You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/auth/jwt-claims.md
-10Lines changed: 0 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -52,13 +52,3 @@ Below is the list of jwt claims used in the fleet-manager
52
52
***rh-user-id** - user id in service account.
53
53
54
54
***username** - username of the entity for which the token was issued. Obtained from the short living ocm token used in the http request. Central request owner value is assigned from the username value.
55
-
56
-
### Token generated by fleetshard-operator service account (https://gitlab.cee.redhat.com/mk-ci-cd/sso-configuration-files/-/blob/master/docs/service-accounts/fleetshard-agent.md)
57
-
58
-
claim:
59
-
60
-
***fleetshard-operator-cluster-id** - used by authenticated context to call dataplane endpoints
>NOTE: The inner layers shouldn't know any details about the outer layer. e.g the business logic layer should call methods in the http middleware layer.
29
29
30
30
The Rest endpoints are of three categories.
31
-
-[Public user facing API](../openapi/fleet-manager.yaml)
32
-
-[The admin endpoints](../openapi/fleet-manager-private-admin.yaml) to perform some admin tasks like upgrades. The endpoint is not visible to the normal user and it requires special permissions to be accessed
33
-
-[The fleetshard synchronisation endpoints](../openapi/fleet-manager-private.yaml) for communication between the fleetshard operator and the fleet manager. The endpoint is not visible to the user and it requires a special _service account_ in sso to be accessed.
31
+
-[Public user facing API](../../openapi/fleet-manager.yaml)
32
+
-[The admin endpoints](../../openapi/fleet-manager-private-admin.yaml) to perform some admin tasks like upgrades. The endpoint is not visible to the normal user and it requires special permissions to be accessed
33
+
-[The fleetshard synchronisation endpoints](../../openapi/fleet-manager-private.yaml) for communication between the fleetshard sync and the fleet manager. The endpoint is not visible to the user and it requires a special _service account_ in sso to be accessed.
34
34
35
35
They are all setup in the [route_loder.go](../internal/central/pkg/routes/route_loader.go) file.
36
36
@@ -66,7 +66,7 @@ There are currently 7 central workers, which are located in the [centrals_mgrs f
66
66
-[`deleting_centrals_mgr.go`](../internal/central/pkg/workers/centrals_mgrs/deleting_centrals_mgr.go) responsible for handling the deletion of centrals e.g removing resources like AWS Route53 entry, IAM secrets client
67
67
-[`accepted_centrals_mgr.go`](../internal/central/pkg/workers/centrals_mgrs/accepted_centrals_mgr.go) responsible for checking if user is within Quota before provisioning a central. Afterwards, it will periodically reconcile on all pending Central resources, attempt to find a valid OpenShift cluster to fit it's requirements (cloud provider, region, etc.) and provision a Central instance to the cluster. Once a suitable Dataplane cluster has been found, we'll update the status of the Central resource to reflect it's current progress.
68
68
-[`preparing_centrals_mgr.go`](../internal/central/pkg/workers/centrals_mgrs/preparing_centrals_mgr.go) responsible for creating external resources e.g AWS Route53 DNS, IAM authentication secrets
69
-
-[`provisioning_centrals_mgr.go`](../internal/central/pkg/workers/centrals_mgrs/provisioning_centrals_mgr.go) responsible for checking if a provisioned central is ready as reported by the fleetshard-operator
69
+
-[`provisioning_centrals_mgr.go`](../internal/central/pkg/workers/centrals_mgrs/provisioning_centrals_mgr.go) responsible for checking if a provisioned central is ready as reported by the fleetshard-sync
70
70
-[`ready_centrals_mgr.go`](../internal/central/pkg/workers/centrals_mgrs/ready_centrals_mgr.go) responsible for reconciling external resources of a ready centrals
71
71
-[`centrals_routes_cname_mgr.go`](../internal/central/pkg/workers/centrals_mgrs/centrals_routes_cname_mgr.go) responsible for reconciliation of DNS records for each centrals' routes.
Copy file name to clipboardExpand all lines: docs/development/test-locally-with-fleetshard-sync.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
# Test Locally with the fleetshard Synchronizer
2
2
3
-
The communication between the fleetshard operator and the fleet-manager will be handled by the synchronizer module. The communication is established by the synchronizer module, so for it to work it needs to know the url of the control plane. However, when you run the fleet-manager locally and the fleetshard operator on a remote public OSD cluster, this will not work as there is no public URL for the synchronizer to use.
3
+
The communication between the fleetshard-sync and the fleet-manager will be handled by the synchronizer module. The communication is established by the synchronizer module, so for it to work it needs to know the url of the control plane. However, when you run the fleet-manager locally and the fleetshard-sync on a remote OpenShift cluster, this will not work as there is no public URL for the synchronizer to use.
4
4
5
5
To solve this problem, it is recommended to use a service like [ngrok](https://ngrok.com/). Ngrok will be able to expose your local sever on the public internet.
0 commit comments