Merge branch 'devtron-labs:main' into app-metrics

Author: Ayaan49

docs/setup/install/install-devtron-in-airgapped-environment.md

@@ -7,11 +7,10 @@ In certain scenarios, you may need to deploy Devtron to a Kubernetes cluster tha
 ### Prerequisites
 
 1. Install `podman` or `docker` on the VM from where you're executing the installation commands.
-2. Clone the Devtron Helm chart:
+2. Get the latest image file
 
     ```bash
-    git clone https://github.com/devtron-labs/devtron.git
-    cd devtron
+    curl -LO https://raw.githubusercontent.com/devtron-labs/devtron/refs/heads/main/devtron-images.txt.source
     ```
 
 3. Set the values of `TARGET_REGISTRY`, `TARGET_REGISTRY_USERNAME`, and `TARGET_REGISTRY_TOKEN`. This registry should be accessible from the VM where you are running the cloning script and the K8s cluster where you’re installing Devtron.
@@ -173,7 +172,7 @@ Before starting, ensure you have created an image pull secret for your registry
       --docker-username=$TARGET_REGISTRY_USERNAME \
       --docker-password=$TARGET_REGISTRY_TOKEN
     ```
-    If you are installing Devtron with the CI/CD module or using Argo CD, create the secret in the following namespaces else, you can skip this step-:  
+    If you are installing Devtron with the CI/CD module or using Argo CD, create the secret in the following namespaces else, you can skip this step-:
     ```bash
     kubectl create secret docker-registry devtron-imagepull \
       --namespace devtron-cd \
@@ -192,37 +191,38 @@ Before starting, ensure you have created an image pull secret for your registry
       --docker-password=$TARGET_REGISTRY_TOKEN
     ```
 
-3. Navigate to the Devtron Helm chart directory
-    ```bash
-    cd charts/devtron
-    ```
+### Get the latest Devtron Helm Chart
 
+``` bash
+helm pull devtron-operator --repo http://helm.devtron.ai
+```
+This would download the tar file of the devtron-operator chart, Make sure to replace the `<devtron-chart-file>` in the installation commands with this file name.
 
 ### Install Devtron without any Integration
 
 Use the below command to install Devtron without any Integrations
 
 1. Without `imagePullSecrets`:
     ```bash
-    helm install devtron . -n devtroncd --set global.containerRegistry="$TARGET_REGISTRY"
+    helm install devtron <devtron-chart-file> -n devtroncd --set global.containerRegistry="$TARGET_REGISTRY" --set-string components.devtron.customOverrides.IS_AIR_GAP_ENVIRONMENT=true
     ```
 
 2. With `imagePullSecrets`:
     ```bash
-    helm install devtron . -n devtroncd --set global.containerRegistry="$TARGET_REGISTRY" --set global.imagePullSecrets[0].name=devtron-imagepull
+    helm install devtron <devtron-chart-file> -n devtroncd --set global.containerRegistry="$TARGET_REGISTRY" --set global.imagePullSecrets[0].name=devtron-imagepull --set-string components.devtron.customOverrides.IS_AIR_GAP_ENVIRONMENT=true
     ```
 
 ### Installing Devtron with CI/CD Mode
 Use the below command to install Devtron with only the CI/CD module
 
 1. Without `imagePullSecrets`:
     ```bash
-    helm install devtron . -n devtroncd --set installer.modules={cicd} --set global.containerRegistry="$TARGET_REGISTRY"
+    helm install devtron <devtron-chart-file> -n devtroncd --set installer.modules={cicd} --set global.containerRegistry="$TARGET_REGISTRY" --set-string components.devtron.customOverrides.IS_AIR_GAP_ENVIRONMENT=true
     ```
 
 2. With `imagePullSecrets`:
     ```bash
-    helm install devtron . -n devtroncd --set installer.modules={cicd} --set global.containerRegistry="$TARGET_REGISTRY" --set global.imagePullSecrets[0].name=devtron-imagepull
+    helm install devtron <devtron-chart-file> -n devtroncd --set installer.modules={cicd} --set global.containerRegistry="$TARGET_REGISTRY" --set global.imagePullSecrets[0].name=devtron-imagepull --set-string components.devtron.customOverrides.IS_AIR_GAP_ENVIRONMENT=true
     ```
 
 ### Install Devtron with CICD Mode including Argocd
@@ -231,12 +231,12 @@ Use the below command to install Devtron with the CI/CD module and Argo CD
 
 1. Without `imagePullSecrets`:
     ```bash
-    helm install devtron . --create-namespace -n devtroncd --set installer.modules={cicd} --set argo-cd.enabled=true --set global.containerRegistry="$TARGET_REGISTRY" --set argo-cd.global.image.repository="${TARGET_REGISTRY}/argocd" --set argo-cd.redis.image.repository="${TARGET_REGISTRY}/redis"
+    helm install devtron <devtron-chart-file> --create-namespace -n devtroncd --set installer.modules={cicd} --set argo-cd.enabled=true --set global.containerRegistry="$TARGET_REGISTRY" --set argo-cd.global.image.repository="${TARGET_REGISTRY}/argocd" --set argo-cd.redis.image.repository="${TARGET_REGISTRY}/redis" --set-string components.devtron.customOverrides.IS_AIR_GAP_ENVIRONMENT=true
     ```
 
 2. With `imagePullSecrets`:
     ```bash
-    helm install devtron . --create-namespace -n devtroncd --set installer.modules={cicd} --set argo-cd.enabled=true --set global.containerRegistry="$TARGET_REGISTRY" --set argo-cd.global.image.repository="${TARGET_REGISTRY}/argocd" --set argo-cd.redis.image.repository="${TARGET_REGISTRY}/redis" --set global.imagePullSecrets[0].name=devtron-imagepull
+    helm install devtron <devtron-chart-file> --create-namespace -n devtroncd --set installer.modules={cicd} --set argo-cd.enabled=true --set global.containerRegistry="$TARGET_REGISTRY" --set argo-cd.global.image.repository="${TARGET_REGISTRY}/argocd" --set argo-cd.redis.image.repository="${TARGET_REGISTRY}/redis" --set global.imagePullSecrets[0].name=devtron-imagepull --set-string components.devtron.customOverrides.IS_AIR_GAP_ENVIRONMENT=true
     ```
 
 ---

docs/setup/install/installation-configuration.md

@@ -149,10 +149,11 @@ Use the following command to configure AWS S3 bucket for storing build logs and
 
 *  **Configure using S3 IAM policy:**
 
->NOTE: Pleasee ensure that S3 permission policy to the IAM role attached to the nodes of the cluster if you are using the below command.
+>NOTE: Please ensure that S3 permission policy to the IAM role attached to the nodes of the cluster if you are using the below command.
 
 ```bash
 helm repo update
+
 helm upgrade devtron devtron/devtron-operator --namespace devtroncd \
 --reuse-values \
 --set installer.modules={cicd} \
@@ -234,9 +235,127 @@ helm upgrade devtron devtron/devtron-operator --namespace devtroncd \
 --set configs.DEFAULT_BUILD_LOGS_BUCKET=log-bucket
 ```
 
+{% endtab %}
+
+{% tab title="S3-compatible Storage" %}
+Use the following command to configure S3-compatible storage (e.g., Longhorn) for storing build logs and cache.
+
+```bash
+helm repo update
+
+helm upgrade devtron devtron/devtron-operator --namespace devtroncd \
+--reuse-values \
+--set configs.BLOB_STORAGE_PROVIDER=S3 \
+--set configs.DEFAULT_CACHE_BUCKET=demo-s3-bucket \
+--set configs.DEFAULT_CACHE_BUCKET_REGION=us-east-1 \
+--set configs.DEFAULT_BUILD_LOGS_BUCKET=demo-s3-bucket \
+--set configs.DEFAULT_CD_LOGS_BUCKET_REGION=us-east-1 \
+--set secrets.BLOB_STORAGE_S3_ACCESS_KEY=<access-key> \
+--set secrets.BLOB_STORAGE_S3_SECRET_KEY=<secret-key> \
+--set configs.BLOB_STORAGE_S3_ENDPOINT=<endpoint>
+```
+
 {% endtab %}
 {% endtabs %}
 
+---
+
+## Configuring NodeSelectors and Tolerations
+
+### Adding Custom Configurations
+
+When installing Devtron, you can specify `nodeSelectors` and `tolerations` to fine-tune your deployment. These configurations can be added using either additional `--set` flags or a separate `values.yaml` file.
+
+### Global vs. Component-level Configurations
+
+* **Global Configurations**: When specified at the global level, these settings apply to all Devtron microservices, except for ArgoCD.
+* **Component-Level Configurations**: You can also apply these settings to specific components individually.
+* **Priority**: If a configuration is specified at both the global and component levels, the component-level setting takes precedence for that particular component.
+
+### Using `--set` Flags
+
+You can use the `--set` flag to specify individual values directly in the Helm command.
+
+
+1. **nodeSelector**
+
+To set a nodeSelector:
+
+```bash
+helm install devtron devtron/devtron-operator \
+    --create-namespace --namespace devtroncd \
+    --set global.nodeSelector."kubernetes\.io/hostname"=node1
+```
+
+This example sets the nodeSelector to schedule pods on a node with the hostname "node1".
+
+
+2. **Tolerations**
+
+To set tolerations:
+
+```bash
+helm install devtron devtron/devtron-operator \
+    --create-namespace --namespace devtroncd \
+    --set global.tolerations[0].key=example-key \
+    --set global.tolerations[0].operator=Exists \
+    --set global.tolerations[0].effect=NoSchedule \
+    --set global.tolerations[0].value=value1
+```
+
+This example adds a tolerance for pods to be scheduled on nodes with the taint "example-key".
+
+
+### Using `values.yaml`
+
+In the values.yaml file of devtron chart, set the values of the following fields:
+
+```yaml
+global:
+  nodeSelector:
+    kubernetes.io/hostname: node1  # For nodeSelector
+  tolerations:
+    - key: example-key  # For tolerations
+      operator: Exists
+      value: "value1"
+      effect: NoSchedule
+```
+
+---
+
+## Set StorageClass for Devtron Microservices
+
+You can specify a StorageClass to be used by Devtron microservices' Persistent Volume Claims (PVCs) if a default StorageClass is not already configured in your cluster.
+
+### Checking for a Default StorageClass
+
+To check if your cluster has a default StorageClass, run:
+
+```bash
+kubectl get sc 
+```
+
+This command will list all available StorageClasses in your cluster, including the default storage class set (if any). The default StorageClass (if any) can be identified by the (default) label next to its name.
+
+### Setting a Default StorageClass
+
+If no StorageClass class is set as default, you can set one using the following command:
+
+```bash
+kubectl patch storageclass <storageclassname> -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}
+```
+
+Or, if you do not want to change the default StorageClass or prefer to use a different StorageClass for Devtron microservices, specify it during installation using the `--set` flag:
+
+```bash
+helm install devtron devtron/devtron-operator \
+    --create-namespace --namespace devtroncd \
+    --set global.storageClass="<storageclassname>" # set your preferred StorageClass
+```
+
+Alternatively, you can specify the StorageClass in the values.yaml file by modifying the [following line in values.yaml](https://github.com/devtron-labs/devtron/blob/main/charts/devtron/values.yaml#L23).
+
+---
 
 ## Secrets
 

docs/user-guide/global-configurations/authorization/sso/google.md

@@ -1,39 +1,118 @@
 # Google
 
-## Sample Configuration
+## Introduction
 
-![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/global-configurations/sso-login-service/google.jpg)
+Integrating Google as your Single Sign-On (SSO) provider enables users to authenticate with their Google accounts, ensuring secure and streamlined access to Devtron. This document walks you through setting up Google SSO in Devtron, ensuring users can log in smoothly.
 
----
+## Prerequisites
 
-## Values You Would Require at SSO Provider
+To configure Google SSO in Devtron, you will need:
 
-Devtron provides a sample configuration out of the box. There are some values that you need to either get from your SSO provider or give to your SSO provider.
+* Super Admin permissions
+  * Only a [Super-Admin](https://docs.devtron.ai/global-configurations/authorization/user-access) can configure SSO. If you are setting up SSO for the first time, use [Admin Credentials](https://docs.devtron.ai/install/install-devtron#devtron-admin-credentials) instead.
+* A Google Cloud account to create and manage OAuth credentials. If you don’t have one, you must create it at the [Google Cloud Console](https://console.cloud.google.com/).
 
-### Values to Fetch
+## Get the Redirect URI from Devtron
 
-* clientID
+Before configuring Google as an SSO provider, 
+* Ensure that the [Host URL](../../host-url.md) is correctly configured in Devtron. This is crucial because the Redirect URI is generated based on the Host URL.
+* You need to retrieve the Redirect URI from Devtron, which will be required in Google Cloud while setting up OAuth credentials.
 
-* clientSecret
+  * Log in to Devtron.
+  * Navigate to **Global Configurations** → **SSO Login Services**.
+  * Select **Google** as the authentication provider.
+  * Enter the Host URL in the `URL` field. (This is essential to generate the correct Redirect URI.) 
+  * Copy the Redirect URI displayed in this section. You will need to enter this in Google Cloud.
 
-    ![Fetching Client ID and Secret](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/global-configurations/sso-login-service/secret/google-id-secret.jpg)
+![Figure 1: Get the Redirect URI](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/global-configurations/sso-login-service/redirect-uri-google-sso.jpg)
 
+## Configure OAuth in Google Cloud Console
 
-### Values to Provide
+The next step is to configure OAuth credentials in Google Cloud Console. This involves creating a Google OAuth Client ID and Client Secret, which will be used in Devtron for authentication.
 
-* redirectURI (provided in SSO Login Services by Devtron)
+### To set up OAuth, follow these steps:
 
-    ![Copying Redirect URI from Devtron](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/global-configurations/sso-login-service/redirect/google-redurl.jpg)
+* Access [Google Cloud Console](https://console.cloud.google.com/) and create a new project or select an existing one.
+* Navigate to **APIs & Services** → **OAuth Consent Screen** and configure the required details as shown on the screen.
+* In **APIs & Services** → **Credentials**, create a new OAuth Client ID:
+  * Select 'Web application' as the application type.
+  * Paste the Redirect URI (copied from Devtron) under Authorized Redirect URIs.
+* Click **Create** to generate the Client ID and Client Secret.
 
-    ![Pasting Redirect URI](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/global-configurations/sso-login-service/redirect/google-redirect.jpg)
+{% hint style="warning" %}
+Google SSO Requires a Valid Domain with HTTPS
 
----
+Google does not support IP addresses as valid redirect URIs. You must use a valid domain name ([FQDN](https://en.wikipedia.org/wiki/Fully_qualified_domain_name)) accessible over HTTPS.
 
-## Reference
+Examples of valid URIs:
 
-* [View Google Documentation](https://developers.google.com/identity/gsi/web/guides/get-google-api-clientid)
+✅ https://devtron.example.com/api/dex/callback
+
+✅ https://auth.yourcompany.com/callback
+
+Examples of invalid URIs:
+
+❌ http://localhost:8080/callback
+
+❌ http://192.168.1.10/callback
+{% endhint %}
+
+![Figure 2a: Creating OAuth Client](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/global-configurations/sso-login-service/creating-oauth-client-google-sso.jpg)
+
+You can see a new client ID is created in the **APIs & Services** → **Credentials**, under **OAuth 2.0 Client IDs** section. To obtain Client ID and Client Secret, click on the name (devtron-sso in our case) of the **OAuth 2.0 Client IDs**
+
+![Figure 2b: Client ID Created](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/global-configurations/sso-login-service/client-id-created-google-sso.jpg)
+
+Copy the Client ID and Client Secret, as they will be required in Devtron’s SSO configuration.
+
+![Figure 2c: Get the Client ID and Client Secret](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/global-configurations/sso-login-service/client-id-and-secret-google-sso.jpg)
+
+For a detailed step-by-step guide, refer to Google’s official documentation: [Get Google API Client ID](https://developers.google.com/identity/gsi/web/guides/get-google-api-clientid).
+
+## Configure Google SSO in Devtron
+
+The next step is to configure Devtron to use these credentials for authentication. For this, navigate back to **Global Configurations → SSO Login Services**, here you can already find a configuration template.
 
-* [View Dex IdP Documentation](https://dexidp.io/docs/connectors/google/)
+## Configuration
 
+![Figure 3: Configuring SSO in Devtron](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/global-configurations/sso-login-service/configuration-devtron-google-sso.jpg)
 
+In the configuration, 
 
+* Enter the OAuth Credentials:
+  * Paste the Client ID obtained from Google Cloud in the `clientID` field.
+  * Paste the Client Secret obtained from Google Cloud in the `clientSecret` field.
+* Configure Hosted Domains (Optional):
+  * If you want to restrict authentication to specific domains (e.g., only users from company.com can log in), add these under `hostedDomains` in Devtron.
+  * If you want to allow all users with any valid Google account, remove the entire `hostedDomains` section from the configuration.
+* Enter the Redirect URI:
+  * Copy the Redirect URI displayed in Devtron and paste the value in the `redirectURI` field.
+* Click **Update** to save the configuration, once saved, Google SSO is successfully configured
+
+{% hint style="warning" %}
+Although Google SSO is now set up, users will not be able to sign in unless they are explicitly added to Devtron with the necessary permissions.
+{% endhint %}
+
+## Important: Enable User Access After SSO Setup
+
+To ensure users can log in:
+
+* Go to **Global Configurations** → **Authorization** → **User Permissions**.
+* Click **Add User**.
+
+![Figure 4a: Configuring User Permissions](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/global-configurations/sso-login-service/config-user-permissions-google-sso.jpg)
+
+* Enter their email (matching their Google account).
+* Assign the required role.
+* Click **Save** to complete the setup.
+
+![Figure 4b: Adding User with required permissions](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/global-configurations/sso-login-service/adding-user-google-sso.jpg)
+
+Once saved, Devtron will use Google OAuth for authentication, allowing users to log in using their Google accounts.
+
+For detailed steps on managing user permissions, refer to the [User Permissions Documentation](../user-access.md).
+
+## Reference
+
+* [View Google Documentation](https://developers.google.com/identity/gsi/web/guides/get-google-api-clientid)
+* [View Dex IdP Documentation](https://dexidp.io/docs/connectors/google/)