Introduce Vault component protected with Intel Secure Guard Extensions (SGX)

Author: tsadowsk

content/patterns/medical-diagnosis-amx/cluster-sizing.adoc

@@ -73,4 +73,4 @@ The OpenShift cluster is a standard deployment of 3 control plane nodes and 3 or
 
 The recommended hardware setup:
 
-include::modules/intel-recommended-cluster-sizing.adoc[]
+include::modules/intel-recommended-cluster-sizing-4th-gen.adoc[]

content/patterns/multicloud-gitops-amx/mcg-amx-cluster-sizing.adoc

@@ -59,4 +59,4 @@ The datacenter hub OpenShift cluster needs to be a bit bigger than the Factory/E
 
 The recommended clusters sizes for datacenter hub and for managed datacenter are the same in this case:
 
-include::modules/intel-recommended-cluster-sizing.adoc[]
+include::modules/intel-recommended-cluster-sizing-4th-gen.adoc[]

content/patterns/multicloud-gitops-amx/mcg-amx-getting-started.adoc

@@ -111,10 +111,10 @@ export KUBECONFIG=~/<path_to_kubeconfig>
 Verify that the Operators have been installed.
 
 . To verify, in the *OpenShift Container Platform* web console, navigate to *Operators → Installed Operators* page.
-. Check that the following Operators are installed with  `Succeeded` status (Figure 1): 
-* *Advanced Cluster Management for Kubernetes* 
-* *multicluster engine for Kubernetes* 
-* *Node Feature Discovery Operator* 
+. Check that the following Operators are installed with  `Succeeded` status (Figure 1):
+* *Advanced Cluster Management for Kubernetes*
+* *multicluster engine for Kubernetes*
+* *Node Feature Discovery Operator*
 * *Red Hat Openshift GitOps*
 * *Validated Patterns Operator*
 +
@@ -156,10 +156,10 @@ image::multicloud-gitops-amx/amx-create-pattern.png[Create pattern Multicloud Gi
 Verify that the rest of Operators have been installed:
 
 . To verify, in the *OpenShift Container Platform* web console, navigate to *Operators → Installed Operators* page.
-. Check that the following Operators are installed with  `Succeeded` status (Figure 1): 
-* *Advanced Cluster Management for Kubernetes* 
-* *multicluster engine for Kubernetes* 
-* *Node Feature Discovery Operator* 
+. Check that the following Operators are installed with  `Succeeded` status (Figure 1):
+* *Advanced Cluster Management for Kubernetes*
+* *multicluster engine for Kubernetes*
+* *Node Feature Discovery Operator*
 * *Red Hat Openshift GitOps*
 
 Add a secret for `config-demo` application (from _values-secret-multicloud-gitops.yaml_) to *Vault* manually:

content/patterns/multicloud-gitops-sgx/_index.adoc

@@ -0,0 +1,65 @@
+---
+title: Cluster sizing
+weight: 30
+aliases: /multicloud-gitops-sgx/mcg-sgx-cluster-sizing/
+---
+
+include::modules/comm-attributes.adoc[]
+
+:toc:
+:imagesdir: /images
+:_content-type: ASSEMBLY
+
+[id="about-openshift-cluster-sizing-mcg"]
+== About OpenShift cluster sizing for the {sgx-mcg-pattern}
+
+The minimum requirements for an {ocp} cluster depend on your installation platform, for example:
+
+* For AWS, see link:https://docs.openshift.com/container-platform/4.14/installing/installing_aws/preparing-to-install-on-aws.html#requirements-for-installing-ocp-on-aws[Installing {ocp} on AWS].
+
+* For bare-metal, see link:https://docs.openshift.com/container-platform/4.14/installing/installing_bare_metal/installing-bare-metal.html#installation-minimum-resource-requirements_installing-bare-metal[Installing {ocp} on bare metal].
+
+To understand cluster sizing requirements for the {sgx-mcg-pattern}, consider the following components that the {sgx-mcg-pattern} deploys on the datacenter or the hub OpenShift cluster:
+
+|===
+| Name | Kind | Namespace | Description
+
+| multicloud-gitops-sgx-hub
+| Application
+| multicloud-gitops-sgx-hub
+| Hub GitOps management
+
+| Red Hat Advanced Cluster Management
+| Operator
+| open-cluster-management
+| Advance Cluster Management
+
+| Red Hat OpenShift GitOps
+| Operator
+| openshift-operators
+| OpenShift GitOps
+
+| Node Feature Discovery
+| Operator
+| openshift-nfd
+| Manages the detection and labeling of hardware features and configuration (for example {intel-sgx})
+
+| Intel Device Plugins
+| Operator
+| openshift-operators
+| Collection of plugins, `Intel Software Guard Extensions Device Plugin` is used in this pattern
+
+| Red Hat OpenShift Data Foundation
+| Operator
+| openshift-storage
+| Cloud Native storage solution
+|===
+
+[id="mcg-openshift-datacenter-hub-cluster-size"]
+== {sgx-mcg-pattern} with OpenShift clusters sizes
+
+The datacenter hub OpenShift cluster needs to be a bit bigger than the Factory/Edge clusters because this is where the developers will be running pipelines to build and deploy the {sgx-mcg-pattern} on the cluster. The above cluster sizing is close to a minimum size for a Datacenter HUB cluster. In the next few sections we take some snapshots of the cluster utilization while the {sgx-mcg-pattern} is running. Keep in mind that resources will have to be added as more developers are working building their applications.
+
+The recommended clusters sizes for datacenter hub and for managed datacenter are the same in this case:
+
+include::modules/intel-recommended-cluster-sizing-5th-gen-sgx.adoc[]

content/patterns/multicloud-gitops-sgx/mcg-sgx-cluster-sizing.adoc

@@ -0,0 +1,120 @@
+---
+title: Demo Script
+weight: 60
+aliases: /multicloud-gitops-sgx/demo/
+---
+
+include::modules/comm-attributes.adoc[]
+:toc:
+:imagesdir: /images
+:_content-type: REFERENCE
+
+[id="demo-intro"]
+
+== Introduction
+The multicloud gitops pattern is designed to be an entrypoint into the Validated Patterns framework. Demo, accesible within the pattern, contains two applications `config-demo` and `hello-world` to show the basic configuration and execution examples. For more information on Validated Patterns visit our link:/[documentation site].
+
+[id="demo-objectives"]
+
+== Objectives
+
+In this demo you will complete the following:
+
+* Prepare your local workstation
+* Deploy the pattern
+* Extend the pattern with a small tweak
+
+[id="getting-started"]
+
+== Getting Started
+
+* Make sure you have met all the link:/learn/quickstart/#installation_prerequisitesrequirements[requirements]
+* Follow the link:../mcg-sgx-getting-started[Getting Started Guide] to ensure that you have met all of the prequisites
+
+[NOTE]
+====
+This demo begins after `./pattern.sh make install` has been executed
+====
+
+[id="demo"]
+
+== Demo
+
+Now that we have deployed the pattern onto our cluster, with `origin` pointing to your fork and using `my-branch` as the name of the used branch, we can begin to discover what has happened.
+You should be able to click on the nine-box and see the following entries:
+
+image:multicloud-gitops-sgx/nine-box.png[]
+
+If you now click on the "Hub ArgoCD" menu entry you will be taken to the ArgoCD instance with all the applications.
+
+image:multicloud-gitops-sgx/hub-argocd.png[]
+
+
+
+[id="secrets"]
+
+=== Secrets loading
+
+By default in the MultiCloud GitOps pattern the secrets get loaded automatically via an out of band process inside the vault running in the OCP cluster. This means that running `./pattern.sh make install` will also call the `load-secrets` makefile target.
+This `load-secrets` target will look for a yaml file describing the secrets to be loaded into vault and in case it cannot find one it will use the `values-secret.yaml.template` file in the git repo to try and generate random secrets.
+
+Let's copy the template to our home folder and reload the secrets:
+[source,terminal]
+cp ./values-secret.yaml.template ~/values-secret-multicloud-gitops.yaml
+./pattern.sh make load-secrets
+
+At this point if the `config-demo` application was not green already it should become green in the ArgoCD user interface.
+
+
+[id="verify"]
+
+=== Verify the test web pages
+
+If you now click on the `Routes` in the `Networking` menu entry you will see the following network routes:
+
+image:multicloud-gitops-sgx/network-routes.png[]
+
+Clicking on the `hello-world` application should show a small demo app that prints "Hello World!":
+
+image:multicloud-gitops-sgx/hello-world.png[]
+
+Once the secrets are loaded correctly inside the vault, clicking on the `config-demo` route should display a small application where said secret is shown:
+
+image:multicloud-gitops-sgx/config-demo.png[]
+
+=== Make a small change to the test web pages
+
+Now we can try and tweak the hello-world application and add the below line in
+the `charts/all/hello-world/templates/hello-world-cm.yaml` file:
+[source,patch]
+diff --git a/charts/all/hello-world/templates/hello-world-cm.yaml b/charts/all/hello-world/templates/hello-world-cm.yaml
+index e59561ca..bd416bc6 100644
+--- a/charts/all/hello-world/templates/hello-world-cm.yaml
++++ b/charts/all/hello-world/templates/hello-world-cm.yaml
+@@ -14,6 +14,7 @@ data:
+     	</head>
+       	<body>
+         	<h1>Hello World!</h1>
++        	<h1>This is a patched version via git</h1>
+         	<br/>
+         	<h2>
+         	Hub Cluster domain is '{{ .Values.global.hubClusterDomain }}' <br>
+
+
+Once we commit the above change via `git commit -a -m "test a change"` and run
+`git push origin my-branch` we will be able to observe argo applying the above
+change:
+
+image:multicloud-gitops-sgx/config-demo-patched.png[]
+
+[id="summary"]
+
+== Summary
+
+You did it! You have completed the deployment of the MultiCloud GitOps pattern
+and you made a small local change and applied it via GitOps! Hopefully you are
+getting ideas of how you can take advantage of our GitOps framework to deploy
+and manage your applications.
+
+For more information on Validated Patterns visit our
+link:https://validatedpatterns.io/[website]