.yaml
 ----
-<1> The file name or path of the `TektonHub` CR.
-+
-[NOTE]
-====
-When you apply the `TektonHub` CR, {tekton-hub} is installed on the cluster in the `openshift-pipelines` namespace, with upstream Tekton Catalog content. 
-====
 
 . Check the status of the installation. The `TektonHub` CR might take some time to attain steady state.
 +
 [source,terminal]
 ----
 $ oc get tektonhub.operator.tekton.dev
+----
++
+.Sample output
+[source,terminal]
+----
 NAME   VERSION   READY   REASON   APIURL                    UIURL
-hub    v1.8.0    True             https://api.route.url/    https://ui.route.url/
+hub    v1.9.0    True             https://api.route.url/    https://ui.route.url/
 ----