kyma-project
diff --git a/‎README.md‎
Lines changed: 11 additions & 288 deletions b/‎README.md‎
Lines changed: 11 additions & 288 deletions
diff --git a/‎docs/contributor/busola-docker.md‎
Lines changed: 24 additions & 0 deletions b/‎docs/contributor/busola-docker.md‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎docs/contributor/development.md‎
Lines changed: 39 additions & 0 deletions b/‎docs/contributor/development.md‎
Lines changed: 39 additions & 0 deletions
diff --git a/‎docs/contributor/troubleshooting.md‎
Lines changed: 65 additions & 0 deletions b/‎docs/contributor/troubleshooting.md‎
Lines changed: 65 additions & 0 deletions
diff --git a/‎docs/features.md‎
Lines changed: 79 additions & 78 deletions b/‎docs/features.md‎
Lines changed: 79 additions & 78 deletions
diff --git a/‎docs/operator/assets/busola_kubernetes_3.svg‎
Lines changed: 4 additions & 0 deletions b/‎docs/operator/assets/busola_kubernetes_3.svg‎
Lines changed: 4 additions & 0 deletions
@@ -0,0 +1,24 @@
+## Busola in Docker
+
+### Adding a Cluster Using Kubeconfig ID
+
+1. If you run Busola in Docker, you can mount your kubeconfig as a bind mount for the Busola container. Prepare the **KUBECONFIG** shell environment variable and run the following command:
+
+   ```bash
+   docker run --rm -it -p 3001:3001 -v "${KUBECONFIG}":/app/core-ui/kubeconfig/$(basename "${KUBECONFIG}") --pid=host --name busola europe-docker.pkg.dev/kyma-project/prod/busola:latest
+   ```
+
+2. When you open Busola in your browser, visit `http://localhost:3001?kubeconfigID={YOUR_KUBECONFIG_FILE_NAME}`. Busola tries to download that file and adds it for your Busola instance.
+
+### Setting Active Environment
+
+1. To use one of the built-in environments in the `busola` image (dev, stage, prod), pass the **ENVIRONMENT** env to the Docker container.
+
+   ```bash
+   docker run --rm -it -p 3001:3001 --env ENVIRONMENT="${ENVIRONMENT}" --pid=host --name busola europe-docker.pkg.dev/kyma-project/prod/busola:latest
+   ```
+
+2. To use a custom environment configuration, mount it in Docker and pass the **ENVIRONMENT** and **CUSTOM_CONFIG_PATH** env to the Docker container.
+   ```bash
+   docker run --rm -it -p 3001:3001 -v ${CUSTOM_CONFIG_PATH}:/app/core-ui/environments/ --env ENVIRONMENT="${ENVIRONMENT}" --pid=host --name busola europe-docker.pkg.dev/kyma-project/prod/busola:latest
+   ```
@@ -0,0 +1,39 @@
+# Development
+
+## Starting All Views
+
+Use the following command to run Busola locally:
+
+```bash
+npm start
+```
+
+After a while, open the [http://localhost:8080](http://localhost:8080) address in your browser, and provide your kubeconfig in the **Connect cluster** wizard.
+
+Once you started Busola locally, you can begin the development. All modules have the hot-reload feature enabled, therefore, you can edit the code in real-time and see the changes in your browser.
+
+The apps you started run at the following addresses:
+
+- `Busola` - [http://localhost:8080](http://localhost:8080)
+- `Backend` - [http://localhost:3001](http://localhost:3001)
+
+### Security Countermeasures
+
+When developing new features in Busola, adhere to the following rules. This will help you to mitigate any security-related threats.
+
+1. Prevent cross-site request forgery (XSRF).
+
+   - Do not store the authentication token as a cookie. Make sure the token is sent to Busola backend as a bearer token.
+   - Make sure that the state-changing operations (`POST`, `PUT`, `DELETE`, and `UPDATE` requests) are only triggered upon explicit user interactions, such as form submissions.
+   - Keep in mind that UI rendering in response to the user navigating between views is only allowed to trigger read-only operations (`GET` requests) without any data mutations.
+
+2. Protect against cross-site scripting (XSS).
+
+   - It is recommended to use JS frameworks that have built-in XSS prevention mechanisms, such as [ReactJS](https://reactjs.org/docs/introducing-jsx.html#jsx-prevents-injection-attacks), [Vue.js](https://vuejs.org/v2/guide/security.html#What-Vue-Does-to-Protect-You), or [Angular](https://angular.io/guide/security#angulars-cross-site-scripting-security-model).
+   - As a rule of thumb, you cannot perceive user input to be 100% safe. Get familiar with prevention mechanisms included in the framework of your choice. Make sure the user input is sanitized before it is embedded in the DOM tree.
+   - Get familiar with the most common [XSS bypasses and potential dangers](https://stackoverflow.com/questions/33644499/what-does-it-mean-when-they-say-react-is-xss-protected). Keep them in mind when writing or reviewing the code. <!-- markdown-link-check-disable-line -->
+   - Enable the `Content-security-policy` header for all new micro frontends to ensure in-depth XSS prevention. Do not allow for `unsafe-eval` policy.
+
+### Running Tests
+
+For information on how to run and configure tests, go to the [`tests`](../../tests) directory.
@@ -0,0 +1,65 @@
+# Troubleshooting
+
+> [!TIP]
+> To solve most of the problems with Busola development, clear the browser cache or do a hard refresh of the website.
+
+## HTTP Status Codes
+
+All HTTP response codes are forwarded directly from the [Kubernetes API](https://kubernetes.io/docs/concepts/overview/kubernetes-api/).
+The only exceptions are:
+
+- `400` when the request is invalid. The response contains a reason
+- `502` when the backend gets the `503` response code from the Kubernetes API
+- `502` when something unexpected happened when forwarding the request. The response contains the request ID, which can help you find the root cause in the backend logs
+
+## Connectivity Issues with Busola Against a k3d Cluster
+
+### Symptom
+
+You are experiencing connectivity problems with Busola in Docker against a k3d cluster.
+
+### Cause
+
+When the k3d cluster's API Server is exposed on the `0.0.0.0` address on your machine, Busola in Docker interprets `0.0.0.0` as its internal Docker address, routing the requests to the wrong endpoint.
+
+### Solution
+
+- For Docker Desktop for Mac and Windows, pass `DOCKER_DESKTOP_CLUSTER=true` on dockerized Busola startup. This way, `0.0.0.0` is automatically replaced with `host.docker.internal`, which is resolved to a "routable" IP address of a Docker Desktop virtual machine.
+
+  ```bash
+  docker run --rm -it -p 3001:3001 -e DOCKER_DESKTOP_CLUSTER=true --pid=host --name busola europe-docker.pkg.dev/kyma-project/prod/busola:latest
+  ```
+
+- For Linux, run Busola with `--net=host` (omitting the `-p` parameter).
+
+  ```bash
+  docker run --rm -it --net=host --pid=host --name busola europe-docker.pkg.dev/kyma-project/prod/busola:latest
+  ```
+
+## SSL Certificate Issue While Connecting to the API Server
+
+### Symptom
+
+When you run Busola in Docker on macOS, it can't connect to the k3d cluster. The container log contains the following errors:
+
+```
+Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: Host: host.docker.internal. is not in the cert's altnames: DNS:k3d-k3s-default-server-0, DNS:k3d-k3s-default-serverlb, DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.cluster.local, DNS:localhost, IP Address:0.0.0.0, IP Address:10.43.0.1, IP Address:127.0.0.1, IP Address:172.28.0.3, IP Address:0:0:0:0:0:0:0:1
+```
+
+### Cause
+
+Busola run in a Docker container with the environment variable `DOCKER_DESKTOP_CLUSTER=true` replaces the IP `0.0.0.0` in the API Server URL with `host.docker.internal`. Kubernetes is not aware of that host name, so its API Server doesn't have it in the SSL certificate, which results in the above error.
+
+Furthermore, this behavior has changed in the recent k3d versions, which is a result of [this fix](https://github.com/k3s-io/k3s/commit/aa76942d0fcb23dd02c25aa7a0dfb96b6b915fa5) for [this security issue](https://github.com/k3s-io/k3s/security/advisories/GHSA-m4hf-6vgr-75r2).
+
+Clusters created by [k3d](https://k3d.io/) use a [listener](https://github.com/rancher/dynamiclistener) that extracts [SNI](https://en.wikipedia.org/wiki/Server_Name_Indication) host names from requests sent to the API server. If a new host name is requested, then the SSL certificate is regenerated, and the new host name is added to the list of Subject Alternative Names. Unfortunately, the security fix limits this mechanism only to the expected host names, like those related to Kubernetes nodes. This makes it useless for the `host.docker.internal` case.
+
+### Solution
+
+Provide the `host.docker.internal` host name upfront during [k3d](https://k3d.io/) cluster creation:
+
+```
+k3d cluster create kyma --k3s-arg '--tls-san=host.docker.internal@server:*'
+```
+
+A cluster created in such a way has the `host.docker.internal` set as Subject Alternative Name in the SSL Certificate of the API Server since the very beginning.
@@ -1,53 +1,24 @@
----
-title: Feature flags
----
+# Feature Flags
 
-The document explains the usage of feature flags in Busola, lists and describes all the available feature flags, and provides their configuration examples:
+The document explains the usage of feature flags in Busola, lists and describes all the available feature flags, and provides their configuration examples.
 
-#### Features priority
+## Features priority
 
 Initialisation of the Busola features is based on the `stage` property, which can take one of the following values:
 
 - `PRIMARY` - the feature is resolved while the application bootstraps. Features that should be immediately visible must be set as `PRIMARY` (for example, main navigation structure).
 - `SECONDARY` - the feature is resolved after the application is ready, it must be used for non-critical features (for example, additional navigation nodes).
 
-If the stage is not set, the feature is loaded only on-demand, most often by the iframe. Use the `useFeature` hook to request usage of such feature.
+If the stage is not set, the feature is loaded only on demand, most often by the iframe. Use the `useFeature` hook to request usage of such a feature.
 
-Note that some features must be run before the application starts the bootstrap process, so they are out of the normal feature flow.
+> [!NOTE]
+> Some features must be run before the application starts the bootstrap process, so they are out of the normal feature flow.
 
-#### Features list
+## Features List for Frontend
 
 > **TIP:** The list is ordered alphabetically.
 
-- **API_GATEWAY** – is used to show or hide the **API Gateway** view and to define which APIs are required for the view to be shown properly.
-  It is also used to determine if the **API Gateway** list should be displayed in the **Function** and **Service** details.
-  For the view to be shown, you must enable the feature. Moreover, all the APIs listed in the selectors array must be available in a cluster.
-
-  Default settings:
-
-  ```yaml
-  API_GATEWAY:
-    isEnabled: true
-    selectors:
-      - type: apiGroup
-        apiGroup: gateway.kyma-project.io
-  ```
-
-- **EVENTING** – is used to show or hide the **Eventing** view and to define which APIs are required for the view to be shown properly.
-  It is also used to determine if the **EventSubscriptions** should be displayed in **Function** and **Service** details.
-  For the view to be shown, you must enable the feature. Moreover, all the APIs listed in the selectors array must be available in a cluster.
-
-  Default settings:
-
-  ```yaml
-  EVENTING:
-    isEnabled: true
-    selectors:
-      - type: apiGroup
-        apiGroup: eventing.kyma-project.io
-  ```
-
-- **EXTENSIBILITY** - is used to indicate whether the Busola [extensibility](extensibility/README.md) feature should be enabled.
+- **EXTENSIBILITY** - is used to indicate whether the Busola [extensibility](extensibility/README.md) feature is enabled.
 
 Default settings:
 
@@ -56,7 +27,7 @@ EXTENSIBILITY:
   isEnabled: true
 ```
 
-- **EXTENSIBILITY_CUSTOM_COMPONENTS** - is used to indicate whether entirely custom extensions can be added to Busola. See [this example](../examples/custom-extension/README.md).
+- **EXTENSIBILITY_CUSTOM_COMPONENTS** - is used to indicate whether entire custom extensions can be added to Busola. See [this example](../examples/custom-extension/README.md).
 
 Default settings:
 
@@ -65,6 +36,15 @@ EXTENSIBILITY_CUSTOM_COMPONENTS:
   isEnabled: false
 ```
 
+- **EXTENSIBILITY_INJECTIONS** - is used to indicate whether extensibility injections can be added to Busola. For more information, see [Widget Injection](https://github.com/kyma-project/busola/blob/main/docs/extensibility/70-widget-injection.md).
+
+Default settings:
+
+```yaml
+EXTENSIBILITY_INJECTIONS:
+  isEnabled: true
+```
+
 - **EXTERNAL_NODES** - a list of links to external websites. `category`: a category name, `icon`: an optional icon, `scope`: either `namespace` or `cluster` (defaults to `cluster`), `children`: a list of pairs (label and link).
 
   Default settings:
@@ -82,15 +62,15 @@ EXTENSIBILITY_CUSTOM_COMPONENTS:
             link: https://github.com/kyma-project/busola
   ```
 
-- **GARDENER_LOGIN** - is used to enable or disable the option of logging in with the Gardener kubeconfig. If enabled, you must set the **kubeconfig** parameter to a valid kubeconfig object.
+- **FEEDBACK** - determines if the feedback icon with the link redirecting the user to the survey should be rendered at the top bar.
 
-Default settings:
+  Default settings:
 
-```yaml
-GARDENER_LOGIN:
-  isEnabled: false
-  kubeconfig: null
-```
+  ```yaml
+  FEEDBACK:
+    isEnabled: true
+    link: https://www.youtube.com/watch?v=dQw4w9WgXcQ
+  ```
 
 - **GET_HELP_LINKS** – is used to show or hide helper links. You can find all the available links in the following example.
   In **config**, you can find the unchangeable keys (for example, you cannot use **helpSapCom** instead of **help-sap-com**). The keys include the default link, which takes you to the default address.
@@ -106,17 +86,6 @@ GARDENER_LOGIN:
         default: https://help.sap.com
   ```
 
-* **GZIP** – is used to indicate whether a response from the backend server should be compressed or not.
-
-> **NOTE:** It's a backend feature, so it cannot be modified at the cluster's ConfigMap level.
-
-Default settings:
-
-```yaml
-GZIP:
-  isEnabled: true
-```
-
 - **HIDDEN_NAMESPACES** – is used to define a list of Namespaces that are considered system, and are hidden by default.
 
 Default settings:
@@ -142,7 +111,16 @@ HIDDEN_NAMESPACES:
         apiGroup: networking.istio.io
   ```
 
-* **KUBECONFIG_ID** – is used to configure the URL to which Busola sends a request to download a kubeconfig file. If you add `?kubeconfigID={your ID}` to the Busola URL, Busola tries to download the kubeconfig from `{kubeconfigUrl}/{yourID}`. If the operation succeeds, Busola adds the kubeconfing file to the cluster.
+- **KYMA_COMPANION** - determines if the Kyma Companion chat window is available in Busola.
+
+Default settings:
+
+```yaml
+KYMA_COMPANION:
+  isEnabled: false
+```
+
+- **KUBECONFIG_ID** – is used to configure the URL to which Busola sends a request to download a kubeconfig file. If you add `?kubeconfigID={your ID}` to the Busola URL, Busola tries to download the kubeconfig from `{kubeconfigUrl}/{yourID}`. If the operation succeeds, Busola adds the kubeconfing file to the cluster.
   If you use a full address in the **kubeconfigUrl** field, Busola also reads it.
 
   - **showClustersOverview** - optional configuration to instruct Busola to show **Clusters Overview** rather than the current context cluster, after the clusters are loaded.
@@ -160,7 +138,7 @@ HIDDEN_NAMESPACES:
       defaultKubeconfig: AAAAA-BBBBB
   ```
 
-* **LEGAL_LINKS** – is used to show or hide legal links. You can find the all available links in the following example.
+- **LEGAL_LINKS** – is used to show or hide legal links. You can find all the available links in the following example.
   In **config** you can find the unchangeable keys (you cannot use **legalDisclosure** instead of **legal-disclosure**). The keys include both the default link, which takes you to the default address, and a link that depends on your chosen language.
 
   Example:
@@ -219,14 +197,25 @@ HIDDEN_NAMESPACES:
 
 The **match** keys and **messageSrc** must use the format described in the [`jsonpath` repository](https://github.com/dchester/jsonpath).
 
+- **RESOURCE_VALIDATION** - determines the selected policies for [resource validation](resource-validation/README.md). They can be overwritten in the user preferences.
+
+  Default settings:
+
+  ```yaml
+  RESOURCE_VALIDATION:
+    isEnabled: true
+    config:
+      policies:
+        - Default
+  ```
+
 - **SENTRY** – is used to enable monitoring of uncaught exceptions, which then are analyzed and repaired. The address to which you send the information is located under the **dsn** key.
 
   Default settings:
 
   ```yaml
   SENTRY:
     isEnabled: false
-    selectors: []
     config:
       dsn: ''
   ```
@@ -245,14 +234,24 @@ The **match** keys and **messageSrc** must use the format described in the [`jso
     isEnabled: true
   ```
 
+- **SNOW** - determines if the snow animation is enabled in Busola.
+
+Default settings:
+
+```yaml
+SNOW:
+  isEnabled: false
+```
+
 - **TRACKING** - determines if simple application usage tracking is enabled.
 
   ```yaml
   TRACKING:
     isEnabled: false
   ```
 
-  > NOTE: Enable this feature on the frontend and backend.
+  > [!NOTE]
+  > This feature is enabled on the frontend and backend.
 
 * **VISUAL_RESOURCES** – determines if the resource graphs should be rendered at the resource details view.
 
@@ -261,33 +260,35 @@ The **match** keys and **messageSrc** must use the format described in the [`jso
     isEnabled: true
   ```
 
-- **RESOURCE_VALIDATION** - determines the selected policies for [resource validation](resource-validation/README.md). They can be overwritten in the user preferences.
+## Features List for Backend
 
-  Default settings:
+> [!NOTE]
+> Backend features cannot be modified at the cluster's ConfigMap level.
 
-  ```yaml
-  RESOURCE_VALIDATION:
-    isEnabled: true
-    config:
-      policies:
-        - Default
-  ```
+- **GZIP** – is used to indicate whether a response from the backend server should be compressed or not.
+
+Default settings:
+
+```yaml
+GZIP:
+  isEnabled: true
+```
 
-- **CLUSTER_VALIDATION** - determines whether the Cluster Validation panel for scanning the cluster should be enabled in the Cluster Overview page. The scan uses the [resource validation](resource-validation/README.md) rules.
+- **KYMA_COMPANION** - is used to configure the location of the Kyma companion API.
 
   Default settings:
 
   ```yaml
-  CLUSTER_VALIDATION:
-    isEnabled: false
+  KYMA_COMPANION:
+    link: ''
   ```
 
-- **FEEDBACK** - determines if the feedback icon with the link redirecting the user to the survey should be rendered at the top bar
-
-  Default settings:
+  - **TRACKING** - determines if simple application usage tracking is enabled.
 
   ```yaml
-  FEEDBACK:
-    isEnabled: true
-    link: https://www.youtube.com/watch?v=dQw4w9WgXcQ
+  TRACKING:
+    isEnabled: false
   ```
+
+  > [!NOTE]
+  > This feature is enabled on the frontend and backend.