From b2d8024002a10101b0b09566a8d0026f4daea410 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 5 Feb 2025 13:52:15 +0100 Subject: [PATCH] Update stakater/.github action to v0.0.117 (0.9) (#210) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Karl Johan Grahn --- .github/workflows/closed_pr.yaml | 4 +- .github/workflows/delete_branch.yaml | 6 ++- .github/workflows/pull_request.yaml | 23 ++++----- .github/workflows/push.yaml | 6 ++- .github/workflows/release.yaml | 16 +++---- .gitignore | 5 +- .gitmodules | 6 +-- .markdownlint.yaml | 11 +++-- .vale.ini | 5 +- Dockerfile | 2 +- README.md | 1 + content/changelog.md | 4 +- content/faq.md | 2 +- content/features.md | 6 +-- content/how-to-guides/integration-config.md | 6 +-- content/index.md | 6 +-- content/installation.md | 4 +- content/integration-config.md | 6 +-- .../reference-guides/deploying-templates.md | 6 +-- ...ng-secrets-using-sealed-secret-template.md | 4 +- .../reference-guides/distributing-secrets.md | 4 +- content/reference-guides/integrationconfig.md | 2 +- content/tenant-roles.md | 44 ++++++++--------- content/troubleshooting.md | 4 +- .../argocd/enabling-multi-tenancy-argocd.md | 4 +- content/tutorials/installation.md | 6 +-- .../vault/enabling-multi-tenancy-vault.md | 2 +- content/usecases/argocd.md | 4 +- content/usecases/deploying-templates.md | 6 +-- ...ng-secrets-using-sealed-secret-template.md | 4 +- content/usecases/integrationconfig.md | 2 +- content/usecases/quota.md | 2 +- content/vault-multitenancy.md | 2 +- custom_theme/404.html | 6 --- custom_theme/main.html | 12 ----- prepare_theme.sh | 3 ++ prepare_theme_pr.sh | 6 +++ theme_common | 1 + mkdocs.yml => theme_override/mkdocs.yml | 45 ++++-------------- .../resources}/assets/images/favicon.svg | 0 .../resources/assets/images/logo-dark.png | Bin 0 -> 1655 bytes .../resources/assets/images/logo-light.png | Bin 0 -> 1655 bytes vocabulary | 1 - 43 files changed, 130 insertions(+), 159 deletions(-) delete mode 100644 custom_theme/404.html delete mode 100644 custom_theme/main.html create mode 100755 prepare_theme.sh create mode 100644 prepare_theme_pr.sh create mode 160000 theme_common rename mkdocs.yml => theme_override/mkdocs.yml (67%) rename {custom_theme => theme_override/resources}/assets/images/favicon.svg (100%) create mode 100644 theme_override/resources/assets/images/logo-dark.png create mode 100644 theme_override/resources/assets/images/logo-light.png delete mode 160000 vocabulary diff --git a/.github/workflows/closed_pr.yaml b/.github/workflows/closed_pr.yaml index 80f535c81..b253d2d5f 100644 --- a/.github/workflows/closed_pr.yaml +++ b/.github/workflows/closed_pr.yaml @@ -7,6 +7,6 @@ on: jobs: push: - uses: stakater/.github/.github/workflows/pull_request_closed.yaml@v0.0.38 + uses: stakater/.github/.github/workflows/pull_request_closed.yaml@v0.0.117 secrets: - GH_TOKEN: ${{ secrets.STAKATER_GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.PUBLISH_TOKEN }} diff --git a/.github/workflows/delete_branch.yaml b/.github/workflows/delete_branch.yaml index 9cd42b75a..6d9e4bb9e 100644 --- a/.github/workflows/delete_branch.yaml +++ b/.github/workflows/delete_branch.yaml @@ -5,6 +5,8 @@ on: jobs: delete: - uses: stakater/.github/.github/workflows/branch_deleted.yaml@v0.0.38 + uses: stakater/.github/.github/workflows/branch_deleted.yaml@v0.0.117 + with: + LATEST_DOC_VERSION: "1.1" secrets: - GH_TOKEN: ${{ secrets.STAKATER_GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.PUBLISH_TOKEN }} diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml index b07c714f5..24b3aedb0 100644 --- a/.github/workflows/pull_request.yaml +++ b/.github/workflows/pull_request.yaml @@ -8,24 +8,25 @@ on: jobs: doc_qa: - uses: stakater/.github/.github/workflows/pull_request_doc_qa.yaml@v0.0.38 + uses: stakater/.github/.github/workflows/pull_request_doc_qa.yaml@v0.0.117 with: MD_CONFIG: .github/md_config.json - DOC_SRC: content + DOC_SRC: content README.md MD_LINT_CONFIG: .markdownlint.yaml + deploy_doc: + uses: stakater/.github/.github/workflows/pull_request_versioned_doc.yaml@v0.0.117 + secrets: + GH_TOKEN: ${{ secrets.PUBLISH_TOKEN }} build_container: + needs: deploy_doc if: ${{ github.base_ref == 'main' }} - uses: stakater/.github/.github/workflows/pull_request_container_build.yaml@v0.0.38 + uses: stakater/.github/.github/workflows/pull_request_container_build.yaml@v0.0.117 with: DOCKER_BUILD_CONTEXTS: content=https://github.com/stakater/mto-docs.git#pull-request-deployments DOCKER_FILE_PATH: Dockerfile + CONTAINER_REGISTRY_URL: ghcr.io/stakater secrets: - CONTAINER_REGISTRY_URL: ${{ secrets.STAKATER_NEXUS_PREPROD_REGISTRY }} - CONTAINER_REGISTRY_USERNAME: ${{ secrets.STAKATER_NEXUS_PREPROD_USERNAME }} - CONTAINER_REGISTRY_PASSWORD: ${{ secrets.STAKATER_NEXUS_PREPROD_PASSWORD }} + CONTAINER_REGISTRY_USERNAME: ${{ github.actor }} + CONTAINER_REGISTRY_PASSWORD: ${{ secrets.GHCR_TOKEN }} SLACK_WEBHOOK_URL: ${{ secrets.STAKATER_DELIVERY_SLACK_WEBHOOK }} - DOCKER_SECRETS: GIT_AUTH_TOKEN=${{ secrets.STAKATER_GITHUB_TOKEN }} - deploy_doc: - uses: stakater/.github/.github/workflows/pull_request_versioned_doc.yaml@v0.0.38 - secrets: - GH_TOKEN: ${{ secrets.STAKATER_GITHUB_TOKEN }} + DOCKER_SECRETS: GIT_AUTH_TOKEN=${{ secrets.PUBLISH_TOKEN }} diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml index 3281fe179..aefa7d5af 100644 --- a/.github/workflows/push.yaml +++ b/.github/workflows/push.yaml @@ -8,6 +8,8 @@ on: jobs: push: - uses: stakater/.github/.github/workflows/push_versioned_doc.yaml@v0.0.38 + uses: stakater/.github/.github/workflows/push_versioned_doc.yaml@v0.0.117 + with: + LATEST_DOC_VERSION: "1.1" secrets: - GH_TOKEN: ${{ secrets.STAKATER_GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.PUBLISH_TOKEN }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index cc41b57c7..1d63f6704 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -3,22 +3,22 @@ name: Release on: push: tags: - - "v*" + - 'v*' jobs: create_release: - uses: stakater/.github/.github/workflows/release_template.yaml@v0.0.38 + uses: stakater/.github/.github/workflows/release_template.yaml@v0.0.117 secrets: SLACK_WEBHOOK_URL: ${{ secrets.STAKATER_DELIVERY_SLACK_WEBHOOK }} build_container: - uses: stakater/.github/.github/workflows/push_container_only.yaml@v0.0.38 + uses: stakater/.github/.github/workflows/push_container_only.yaml@v0.0.117 with: DOCKER_BUILD_CONTEXTS: content=https://github.com/stakater/mto-docs.git#gh-pages DOCKER_FILE_PATH: Dockerfile secrets: - CONTAINER_REGISTRY_URL: ${{ secrets.STAKATER_NEXUS_PREPROD_REGISTRY }} - CONTAINER_REGISTRY_USERNAME: ${{ secrets.STAKATER_NEXUS_PREPROD_USERNAME }} - CONTAINER_REGISTRY_PASSWORD: ${{ secrets.STAKATER_NEXUS_PREPROD_PASSWORD }} + CONTAINER_REGISTRY_URL: ghcr.io/stakater + CONTAINER_REGISTRY_USERNAME: ${{ github.actor }} + CONTAINER_REGISTRY_PASSWORD: ${{ secrets.GHCR_TOKEN }} SLACK_WEBHOOK_URL: ${{ secrets.STAKATER_DELIVERY_SLACK_WEBHOOK }} - GH_TOKEN: ${{ secrets.STAKATER_GITHUB_TOKEN }} - DOCKER_SECRETS: GIT_AUTH_TOKEN=${{ secrets.STAKATER_GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.PUBLISH_TOKEN }} + DOCKER_SECRETS: GIT_AUTH_TOKEN=${{ secrets.PUBLISH_TOKEN }} diff --git a/.gitignore b/.gitignore index 9c9d311be..512836890 100644 --- a/.gitignore +++ b/.gitignore @@ -20,6 +20,7 @@ node_modules # Build files site/ +./mkdocs.yml - -.idea \ No newline at end of file +.idea +styles diff --git a/.gitmodules b/.gitmodules index a47a9fc2f..93d493ffa 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,3 @@ -[submodule "vocabulary"] - path = vocabulary - url = git@github.com:stakater/vocabulary.git +[submodule "theme_common"] + path = theme_common + url = git@github.com:stakater/stakater-docs-mkdocs-theme.git diff --git a/.markdownlint.yaml b/.markdownlint.yaml index 7e2d90413..292e7adb2 100644 --- a/.markdownlint.yaml +++ b/.markdownlint.yaml @@ -1,5 +1,6 @@ -{ - "MD007": { "indent": 4 }, - "MD013": false, - "MD024": false, -} +MD007: + indent: 4 +MD013: false +MD024: false +MD029: + style: one diff --git a/.vale.ini b/.vale.ini index 56d1b7546..24bb70252 100644 --- a/.vale.ini +++ b/.vale.ini @@ -1,7 +1,8 @@ -StylesPath = "vocabulary/styles" +StylesPath = styles MinAlertLevel = warning -Vocab = "Stakater" +Packages = https://github.com/stakater/vale-package/releases/download/v0.0.52/Stakater.zip +Vocab = Stakater # Only check MarkDown files [*.md] diff --git a/Dockerfile b/Dockerfile index 518bd4017..2c4525695 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:1 -FROM nginxinc/nginx-unprivileged:1.24-alpine +FROM nginxinc/nginx-unprivileged:1.27-alpine WORKDIR /usr/share/nginx/html/ # copy the entire application diff --git a/README.md b/README.md index f1a4e4227..e3a1f686f 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,3 @@ # Multi Tenant Operator Documentation + Documentation for [Multi Tenant Operator](https://www.stakater.com/mto) diff --git a/content/changelog.md b/content/changelog.md index 926a0e5e9..d947f15c0 100644 --- a/content/changelog.md +++ b/content/changelog.md @@ -41,7 +41,7 @@ ### v0.8.3 -- fix: Reconcile namespaces when the group spec for tenants is changed, so new rolebindings can be created for them +- fix: Reconcile namespaces when the group spec for tenants is changed, so new `rolebindings` can be created for them ### v0.8.1 @@ -121,7 +121,7 @@ ### v0.5.3 -- fix: Add support for parameters in Helm chartRepository in templates +- fix: Add support for parameters in Helm `chartRepository` in templates ### v0.5.2 diff --git a/content/faq.md b/content/faq.md index 2e2a00191..42fdcc240 100644 --- a/content/faq.md +++ b/content/faq.md @@ -6,7 +6,7 @@ ## Q. How do I deploy cluster-scoped resource via the ArgoCD integration? -**A.** Multi-Tenant Operator's ArgoCD Integration allows configuration of which cluster-scoped resources can be deployed, both globally and on a per-tenant basis. For a global whitelist that applies to all tenants, you can add both resource `group` and `kind` to the [IntegrationConfig's](./how-to-guides/integration-config.md#argocd) `spec.argocd.clusterResourceWhitelist` field. Alternatively, you can set this up on a tenant level by configuring the same details within a [Tenant's](./how-to-guides/tenant.md) `spec.argocd.appProject.clusterResourceWhitelist` field. For more details, check out the [ArgoCD integration use cases](./tutorials/argocd/enabling-multi-tenancy-argocd.md#allow-argocd-to-sync-certain-cluster-wide-resources) +**A.** Multi-Tenant Operator's ArgoCD Integration allows configuration of which cluster-scoped resources can be deployed, both globally and on a per-tenant basis. For a global deny list that applies to all tenants, you can add both resource `group` and `kind` to the [IntegrationConfig's](./how-to-guides/integration-config.md#argocd) `spec.argocd.clusterResourceWhitelist` field. Alternatively, you can set this up on a tenant level by configuring the same details within a [Tenant's](./how-to-guides/tenant.md) `spec.argocd.appProject.clusterResourceWhitelist` field. For more details, check out the [ArgoCD integration use cases](./tutorials/argocd/enabling-multi-tenancy-argocd.md#allow-argocd-to-sync-certain-cluster-wide-resources) ## Q. InvalidSpecError: application repo \ is not permitted in project \ diff --git a/content/features.md b/content/features.md index 26a859a29..8d91036a1 100644 --- a/content/features.md +++ b/content/features.md @@ -10,9 +10,9 @@ Multi Tenant Operator binds existing ClusterRoles to the Tenant's Namespaces use Multi Tenant Operator is also able to leverage existing OpenShift groups or external groups synced from 3rd party identity management systems, for maintaining Tenant membership in your organization's current user management system. -## HashiCorp Vault Multitenancy +## Hashicorp Vault Multitenancy -Multi Tenant Operator extends the tenants permission model to HashiCorp Vault where it can create Vault paths and greatly ease the overhead of managing RBAC in Vault. Tenant users can manage their own secrets without the concern of someone else having access to their Vault paths. +Multi Tenant Operator extends the tenants permission model to Hashicorp Vault where it can create Vault paths and greatly ease the overhead of managing RBAC in Vault. Tenant users can manage their own secrets without the concern of someone else having access to their Vault paths. More details on [Vault Multitenancy](./tutorials/vault/enabling-multi-tenancy-vault.md) @@ -65,7 +65,7 @@ More details on [Hibernation](./tutorials/tenant/tenant-hibernation.md) Multi Tenant Operator supports cloning of secrets and configmaps from one namespace to another namespace based on label selectors. It uses templates to enable users to provide reference to secrets and configmaps. It uses a template group instance to distribute those secrets and namespaces in matching namespaces, even if namespaces belong to different tenants. If template instance is used then the resources will only be mapped if namespaces belong to same tenant. -More details on [Distributing Secrets and ConfigMaps](./reference-guides/distributing-resources.md) +More details on [Distributing Secrets and Configmaps](./reference-guides/distributing-resources.md) ## Self-Service diff --git a/content/how-to-guides/integration-config.md b/content/how-to-guides/integration-config.md index 661c80d3d..077482737 100644 --- a/content/how-to-guides/integration-config.md +++ b/content/how-to-guides/integration-config.md @@ -141,11 +141,11 @@ tenantRoles: ### Default -This field contains roles that will be used to create default roleBindings for each namespace that belongs to tenants. These roleBindings are only created for a namespace if that namespace isn't already matched by the `custom` field below it. Therefore, it is required to have at least one role mentioned within each of its three subfields: `owner`, `editor`, and `viewer`. These 3 subfields also correspond to the member fields of the [Tenant CR](./tenant.md#tenant) +This field contains roles that will be used to create default `roleBindings` for each namespace that belongs to tenants. These `roleBindings` are only created for a namespace if that namespace isn't already matched by the `custom` field below it. Therefore, it is required to have at least one role mentioned within each of its three subfields: `owner`, `editor`, and `viewer`. These 3 subfields also correspond to the member fields of the [Tenant CR](./tenant.md#tenant) ### Custom -An array of custom roles. Similar to the `default` field, you can mention roles within this field as well. However, the custom roles also require the use of a `labelSelector` for each iteration within the array. The roles mentioned here will only apply to the namespaces that are matched by the labelSelector. If a namespace is matched by 2 different labelSelectors, then both roles will apply to it. Additionally, roles can be skipped within the labelSelector. These missing roles are then inherited from the `default` roles field . For example, if the following custom roles arrangement is used: +An array of custom roles. Similar to the `default` field, you can mention roles within this field as well. However, the custom roles also require the use of a `labelSelector` for each iteration within the array. The roles mentioned here will only apply to the namespaces that are matched by the `labelSelector`. If a namespace is matched by 2 different `labelSelectors`, then both roles will apply to it. Additionally, roles can be skipped within the `labelSelector`. These missing roles are then inherited from the `default` roles field . For example, if the following custom roles arrangement is used: ```yaml custom: @@ -341,7 +341,7 @@ If enabled, then admins have to provide secret and URL of RHSSO. ## Vault -[Vault](https://www.vaultproject.io/) is used to secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API. +[Vault](https://www.vaultproject.io/) is used to secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or http API. If `vault` is configured on a cluster, then Vault configuration can be enabled. diff --git a/content/index.md b/content/index.md index 6a0edbc9a..a31cf7585 100644 --- a/content/index.md +++ b/content/index.md @@ -36,9 +36,9 @@ Multi Tenant Operator binds existing ClusterRoles to the Tenant's Namespaces use Multi Tenant Operator is also able to leverage existing OpenShift groups or external groups synced from 3rd party identity management systems, for maintaining Tenant membership in your organization's current user management system. -## HashiCorp Vault Multitenancy +## Hashicorp Vault Multitenancy -Multi Tenant Operator extends the tenants permission model to HashiCorp Vault where it can create Vault paths and greatly ease the overhead of managing RBAC in Vault. Tenant users can manage their own secrets without the concern of someone else having access to their Vault paths. +Multi Tenant Operator extends the tenants permission model to Hashicorp Vault where it can create Vault paths and greatly ease the overhead of managing RBAC in Vault. Tenant users can manage their own secrets without the concern of someone else having access to their Vault paths. More details on [Vault Multitenancy](./tutorials/vault/enabling-multi-tenancy-vault.md) @@ -91,7 +91,7 @@ More details on [Hibernation](./tutorials/tenant/tenant-hibernation.md#hibernati Multi Tenant Operator supports cloning of secrets and configmaps from one namespace to another namespace based on label selectors. It uses templates to enable users to provide reference to secrets and configmaps. It uses a template group instance to distribute those secrets and namespaces in matching namespaces, even if namespaces belong to different tenants. If template instance is used then the resources will only be mapped if namespaces belong to same tenant. -More details on [Distributing Secrets and ConfigMaps](./reference-guides/distributing-resources.md) +More details on [Distributing Secrets and Configmaps](./reference-guides/distributing-resources.md) ## Self-Service diff --git a/content/installation.md b/content/installation.md index b70dee669..75f16c15f 100644 --- a/content/installation.md +++ b/content/installation.md @@ -4,9 +4,9 @@ This document contains instructions on installing, uninstalling and configuring 1. [OpenShift OperatorHub UI](#installing-via-operatorhub-ui) -2. [CLI/GitOps](#installing-via-cli-or-gitops) +1. [CLI/GitOps](#installing-via-cli-or-gitops) -3. [Uninstall](#uninstall-via-operatorhub-ui) +1. [Uninstall](#uninstall-via-operatorhub-ui) ## Requirements diff --git a/content/integration-config.md b/content/integration-config.md index 6a1842751..22fb58d20 100644 --- a/content/integration-config.md +++ b/content/integration-config.md @@ -141,11 +141,11 @@ tenantRoles: ### Default -This field contains roles that will be used to create default roleBindings for each namespace that belongs to tenants. These roleBindings are only created for a namespace if that namespaces isn't already matched by the `custom` field below it. Therefore, it is required to have at least one role mentioned within each of its three subfields: `owner`, `editor`, and `viewer`. These 3 subfields also correspond to the member fields of the [Tenant CR](./customresources.md#_2-tenant) +This field contains roles that will be used to create default `roleBindings` for each namespace that belongs to tenants. These `roleBindings` are only created for a namespace if that namespaces isn't already matched by the `custom` field below it. Therefore, it is required to have at least one role mentioned within each of its three subfields: `owner`, `editor`, and `viewer`. These 3 subfields also correspond to the member fields of the [Tenant CR](./customresources.md) ### Custom -An array of custom roles. Similar to the `default` field, you can mention roles within this field as well. However, the custom roles also require the use of a `labelSelector` for each iteration within the array. The roles mentioned here will only apply to the namespaces that are matched by the labelSelector. If a namespace is matched by 2 different labelSelectors, then both roles will apply to it. Additionally, roles can be skipped within the labelSelector. These missing roles are then inherited from the `default` roles field . For example, if the following custom roles arrangement is used: +An array of custom roles. Similar to the `default` field, you can mention roles within this field as well. However, the custom roles also require the use of a `labelSelector` for each iteration within the array. The roles mentioned here will only apply to the namespaces that are matched by the `labelSelector`. If a namespace is matched by 2 different `labelSelectors`, then both roles will apply to it. Additionally, roles can be skipped within the `labelSelector`. These missing roles are then inherited from the `default` roles field . For example, if the following custom roles arrangement is used: ```yaml custom: @@ -341,7 +341,7 @@ If enabled, than admins have to provide secret and URL of RHSSO. ## Vault -[Vault](https://www.vaultproject.io/) is used to secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API. +[Vault](https://www.vaultproject.io/) is used to secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or http API. If `vault` is configured on a cluster, then Vault configuration can be enabled. diff --git a/content/reference-guides/deploying-templates.md b/content/reference-guides/deploying-templates.md index 4e20fbac8..c8835258e 100644 --- a/content/reference-guides/deploying-templates.md +++ b/content/reference-guides/deploying-templates.md @@ -3,8 +3,8 @@ Multi Tenant Operator has three Custom Resources which can cover this need using the `Template` CR, depending upon the conditions and preference. 1. TemplateGroupInstance -2. TemplateInstance -3. Tenant +1. TemplateInstance +1. Tenant Stakater Team, however, encourages the use of `TemplateGroupInstance` to distribute resources in multiple namespaces as it is optimized for better performance. @@ -57,7 +57,7 @@ NAME STATE AGE docker-secret Active 2m ``` -`TemplateGroupInstance` can also target specific tenants or all tenant namespaces under a single yaml definition. +`TemplateGroupInstance` can also target specific tenants or all tenant namespaces under a single YAML definition. ### TemplateGroupInstance for multiple Tenants diff --git a/content/reference-guides/distributing-secrets-using-sealed-secret-template.md b/content/reference-guides/distributing-secrets-using-sealed-secret-template.md index d78eada01..098ea3df5 100644 --- a/content/reference-guides/distributing-secrets-using-sealed-secret-template.md +++ b/content/reference-guides/distributing-secrets-using-sealed-secret-template.md @@ -71,7 +71,7 @@ spec: Bill has added support for a new label `distribute-image-pull-secret: true"` for tenant projects/namespaces, now MTO will add that label depending on the used field. -Finally, Bill creates a `TemplateGroupInstance` which will deploy the sealed secrets using the newly created project label and template. +Finally, Bill creates a `TemplateGroupInstance` which will deploy the Sealed Secrets using the newly created project label and template. ```yaml apiVersion: tenantoperator.stakater.com/v1alpha1 @@ -86,4 +86,4 @@ spec: sync: true ``` -MTO will now deploy the sealed secrets mentioned in `Template` to namespaces which have the mentioned label. The rest of the work to deploy secret from a sealed secret has to be done by Sealed Secrets Controller. +MTO will now deploy the Sealed Secrets mentioned in `Template` to namespaces which have the mentioned label. The rest of the work to deploy secret from a Sealed Secret has to be done by Sealed Secrets Controller. diff --git a/content/reference-guides/distributing-secrets.md b/content/reference-guides/distributing-secrets.md index b8de1463a..2e634fdda 100644 --- a/content/reference-guides/distributing-secrets.md +++ b/content/reference-guides/distributing-secrets.md @@ -71,7 +71,7 @@ spec: Bill has added support for a new label `distribute-image-pull-secret: true"` for tenant projects/namespaces, now MTO will add that label depending on the used field. -Finally, Bill creates a `TemplateGroupInstance` which will deploy the sealed secrets using the newly created project label and template. +Finally, Bill creates a `TemplateGroupInstance` which will deploy the Sealed Secrets using the newly created project label and template. ```yaml apiVersion: tenantoperator.stakater.com/v1alpha1 @@ -86,4 +86,4 @@ spec: sync: true ``` -MTO will now deploy the sealed secrets mentioned in `Template` to namespaces which have the mentioned label. The rest of the work to deploy secret from a sealed secret has to be done by Sealed Secrets Controller. +MTO will now deploy the Sealed Secrets mentioned in `Template` to namespaces which have the mentioned label. The rest of the work to deploy secret from a Sealed Secret has to be done by Sealed Secrets Controller. diff --git a/content/reference-guides/integrationconfig.md b/content/reference-guides/integrationconfig.md index 02f4cebe3..b01c7f3b4 100644 --- a/content/reference-guides/integrationconfig.md +++ b/content/reference-guides/integrationconfig.md @@ -72,7 +72,7 @@ spec: ## Configuring Vault in IntegrationConfig -[Vault](https://www.vaultproject.io/) is used to secure, store and tightly control access to tokens, passwords, certificates, and encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API. +[Vault](https://www.vaultproject.io/) is used to secure, store and tightly control access to tokens, passwords, certificates, and encryption keys for protecting secrets and other sensitive data using a UI, CLI, or http API. If Bill (the cluster admin) has Vault configured in his cluster, then he can take benefit from MTO's integration with Vault. diff --git a/content/tenant-roles.md b/content/tenant-roles.md index e0076e8a8..503f22130 100644 --- a/content/tenant-roles.md +++ b/content/tenant-roles.md @@ -45,18 +45,18 @@ Owner is an admin of a tenant with some restrictions. It has privilege to see al ### Resources Permissions -* CRUD access on Template, TemplateInstance and TemplateGroupInstance of MTO custom resources -* CRUD access on ImageStreamTags in `Project` -* Get access on CustomResourceDefinitions in `Project` -* Get, list, watch access on Builds, BuildConfigs in `Project` +* CRUD access on `Template`, `TemplateInstance` and `TemplateGroupInstance` of MTO custom resources +* CRUD access on `ImageStreamTags` in `Project` +* Get access on `CustomResourceDefinitions` in `Project` +* Get, list, watch access on `Builds`, `BuildConfigs` in `Project` * CRUD access on following resources in `Project`: - * Prometheuses - * Prometheusrules - * ServiceMonitors - * PodMonitors - * ThanosRulers -* Permission to create Namespaces. -* Restricted to perform actions on cluster resource Quotas and Limits. + * `Prometheuses` + * `Prometheusrules` + * `ServiceMonitors` + * `PodMonitors` + * `ThanosRulers` +* Permission to create `Namespaces` +* Restricted to perform actions on cluster resource `Quotas` and `Limits` ## 2. Editor @@ -98,7 +98,7 @@ Edit role will have edit access on their `Projects`, but they wont have access o * deletecollection * patch * update -* Build, BuildConfig, BuildLog, DeploymentConfig, Deployment, ConfigMap, ImageStream , ImageStreamImage and ImageStreamMapping access in `Project` +* `Build`, `BuildConfig`, `BuildLog`, `DeploymentConfig`, `Deployment`, `ConfigMap`, `ImageStream`, `ImageStreamImage` and `ImageStreamMapping` access in `Project`: * get * list * watch @@ -111,7 +111,7 @@ Edit role will have edit access on their `Projects`, but they wont have access o ### Resources Permissions * CRUD access on Template, TemplateInstance and TemplateGroupInstance of MTO custom resources -* Job, CronJob, Task, Trigger and Pipeline access in `Project` +* Job, CronJob, Task, Trigger and Pipeline access in `Project`: * get * list * watch @@ -121,7 +121,7 @@ Edit role will have edit access on their `Projects`, but they wont have access o * patch * update * Get access on projects -* Route and NetworkPolicies access in `Project` +* Route and NetworkPolicies access in `Project`: * get * list * watch @@ -130,7 +130,7 @@ Edit role will have edit access on their `Projects`, but they wont have access o * deletecollection * patch * update -* Template, ReplicaSet, StatefulSet and DaemonSet access in `Project` +* `Template`, `ReplicaSet`, `StatefulSet` and `DaemonSet` access in `Project`: * get * list * watch @@ -139,7 +139,7 @@ Edit role will have edit access on their `Projects`, but they wont have access o * deletecollection * patch * update -* CRUD access on all Projects related to +* CRUD access on all Projects related to: * Elasticsearch * Logging * Kibana @@ -149,12 +149,12 @@ Edit role will have edit access on their `Projects`, but they wont have access o * Tekton.dev * Get access on CustomResourceDefinitions in `Project` * Edit and view permission on `jenkins.build.openshift.io` -* InstallPlan access in `Project` +* InstallPlan access in `Project`: * get * list * watch * delete -* Subscription and PackageManifest access in `Project` +* Subscription and PackageManifest access in `Project`: * get * list * watch @@ -187,11 +187,11 @@ Viewer role will only have view access on their `Project`. ### Builds ,Pods , PVC Permissions -* Pod, PodDisruptionBudget and PVC access in `Project` +* `Pod`, `PodDisruptionBudget` and `PVC` access in `Project`: * get * list * watch -* Build, BuildConfig, BuildLog, DeploymentConfig, ConfigMap, ImageStream, ImageStreamImage and ImageStreamMapping access in `Project` +* `Build`, `BuildConfig`, `BuildLog`, `DeploymentConfig`, `ConfigMap`, `ImageStream`, `ImageStreamImage` and `ImageStreamMapping` access in `Project`: * get * list * watch @@ -220,8 +220,8 @@ Viewer role will only have view access on their `Project`. * Jaeger * Kiali * Tekton.dev -* Get, list, watch access on ImageStream, ImageStreamImage and ImageStreamMapping in `Project` -* Get access on CustomResourceDefinition in `Project` +* Get, list, watch access on `ImageStream`, `ImageStreamImage` and `ImageStreamMapping` in `Project` +* Get access on `CustomResourceDefinition` in `Project` * View permission on `Jenkins.Build.Openshift.io` * Subscription, PackageManifest and InstallPlan access in `Project` * get diff --git a/content/troubleshooting.md b/content/troubleshooting.md index d710eee3f..e3bb53249 100644 --- a/content/troubleshooting.md +++ b/content/troubleshooting.md @@ -30,8 +30,8 @@ If a user is added to tenant resource, and the user does not exist in RHSSO, the #### Reproduction steps 1. Add a new user to Tenant CR -2. Attempt to log in to Vault with the added user -3. Vault denies that the user exists, and signs the user up via RHSSO. User is now created on RHSSO (you may check for the user on RHSSO). +1. Attempt to log in to Vault with the added user +1. Vault denies that the user exists, and signs the user up via RHSSO. User is now created on RHSSO (you may check for the user on RHSSO). #### Resolution diff --git a/content/tutorials/argocd/enabling-multi-tenancy-argocd.md b/content/tutorials/argocd/enabling-multi-tenancy-argocd.md index 4b6aa4c4e..8765c5a73 100644 --- a/content/tutorials/argocd/enabling-multi-tenancy-argocd.md +++ b/content/tutorials/argocd/enabling-multi-tenancy-argocd.md @@ -129,7 +129,7 @@ Users belonging to the Sigma group will now only see applications created by the ![image](../../images/argocd.png) -## Prevent ArgoCD from syncing certain namespaced resources +## Prevent ArgoCD from syncing certain name-spaced resources Bill wants tenants to not be able to sync `ResourceQuota` and `LimitRange` resources to their namespaces. To do this correctly, Bill will specify these resources to blacklist in the ArgoCD portion of the [IntegrationConfig](../../how-to-guides/integration-config.md): @@ -171,7 +171,7 @@ spec: ## Allow ArgoCD to sync certain cluster-wide resources -Bill now wants tenants to be able to sync the `Environment` cluster scoped resource to the cluster. To do this correctly, Bill will specify the resource to whitelist in the ArgoCD portion of the Integration Config's Spec: +Bill now wants tenants to be able to sync the `Environment` cluster scoped resource to the cluster. To do this correctly, Bill will specify the resource to deny list in the ArgoCD portion of the Integration Config's Spec: ```yaml apiVersion: tenantoperator.stakater.com/v1alpha1 diff --git a/content/tutorials/installation.md b/content/tutorials/installation.md index 4436872fb..651ab8569 100644 --- a/content/tutorials/installation.md +++ b/content/tutorials/installation.md @@ -3,10 +3,8 @@ This document contains instructions on installing, uninstalling and configuring Multi Tenant Operator using OpenShift MarketPlace. 1. [OpenShift OperatorHub UI](#installing-via-operatorhub-ui) - -2. [CLI/GitOps](#installing-via-cli-or-gitops) - -3. [Uninstall](#uninstall-via-operatorhub-ui) +1. [CLI/GitOps](#installing-via-cli-or-gitops) +1. [Uninstall](#uninstall-via-operatorhub-ui) ## Requirements diff --git a/content/tutorials/vault/enabling-multi-tenancy-vault.md b/content/tutorials/vault/enabling-multi-tenancy-vault.md index 0379ed047..36c5b93e8 100644 --- a/content/tutorials/vault/enabling-multi-tenancy-vault.md +++ b/content/tutorials/vault/enabling-multi-tenancy-vault.md @@ -2,7 +2,7 @@ ## Vault Multitenancy -HashiCorp Vault is an identity-based secret and encryption management system. Vault validates and authorizes a system's clients (users, machines, apps) before providing them access to secrets or stored sensitive data. +Hashicorp Vault is an identity-based secret and encryption management system. Vault validates and authorizes a system's clients (users, machines, apps) before providing them access to secrets or stored sensitive data. ## Vault integration in Multi Tenant Operator diff --git a/content/usecases/argocd.md b/content/usecases/argocd.md index 51121a50f..fe5365401 100644 --- a/content/usecases/argocd.md +++ b/content/usecases/argocd.md @@ -107,7 +107,7 @@ Users belonging to the Sigma group will now only see applications created by the ![image](./../images/argocd.png) -## Prevent ArgoCD from syncing certain namespaced resources +## Prevent ArgoCD from syncing certain name-spaced resources Bill wants tenants to not be able to sync `ResourceQuota` and `LimitRange` resources to their namespaces. To do this correctly, Bill will specify these resources to blacklist in the ArgoCD portion of the [IntegrationConfig](./../integration-config.md): @@ -149,7 +149,7 @@ spec: ## Allow ArgoCD to sync certain cluster-wide resources -Bill now wants tenants to be able to sync the `Environment` cluster scoped resource to the cluster. To do this correctly, Bill will specify the resource to whitelist in the ArgoCD portion of the Integration Config's Spec: +Bill now wants tenants to be able to sync the `Environment` cluster scoped resource to the cluster. To do this correctly, Bill will specify the resource to deny list in the ArgoCD portion of the Integration Config's Spec: ```yaml apiVersion: tenantoperator.stakater.com/v1alpha1 diff --git a/content/usecases/deploying-templates.md b/content/usecases/deploying-templates.md index 1ceb0123f..e5ed10e17 100644 --- a/content/usecases/deploying-templates.md +++ b/content/usecases/deploying-templates.md @@ -3,8 +3,8 @@ Multi Tenant Operator has three Custom Resources which can cover this need using the `Template` CR, depending upon the conditions and preference. 1. TemplateGroupInstance -2. TemplateInstance -3. Tenant +1. TemplateInstance +1. Tenant Stakater Team, however, encourages the use of `TemplateGroupInstance` to distribute resources in multiple namespaces as it is optimized for better performance. @@ -57,7 +57,7 @@ NAME STATE AGE docker-secret Active 2m ``` -`TemplateGroupInstance` can also target specific tenants or all tenant namespaces under a single yaml definition. +`TemplateGroupInstance` can also target specific tenants or all tenant namespaces under a single YAML definition. ### TemplateGroupInstance for multiple Tenants diff --git a/content/usecases/distributing-secrets-using-sealed-secret-template.md b/content/usecases/distributing-secrets-using-sealed-secret-template.md index 2f203ef70..b0526c95a 100644 --- a/content/usecases/distributing-secrets-using-sealed-secret-template.md +++ b/content/usecases/distributing-secrets-using-sealed-secret-template.md @@ -71,7 +71,7 @@ spec: Bill has added support for a new label `distribute-image-pull-secret: true"` for tenant projects/namespaces, now MTO will add that label depending on the used field. -Finally Bill creates a `TemplateGroupInstance` which will deploy the sealed secrets using the newly created project label and template. +Finally Bill creates a `TemplateGroupInstance` which will deploy the Sealed Secrets using the newly created project label and template. ```yaml apiVersion: tenantoperator.stakater.com/v1alpha1 @@ -86,4 +86,4 @@ spec: sync: true ``` -MTO will now deploy the sealed secrets mentioned in `Template` to namespaces which have the mentioned label. The rest of the work to deploy secret from a sealed secret has to be done by Sealed Secrets Controller. +MTO will now deploy the Sealed Secrets mentioned in `Template` to namespaces which have the mentioned label. The rest of the work to deploy secret from a Sealed Secret has to be done by Sealed Secrets Controller. diff --git a/content/usecases/integrationconfig.md b/content/usecases/integrationconfig.md index 1429e756d..885694002 100644 --- a/content/usecases/integrationconfig.md +++ b/content/usecases/integrationconfig.md @@ -72,7 +72,7 @@ spec: ## Configuring Vault in IntegrationConfig -[Vault](https://www.vaultproject.io/) is used to secure, store and tightly control access to tokens, passwords, certificates, and encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API. +[Vault](https://www.vaultproject.io/) is used to secure, store and tightly control access to tokens, passwords, certificates, and encryption keys for protecting secrets and other sensitive data using a UI, CLI, or http API. If Bill (the cluster admin) has Vault configured in his cluster, then he can take benefit from MTO's integration with Vault. diff --git a/content/usecases/quota.md b/content/usecases/quota.md index 53b0e7ffb..8a2f35b27 100644 --- a/content/usecases/quota.md +++ b/content/usecases/quota.md @@ -34,7 +34,7 @@ spec: EOF ``` -For more details please refer to [Quotas](../customresources.md#_1-quota). +For more details please refer to [Quotas](../customresources.md). ```bash kubectl get quota small diff --git a/content/vault-multitenancy.md b/content/vault-multitenancy.md index e851bf69c..4dcccc2ca 100644 --- a/content/vault-multitenancy.md +++ b/content/vault-multitenancy.md @@ -1,6 +1,6 @@ # Vault Multitenancy -HashiCorp Vault is an identity-based secret and encryption management system. Vault validates and authorizes a system's clients (users, machines, apps) before providing them access to secrets or stored sensitive data. +Hashicorp Vault is an identity-based secret and encryption management system. Vault validates and authorizes a system's clients (users, machines, apps) before providing them access to secrets or stored sensitive data. ## Vault integration in Multi Tenant Operator diff --git a/custom_theme/404.html b/custom_theme/404.html deleted file mode 100644 index bf6b1a3f9..000000000 --- a/custom_theme/404.html +++ /dev/null @@ -1,6 +0,0 @@ -{% extends "main.html" %} - -{% block content %} -

4xx - Page does not exist or has restricted access or rights

-

This page does not exist or may have been deprecated or moved. Please use the search to find anything in the documentation.

-{% endblock %} diff --git a/custom_theme/main.html b/custom_theme/main.html deleted file mode 100644 index 09b70c27a..000000000 --- a/custom_theme/main.html +++ /dev/null @@ -1,12 +0,0 @@ -{% extends "base.html" %} - -{% block footer %} -

Copyright © 2023 Stakater AB – Change cookie settings

-{% endblock %} - -{% block outdated %} - You're not viewing the latest version. - - Click here to go to latest. - -{% endblock %} diff --git a/prepare_theme.sh b/prepare_theme.sh new file mode 100755 index 000000000..29b3eddd1 --- /dev/null +++ b/prepare_theme.sh @@ -0,0 +1,3 @@ +pip install -r theme_common/requirements.txt +python theme_common/scripts/combine_theme_resources.py -s theme_common/resources -ov theme_override/resources -o dist/_theme +python theme_common/scripts/combine_mkdocs_config_yaml.py theme_common/mkdocs.yml theme_override/mkdocs.yml mkdocs.yml diff --git a/prepare_theme_pr.sh b/prepare_theme_pr.sh new file mode 100644 index 000000000..98ea733e8 --- /dev/null +++ b/prepare_theme_pr.sh @@ -0,0 +1,6 @@ +# This script is meant to be used for pull request builds +pip install -r theme_common/requirements.txt +python theme_common/scripts/combine_theme_resources.py -s theme_common/resources -ov theme_override/resources -o dist/_theme +# The next step is used to override resources for pull request builds - these overrides could as well have been put in the local theme_override folder, but this is a generic solution +python theme_common/scripts/combine_theme_resources.py -s theme_common/resources_pr_specific -ov theme_override/resources -o dist/_theme -skiprmtree +python theme_common/scripts/combine_mkdocs_config_yaml.py theme_common/mkdocs.yml theme_override/mkdocs.yml mkdocs.yml diff --git a/theme_common b/theme_common new file mode 160000 index 000000000..11286e112 --- /dev/null +++ b/theme_common @@ -0,0 +1 @@ +Subproject commit 11286e112ea55c995232ea415038456ab3f70f59 diff --git a/mkdocs.yml b/theme_override/mkdocs.yml similarity index 67% rename from mkdocs.yml rename to theme_override/mkdocs.yml index 17e80f758..3e8a17a52 100644 --- a/mkdocs.yml +++ b/theme_override/mkdocs.yml @@ -1,47 +1,20 @@ site_name: Multi Tenant Operator docs_dir: content -site_url: https://docs.stakater.com/ +site_url: https://docs.stakater.com/mto/ repo_url: https://github.com/stakater/mto-docs edit_uri: blob/main/content/ -use_directory_urls: false theme: - name: material - prev_next_buttons_location: none - logo: assets/images/favicon.svg - favicon: assets/images/favicon.svg - custom_dir: custom_theme/ - palette: - primary: white - features: - - content.code.copy + favicon: assets/images/favicon.svg -markdown_extensions: - - admonition - - pymdownx.details - - pymdownx.superfences - - attr_list - - pymdownx.emoji: - emoji_index: !!python/name:materialx.emoji.twemoji - emoji_generator: !!python/name:materialx.emoji.to_svg +strict: true +validation: + links: + anchors: warn extra: - analytics: - provider: google - property: G-TTH1YYW5TX - consent: - title: Cookie consent - actions: - - accept - - reject - - manage - description: >- - We use cookies to recognize your repeated visits and preferences, as well - as to measure the effectiveness of our documentation and whether users - find what they're searching for. With your consent, you're helping us to - make our documentation better. - version: - provider: mike - default: latest + version: + provider: mike + default: latest nav: - index.md diff --git a/custom_theme/assets/images/favicon.svg b/theme_override/resources/assets/images/favicon.svg similarity index 100% rename from custom_theme/assets/images/favicon.svg rename to theme_override/resources/assets/images/favicon.svg diff --git a/theme_override/resources/assets/images/logo-dark.png b/theme_override/resources/assets/images/logo-dark.png new file mode 100644 index 0000000000000000000000000000000000000000..5ad0eca5275e11be6bac79d92bf55a5431778cb0 GIT binary patch literal 1655 zcmcJNdoaW-w!BcJ}N!d(NJ-`{$l>@BN;8&;8u{&-d05-vcXjjCBA2 zSb_9%N2%26&xC5IYLmHFh)T>uy-+>?fZYNBxHJHeszx{-09=Lvz~mVKKs*3|wXubb zetQ5w9eL!CzlUmpj9vb}M4}EU0ZL9>M!BX>NnTA!G9V>D$O%wtiV;Zkn{Lk*l4`_^ z_Bl%3OedaOev+2Hft&~>V|B<^bvcg?i|DP2C8<)WlrIPsvPGprF5&i#JUK(TrpK$n zEJ^qhcK1XbmQ#3;ndiiQ=s8{;J2%v%kjoUZh3U3T>UG1h=Mf62L_RN=sJ}`}HKpPV zM=LK#1tUtOVzN1%d{vKeZ>N+G%B7OA=i#zB9vQ1U(?uA{uw>%*@ahtTtkdBGgDo|3eZb>BrMvnB_^3iUKR@z`mTo3r6iH{8Q!VMkncJkZY{9_eiF&MDDjux}W#acrz+V2xk|ojf z*o#O`(Lv$hOL{hpnzDAf{f>N5EM|94Hr)_2--($W3fVlT$eW7$K{VXLt4o~j$f0L# zXA$=C`-uF$N8Hi?e(xhjjx8m5)kH&*gwxYA*TYenX*~wzdsJnv)mBcPn%lyQd%>AG z$bqskc)9ikj$YQnLq%AOHdnQ%cFy~Ny92Y17O83=7^IH}gr{W)v4xv!1qP`OFp=)A z{=53_;O9>bo-ydoo%LB>euV84903NPc$vgw1RZDzG($K2B;-fmAoJT94Tg~0CY{gO zT`fvm*3D*QrMP;2|D!SHKyH()^~&1Y_wHmr@O(CCqKhpG*zAmg>o(olQqy^{#>q6k zfOO7rUFcoveKy8Y9dFrKxa@i{_3lVK&MK}Ux5VqAucQoTL;#Tix%NeqJ{oYF{(_2M zA9xP{%Bn0({`;R>bh@izQNQPKjPgbIc=j`XpfLCGp(4kmu8)B=HJYm!c4{DY6rp)N z-WSliG)`<@dgCnonpXzBC64Q(H?yzR5{Xq$8p1dwo#p5>Oz2)XFHaoWd*9#xC-iOt zw}N2vGT3jw2;=Eeni*SF7maRd1A5%r1hi+DY62(Tqu&#et@SrOznw_+4!;=P@ix}s zWUjSgUU&yFF!`)^WVnrfhj@w{L*+rLq6Wt{1taVR^SazzUcjo#*9%V7N3p8ojzjd* z7*7gwKW#TY7>RG+`(&khG{2P~FFNh27wd|_SwxUfhyvaC(p01E`s+cg8^dT%78V&^ zko|QSE%0J}fqkk~QooZ|Z{5f~Ts&w|d;0LYFhfrMXWAAh`;A&&oSAy@Mf2DcoL;Jq z=Gq;_s|vrd(HOJ=#HbNFgDAxv3~$q8G|<|C7XSlPi)(uO(qg$)G5#EI+$n3eR%13= zGYua;V)o9evq#t_kVCBAYIqSpORA(_xVGj7i5cvVxsTsjjjucG0vza89|&o#TxHQ- zzHN*QmJRBP4d8sF~l-0|RiK@!1%N#?U zlV4tkelIR)wr2N2i(YzJU5dKD@o@*8)m&0gis$XX*WRY-`)+!F zlynb-w4iVF+QEbTxW*ezy5twLvm(E#8~BM+UjbmS_4gf57bw9?nf3~jsq&SQKhE75 z7DT>W5$Im1GQTCp;{+z`EC!7Ty@XZ?U<*uwo`I}r{rguUH17z_b}Jx6zk z{sV}L35z(N_}>71*L9W(u=@K0CL#(QhdCP+`!CGyzn<(kt>&v@0HlYn`wO=-H~s+m C)KdWf literal 0 HcmV?d00001 diff --git a/theme_override/resources/assets/images/logo-light.png b/theme_override/resources/assets/images/logo-light.png new file mode 100644 index 0000000000000000000000000000000000000000..5ad0eca5275e11be6bac79d92bf55a5431778cb0 GIT binary patch literal 1655 zcmcJNdoaW-w!BcJ}N!d(NJ-`{$l>@BN;8&;8u{&-d05-vcXjjCBA2 zSb_9%N2%26&xC5IYLmHFh)T>uy-+>?fZYNBxHJHeszx{-09=Lvz~mVKKs*3|wXubb zetQ5w9eL!CzlUmpj9vb}M4}EU0ZL9>M!BX>NnTA!G9V>D$O%wtiV;Zkn{Lk*l4`_^ z_Bl%3OedaOev+2Hft&~>V|B<^bvcg?i|DP2C8<)WlrIPsvPGprF5&i#JUK(TrpK$n zEJ^qhcK1XbmQ#3;ndiiQ=s8{;J2%v%kjoUZh3U3T>UG1h=Mf62L_RN=sJ}`}HKpPV zM=LK#1tUtOVzN1%d{vKeZ>N+G%B7OA=i#zB9vQ1U(?uA{uw>%*@ahtTtkdBGgDo|3eZb>BrMvnB_^3iUKR@z`mTo3r6iH{8Q!VMkncJkZY{9_eiF&MDDjux}W#acrz+V2xk|ojf z*o#O`(Lv$hOL{hpnzDAf{f>N5EM|94Hr)_2--($W3fVlT$eW7$K{VXLt4o~j$f0L# zXA$=C`-uF$N8Hi?e(xhjjx8m5)kH&*gwxYA*TYenX*~wzdsJnv)mBcPn%lyQd%>AG z$bqskc)9ikj$YQnLq%AOHdnQ%cFy~Ny92Y17O83=7^IH}gr{W)v4xv!1qP`OFp=)A z{=53_;O9>bo-ydoo%LB>euV84903NPc$vgw1RZDzG($K2B;-fmAoJT94Tg~0CY{gO zT`fvm*3D*QrMP;2|D!SHKyH()^~&1Y_wHmr@O(CCqKhpG*zAmg>o(olQqy^{#>q6k zfOO7rUFcoveKy8Y9dFrKxa@i{_3lVK&MK}Ux5VqAucQoTL;#Tix%NeqJ{oYF{(_2M zA9xP{%Bn0({`;R>bh@izQNQPKjPgbIc=j`XpfLCGp(4kmu8)B=HJYm!c4{DY6rp)N z-WSliG)`<@dgCnonpXzBC64Q(H?yzR5{Xq$8p1dwo#p5>Oz2)XFHaoWd*9#xC-iOt zw}N2vGT3jw2;=Eeni*SF7maRd1A5%r1hi+DY62(Tqu&#et@SrOznw_+4!;=P@ix}s zWUjSgUU&yFF!`)^WVnrfhj@w{L*+rLq6Wt{1taVR^SazzUcjo#*9%V7N3p8ojzjd* z7*7gwKW#TY7>RG+`(&khG{2P~FFNh27wd|_SwxUfhyvaC(p01E`s+cg8^dT%78V&^ zko|QSE%0J}fqkk~QooZ|Z{5f~Ts&w|d;0LYFhfrMXWAAh`;A&&oSAy@Mf2DcoL;Jq z=Gq;_s|vrd(HOJ=#HbNFgDAxv3~$q8G|<|C7XSlPi)(uO(qg$)G5#EI+$n3eR%13= zGYua;V)o9evq#t_kVCBAYIqSpORA(_xVGj7i5cvVxsTsjjjucG0vza89|&o#TxHQ- zzHN*QmJRBP4d8sF~l-0|RiK@!1%N#?U zlV4tkelIR)wr2N2i(YzJU5dKD@o@*8)m&0gis$XX*WRY-`)+!F zlynb-w4iVF+QEbTxW*ezy5twLvm(E#8~BM+UjbmS_4gf57bw9?nf3~jsq&SQKhE75 z7DT>W5$Im1GQTCp;{+z`EC!7Ty@XZ?U<*uwo`I}r{rguUH17z_b}Jx6zk z{sV}L35z(N_}>71*L9W(u=@K0CL#(QhdCP+`!CGyzn<(kt>&v@0HlYn`wO=-H~s+m C)KdWf literal 0 HcmV?d00001 diff --git a/vocabulary b/vocabulary deleted file mode 160000 index ae216a403..000000000 --- a/vocabulary +++ /dev/null @@ -1 +0,0 @@ -Subproject commit ae216a403504b058a0e00c4cfbda77120fb3a9db