diff --git a/content/explanation/console.md b/content/explanation/console.md index b39d6cfa5..5e7bbee64 100644 --- a/content/explanation/console.md +++ b/content/explanation/console.md @@ -8,38 +8,38 @@ The Multi Tenant Operator (MTO) Console is a comprehensive user interface design The dashboard serves as a centralized monitoring hub, offering insights into the current state of tenants, namespaces, and quotas. It is designed to provide a quick summary/snapshot of MTO resources' status. Additionally, it includes a Showback graph that presents a quick glance of the seven-day cost trends associated with the namespaces/tenants based on the logged-in user. -![image](../images/dashboard.png) +![dashboard](../images/dashboard.png) ### Tenants Here, admins have a bird's-eye view of all tenants, with the ability to delve into each one for detailed examination and management. This section is pivotal for observing the distribution and organization of tenants within the system. More information on each tenant can be accessed by clicking the view option against each tenant name. -![image](../images/tenants.png) +![tenants](../images/tenants.png) ### Namespaces Users can view all the namespaces that belong to their tenant, offering a comprehensive perspective of the accessible namespaces for tenant members. This section also provides options for detailed exploration. -![image](../images/namespaces.png) +![namespaces](../images/namespaces.png) ### Quotas MTO's Quotas are crucial for managing resource allocation. In this section, administrators can assess the quotas assigned to each tenant, ensuring a balanced distribution of resources in line with operational requirements. -![image](../images/quotas.png) +![quotas](../images/quotas.png) ### Templates The Templates section acts as a repository for standardized resource deployment patterns, which can be utilized to maintain consistency and reliability across tenant environments. Few examples include provisioning specific k8s manifests, helm charts, secrets or configmaps across a set of namespaces. -![image](../images/templates.png) -![image](../images/templateGroupInstances.png) +![templates](../images/templates.png) +![templateGroupInstances](../images/templateGroupInstances.png) ### Showback The Showback feature is an essential financial governance tool, providing detailed insights into the cost implications of resource usage by tenant or namespace or other filters. This facilitates a transparent cost management and internal chargeback or showback process, enabling informed decision-making regarding resource consumption and budgeting. -![image](../images/showback.png) +![showback](../images/showback.png) ## User Roles and Permissions @@ -47,7 +47,7 @@ The Showback feature is an essential financial governance tool, providing detail Administrators have overarching access to the console, including the ability to view all namespaces and tenants. They have exclusive access to the IntegrationConfig, allowing them to view all the settings and integrations. -![image](../images/integrationConfig.png) +![integrationConfig](../images/integrationConfig.png) ### Tenant Users @@ -59,7 +59,7 @@ In the MTO Console, each resource section is equipped with a "View" button, reve You can find more details on graph visualization here: [Graph Visualization](../reference-guides/graph-visualization.md) -![image](../images/tenants_graph.png) +![tenants-graph](../images/tenants_graph.png) ## Caching and Database diff --git a/content/how-to-guides/keycloak.md b/content/how-to-guides/keycloak.md new file mode 100644 index 000000000..5a6ada3a0 --- /dev/null +++ b/content/how-to-guides/keycloak.md @@ -0,0 +1,74 @@ +# Setting Up User Access in Keycloak for MTO Console + +This guide walks you through the process of adding new users in Keycloak and granting them access to Multi Tenant Operator (MTO) Console. + +## Accessing Keycloak Console + +* Log in to the OpenShift Console. +* Go to the 'Routes' section within the 'multi-tenant-operator' namespace. + +![routes](../images/routes.png) + +* Click on the Keycloak console link provided in the Routes. +* Login using the admin credentials (default: admin/admin). + +## Adding new Users in Keycloak + +* In the Keycloak console, switch to the `mto` realm. + +![realm](../images/realm.png) + +* Go to the `Users` section in the `mto` realm. +* Follow the prompts to add a new user. + +![keycloak-new-user](../images/keycloak-new-user.png) + +* Once you add a new user, here is how the Users section would look like + +![keycloak-users](../images/keycloak-users.png) + +## Accessing MTO Console + +* Go back to the OpenShift Console, navigate to the Routes section, and get the URL for the MTO Console. +* Open the MTO Console URL and log in with the newly added user credentials. + +Now, at this point, a user will be authenticated to the MTO Console. But in order to get access to view any Tenant resources, the user will need to be part of a Tenant. + +## Granting Access to Tenant Resources + +* Open Tenant CR: In the OpenShift cluster, locate and open the Tenant Custom Resource (CR) that you wish to give access to. You will see a YAML file similar to the following example: + +```yaml +apiVersion: tenantoperator.stakater.com/v1beta2 +kind: Tenant +metadata: + name: arsenal +spec: + quota: small + owners: + users: + - gabriel@arsenal.com + groups: + - arsenal + editors: + users: + - hakimi@arsenal.com + viewers: + users: + - neymar@arsenal.com +``` + +* Edit Tenant CR: Add the newly created user's email to the appropriate section (owners, editors, viewers) in the Tenant CR. For example, if you have created a user `john@arsenal.com` and wish to add them as an editor, the edited section would look like this: + +```yaml +editors: + users: + - gabriel@arsenal.com + - benzema@arsenal.com +``` + +* Save Changes: Save and apply the changes to the Tenant CR. + +## Verifying Access + +Once the above steps are completed, you should be able to access the MTO Console now and see alpha Tenant's details along with all the other resources such as namespaces and templates that John has access to. diff --git a/content/images/keycloak-new-user.png b/content/images/keycloak-new-user.png new file mode 100644 index 000000000..642500a50 Binary files /dev/null and b/content/images/keycloak-new-user.png differ diff --git a/content/images/keycloak-users.png b/content/images/keycloak-users.png new file mode 100644 index 000000000..ffce84a84 Binary files /dev/null and b/content/images/keycloak-users.png differ diff --git a/content/images/realm.png b/content/images/realm.png new file mode 100644 index 000000000..fb2ba5760 Binary files /dev/null and b/content/images/realm.png differ diff --git a/content/images/routes.png b/content/images/routes.png new file mode 100644 index 000000000..69fd20891 Binary files /dev/null and b/content/images/routes.png differ