fix: adds install options for external-secrets alone

docs.json

@@ -29,6 +29,14 @@
                   "docs/enterprise/externalsecrets/tutorials/dynamic-credentials"
                 ]
               },
+              {
+                "icon": "engine",
+                "group": "Installation",
+                "pages": [
+                  "docs/enterprise/externalsecrets/installation/bundle",
+                  "docs/enterprise/externalsecrets/installation/enterprise"
+                ]
+              },
               {
                 "icon": "wind-turbine",
                 "group": "Generators",

docs/enterprise/externalsecrets/get-started.mdx

@@ -6,6 +6,11 @@
 
 Welcome to External Secrets Enterprise! This guide will walk you through the process of setting up a local environment to try out the product.
 
+<Note>
+This quickstart guide uses our `bundle` chart to install all of External Secrets Enterprise components.
+If you want to install only the External Secrets Enterprise Core Component, see the [Installation](./installation/enterprise) guide.
+</Note>
+
 ## Prerequisites
 Before you begin, make sure you have the following tools installed:
 
@@ -41,9 +46,15 @@
     --create-namespace \
     --set global.trialLicenseAccepted=true \
     --set global.waitForReady=true \
+    --set traefik.enabled=true \
     --timeout 10m \
     oci://oci.externalsecrets.com/external-secrets-inc-registry/public/charts/esi-bundle
 ```
+<Note>
+By default, the bundle helm chart does not install an ingress controller.
+You can add one by adding the `--set traefik.enabled=true` flag to your helm install
+</Note>
+
 </Tab>
 <Tab title="Upgrade an existing external-secrets operator instance">
 If you are installing from `external-secrets-operator`, there is a path for a safe upgrade.
@@ -58,9 +69,14 @@
     --set external-secrets.namespaceOverride=$ESO_RELEASE_NAMESPACE \
     --set global.trialLicenseAccepted=true \
     --set global.waitForReady=true \
+    --set traefik.enabled=true \
     --timeout 10m \
     oci://oci.externalsecrets.com/external-secrets-inc-registry/public/charts/esi-bundle
 ```
+<Note>
+By default, the bundle helm chart does not install an ingress controller.
+You can add one by adding the `--set traefik.enabled=true` flag to your helm install
+</Note>
 </Tab>
 </Tabs>
 
@@ -75,7 +91,7 @@
 </Accordion>
 
 <Accordion title="3. Access the Web UI">
 To access the web UI, you need to port-forward the Traefik service that was installed as part of the bundle. Traefik is used as an Ingress controller to expose the UI.
 
 ```bash
 kubectl port-forward -n traefik svc/traefik 8080:80

docs/enterprise/externalsecrets/installation/bundle.mdx

@@ -0,0 +1,228 @@
+# Installing the External Secrets Enterprise Bundle
+
+This document provides instructions for installing the External Secrets Enterprise bundle, which includes both the External Secrets Operator and the Enterprise UI.
+
+## What's Included
+
+The bundle installs the following components:
+
+* **External Secrets Enterprise**: The core component for managing secrets and enterprise edition of External Secrets Operator.
+* **Enterprise UI**: A graphical user interface for managing secrets.
+* **Enterprise Backend components**: handling authentication, authorization, and other enterprise features.
+* **Ingress Controller**: Traefik is installed as an Ingress controller to expose the UI.
+
+## Installation Commands
+
+<Tabs>
+<Tab title="New Installation">
+
+Install the External Secrets Enterprise bundle using our Helm chart. This chart includes all the necessary components, including the web UI.
+
+```bash
+helm install esi-bundle \
+    --namespace esi-bundle \
+    --create-namespace \
+    --set global.trialLicenseAccepted=true \
+    --set global.waitForReady=true \
+    --timeout 10m \
+    oci://oci.externalsecrets.com/external-secrets-inc-registry/public/charts/esi-bundle
+```
+</Tab>
+<Tab title="Upgrade an existing external-secrets operator instance">
+If you are installing from `external-secrets-operator`, there is a path for a safe upgrade.
+
+All you need to do is to use the same `releaseName` and `namespace` as you used for the `external-secrets-operator` release:
+```bash
+ESO_RELEASE_NAME=external-secrets
+ESO_RELEASE_NAMESPACE=external-secrets
+helm upgrade $ESO_RELEASE_NAME \
+    --namespace $ESO_RELEASE_NAMESPACE \
+    --set global.namespaces.externalSecrets.createNamespace=false \
+    --set external-secrets.namespaceOverride=$ESO_RELEASE_NAMESPACE \
+    --set global.trialLicenseAccepted=true \
+    --set global.waitForReady=true \
+    --timeout 10m \
+    oci://oci.externalsecrets.com/external-secrets-inc-registry/public/charts/esi-bundle
+```
+</Tab>
+</Tabs>
+
+<Tip>
+The Helm installation will wait until everything is up and running.
+This can take up to 10 minutes due to image downloads.
+
+You can disable this behavior by setting `global.waitForReady=false`.
+</Tip>
+
+## Helm Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| audit-listener.enabled | bool | `false` |  |
+| audit-listener.fullnameOverride | string | `"audit-listener"` |  |
+| audit-listener.host | string | `"grpc.prod.externalsecrets.com"` |  |
+| audit-listener.image.pullPolicy | string | `"IfNotPresent"` |  |
+| audit-listener.image.repository | string | `"us-central1-docker.pkg.dev/external-secrets-inc-registry/public/audit-listener"` |  |
+| audit-listener.listenerId | string | `"test-listener"` |  |
+| audit-listener.namespaceOverride | string | `"audit-listener"` |  |
+| audit-listener.port | int | `443` |  |
+| audit-listener.pullSecret.create | bool | `true` |  |
+| audit-listener.pullSecret.email | string | `""` |  |
+| audit-listener.pullSecret.name | string | `"esi-registry-credentials"` |  |
+| audit-listener.pullSecret.value | string | `""` |  |
+| audit-listener.tenantId | string | `"test-tenant"` |  |
+| audit-poc-backend.affinity | object | `{}` |  |
+| audit-poc-backend.autoscaling.enabled | bool | `false` |  |
+| audit-poc-backend.database.enabled | bool | `true` |  |
+| audit-poc-backend.database.type | string | `"postgresql"` |  |
+| audit-poc-backend.db.adminDB.value | string | `"admin"` |  |
+| audit-poc-backend.db.database.value | string | `"admin"` |  |
+| audit-poc-backend.db.enabled | bool | `true` |  |
+| audit-poc-backend.db.host.value | string | `"mongodb"` |  |
+| audit-poc-backend.db.password.value | string | `"audit_poc"` |  |
+| audit-poc-backend.db.port.value | int | `27017` |  |
+| audit-poc-backend.db.user.value | string | `"audit_poc"` |  |
+| audit-poc-backend.enabled | bool | `true` |  |
+| audit-poc-backend.fullnameOverride | string | `"audit-backend"` |  |
+| audit-poc-backend.image.pullPolicy | string | `"IfNotPresent"` |  |
+| audit-poc-backend.image.repository | string | `"us-central1-docker.pkg.dev/external-secrets-inc-registry/public/audit-poc-backend"` |  |
+| audit-poc-backend.livenessProbe | object | `{}` |  |
+| audit-poc-backend.metrics.enabled | bool | `false` |  |
+| audit-poc-backend.namespaceOverride | string | `"audit-backend"` |  |
+| audit-poc-backend.nodeSelector | object | `{}` |  |
+| audit-poc-backend.podMonitor.enabled | bool | `false` |  |
+| audit-poc-backend.readinessProbe | object | `{}` |  |
+| audit-poc-backend.resources | object | `{}` |  |
+| audit-poc-backend.tolerations | list | `[]` |  |
+| audit-poc-backend.volumeMounts | list | `[]` |  |
+| audit-poc-backend.volumes | list | `[]` |  |
+| eso-server.enabled | bool | `true` |  |
+| eso-server.fullnameOverride | string | `"eso-server"` |  |
+| eso-server.image.pullPolicy | string | `"IfNotPresent"` |  |
+| eso-server.image.repository | string | `"us-central1-docker.pkg.dev/external-secrets-inc-registry/public/eso-server"` |  |
+| eso-server.namespaceOverride | string | `"eso-server"` |  |
+| eso-server.podMonitor.enabled | bool | `false` |  |
+| eso-server.service.port | int | `8080` |  |
+| eso-server.service.type | string | `"ClusterIP"` |  |
+| eso-server.tenantManager.url | string | `"http://tenant-manager.tenant-manager:8080"` |  |
+| external-secrets.certController.image.repository | string | `"us-central1-docker.pkg.dev/external-secrets-inc-registry/public/external-secrets"` |  |
+| external-secrets.controller.replicas | int | `1` |  |
+| external-secrets.enabled | bool | `true` |  |
+| external-secrets.fullnameOverride | string | `"external-secrets"` |  |
+| external-secrets.image.repository | string | `"us-central1-docker.pkg.dev/external-secrets-inc-registry/public/external-secrets"` |  |
+| external-secrets.namespaceOverride | string | `"external-secrets"` |  |
+| external-secrets.podMonitor.enabled | bool | `false` |  |
+| external-secrets.serviceMonitor.enabled | bool | `false` |  |
+| external-secrets.webhook.enabled | bool | `true` |  |
+| external-secrets.webhook.image.repository | string | `"us-central1-docker.pkg.dev/external-secrets-inc-registry/public/external-secrets"` |  |
+| global.certificate.enabled | bool | `false` |  |
+| global.certificate.issuerRef.kind | string | `"Issuer"` |  |
+| global.certificate.issuerRef.name | string | `"you-issuer-name"` |  |
+| global.certificate.issuerRef.namespace | string | `"your-issuer-namespace"` |  |
+| global.certificate.secretName | string | `"ingress-tls"` |  |
+| global.createNamespaces | bool | `true` |  |
+| global.domains.auditBackend | string | `"audit-backend.external-secrets.127.0.0.1.sslip.io"` |  |
+| global.domains.esoServer | string | `"eso-server.external-secrets.127.0.0.1.sslip.io"` |  |
+| global.domains.tenantManager | string | `"tenant-manager.external-secrets.127.0.0.1.sslip.io"` |  |
+| global.domains.webUi | string | `"ui.external-secrets.127.0.0.1.sslip.io"` |  |
+| global.ingress.enabled | bool | `true` |  |
+| global.ingressPort | int | `8080` |  |
+| global.ingressSecurePort | int | `8443` |  |
+| global.licenseFile | string | `"# your-enterprise-license-goes-here\n"` |  |
+| global.namespace | string | `"esi"` |  |
+| global.namespaces.externalSecrets.createNamespace | bool | `true` |  |
+| global.trialLicenseAccepted | bool | `false` |  |
+| global.waitForReady | bool | `false` |  |
+| mongodb.auth.database | string | `"admin"` |  |
+| mongodb.auth.enabled | bool | `true` |  |
+| mongodb.auth.password | string | `"audit_poc"` |  |
+| mongodb.auth.rootPassword | string | `"admin123"` |  |
+| mongodb.auth.rootUser | string | `"admin"` |  |
+| mongodb.auth.username | string | `"audit_poc"` |  |
+| mongodb.enabled | bool | `true` |  |
+| mongodb.external.adminDatabase | string | `"admin"` |  |
+| mongodb.external.database | string | `"admin"` |  |
+| mongodb.external.host | string | `"localhost"` |  |
+| mongodb.external.password | string | `"audit_poc"` |  |
+| mongodb.external.port | int | `27017` |  |
+| mongodb.external.username | string | `"audit_poc"` |  |
+| mongodb.fullnameOverride | string | `"mongodb"` |  |
+| mongodb.global.fullnameOverride | string | `"mongodb"` |  |
+| mongodb.global.namespaceOverride | string | `"audit-backend"` |  |
+| mongodb.namespaceOverride | string | `"audit-backend"` |  |
+| mongodb.persistence.enabled | bool | `true` |  |
+| mongodb.persistence.size | string | `"8Gi"` |  |
+| mongodb.service.ports.mongodb | int | `27017` |  |
+| mongodb.service.type | string | `"ClusterIP"` |  |
+| postgresql.auth.database | string | `"tenant_manager"` |  |
+| postgresql.auth.enablePostgresUser | bool | `true` |  |
+| postgresql.auth.password | string | `"tenant_manager"` |  |
+| postgresql.auth.postgresPassword | string | `"postgres123"` |  |
+| postgresql.auth.username | string | `"tenant_manager"` |  |
+| postgresql.enabled | bool | `true` |  |
+| postgresql.external.database | string | `"tenant_manager"` |  |
+| postgresql.external.host | string | `"localhost"` |  |
+| postgresql.external.password | string | `"tenant_manager"` |  |
+| postgresql.external.port | int | `5432` |  |
+| postgresql.external.username | string | `"tenant_manager"` |  |
+| postgresql.fullnameOverride | string | `"postgresql"` |  |
+| postgresql.global.fullnameOverride | string | `"postgresql"` |  |
+| postgresql.global.namespaceOverride | string | `"tenant-manager"` |  |
+| postgresql.namespaceOverride | string | `"tenant-manager"` |  |
+| postgresql.primary.persistence.enabled | bool | `true` |  |
+| postgresql.primary.persistence.size | string | `"8Gi"` |  |
+| postgresql.primary.service.ports.postgresql | int | `5432` |  |
+| postgresql.primary.service.type | string | `"ClusterIP"` |  |
+| reloader.enabled | bool | `true` |  |
+| reloader.fullnameOverride | string | `"reloader"` |  |
+| reloader.image.repository | string | `"ghcr.io/external-secrets-inc/reloader"` |  |
+| reloader.namespaceOverride | string | `"reloader"` |  |
+| reloader.podMonitor.enabled | bool | `false` |  |
+| tenant-manager.affinity | object | `{}` |  |
+| tenant-manager.bootstrap.roles.created_user.policies[0].action | string | `"read"` |  |
+| tenant-manager.bootstrap.roles.created_user.policies[0].attr | string | `"*"` |  |
+| tenant-manager.bootstrap.roles.created_user.policies[0].rego | string | `"package authz\nallow = true\n"` |  |
+| tenant-manager.bootstrap.roles.created_user.policies[0].resource | string | `"*"` |  |
+| tenant-manager.bootstrap.roles.created_user.policies[0].role | string | `"created_user_reader"` |  |
+| tenant-manager.bootstrap.roles.created_user.policies[1].action | string | `"GET"` |  |
+| tenant-manager.bootstrap.roles.created_user.policies[1].attr | string | `"*"` |  |
+| tenant-manager.bootstrap.roles.created_user.policies[1].rego | string | `"package authz\nallow = true\n"` |  |
+| tenant-manager.bootstrap.roles.created_user.policies[1].resource | string | `"*"` |  |
+| tenant-manager.bootstrap.roles.created_user.policies[1].role | string | `"created_user_getter"` |  |
+| tenant-manager.bootstrap.roles.created_user.policies[2].action | string | `"POST"` |  |
+| tenant-manager.bootstrap.roles.created_user.policies[2].attr | string | `"*"` |  |
+| tenant-manager.bootstrap.roles.created_user.policies[2].rego | string | `"package authz\nallow = true\n"` |  |
+| tenant-manager.bootstrap.roles.created_user.policies[2].resource | string | `"/api/authz/check"` |  |
+| tenant-manager.bootstrap.roles.created_user.policies[2].role | string | `"check_authz"` |  |
+| tenant-manager.bootstrap.roles.signup_user.policies[0].action | string | `"*"` |  |
+| tenant-manager.bootstrap.roles.signup_user.policies[0].attr | string | `"*"` |  |
+| tenant-manager.bootstrap.roles.signup_user.policies[0].rego | string | `"package authz\nallow = true\n"` |  |
+| tenant-manager.bootstrap.roles.signup_user.policies[0].resource | string | `"*"` |  |
+| tenant-manager.bootstrap.roles.signup_user.policies[0].role | string | `"signup_user_admin"` |  |
+| tenant-manager.enabled | bool | `true` |  |
+| tenant-manager.fullnameOverride | string | `"tenant-manager"` |  |
+| tenant-manager.image.pullPolicy | string | `"IfNotPresent"` |  |
+| tenant-manager.image.repository | string | `"us-central1-docker.pkg.dev/external-secrets-inc-registry/public/tenant-manager"` |  |
+| tenant-manager.livenessProbe | object | `{}` |  |
+| tenant-manager.metrics.enabled | bool | `false` |  |
+| tenant-manager.namespaceOverride | string | `"tenant-manager"` |  |
+| tenant-manager.nodeSelector | object | `{}` |  |
+| tenant-manager.podMonitor.enabled | bool | `false` |  |
+| tenant-manager.readinessProbe | object | `{}` |  |
+| tenant-manager.resources | object | `{}` |  |
+| tenant-manager.sql.enabled | bool | `true` |  |
+| tenant-manager.sql.host.value | string | `"postgresql"` |  |
+| tenant-manager.sqlProxy.enabled | bool | `false` |  |
+| tenant-manager.tolerations | list | `[]` |  |
+| tenant-manager.volumeMounts | list | `[]` |  |
+| tenant-manager.volumes | list | `[]` |  |
+| traefik.enabled | bool | `false` |  |
+| traefik.fullnameOverride | string | `"traefik"` |  |
+| traefik.namespaceOverride | string | `"traefik"` |  |
+| traefik.service.type | string | `"LoadBalancer"` |  |
+| web-ui.enabled | bool | `true` |  |
+| web-ui.fullnameOverride | string | `"web-ui"` |  |
+| web-ui.image.pullPolicy | string | `"IfNotPresent"` |  |
+| web-ui.image.repository | string | `"us-central1-docker.pkg.dev/external-secrets-inc-registry/public/web-ui"` |  |
+| web-ui.namespaceOverride | string | `"web-ui"` |  |
+| web-ui.podMonitor.enabled | bool | `false` |  |

docs/enterprise/externalsecrets/installation/enterprise.mdx

@@ -0,0 +1,37 @@
+# Installing External Secrets Enterprise
+
+This document provides instructions for installing External Secrets Enterprise without the UI components.
+
+## What's Included
+
+This installation method only install External Secrets Enterprise - a drop-in replacement for
+external-secrets operator and adds all of the CRDs below:
+* Workflows
+* Scans
+* Targets
+* Federation
+
+## Installation Commands
+Install the External Secrets Enterprise using our Helm chart.
+<Tabs>
+<Tab title="New Installation">
+
+```bash
+helm install external-secrets \
+    --namespace external-secrets \
+    --create-namespace \
+    oci://oci.externalsecrets.com/external-secrets-inc-registry/public/charts/external-secrets
+```
+</Tab>
+
+<Tab title="Upgrade an existing external-secrets operator instance">
+To upgrade your existing `external-secrets` operator installation, simply replace the release names to match:
+```bash
+ESO_RELEASE_NAME=external-secrets
+ESO_RELEASE_NAMESPACE=external-secrets
+helm upgrade $ESO_RELEASE_NAME \
+    --namespace $ESO_RELEASE_NAMESPACE \
+    oci://oci.externalsecrets.com/external-secrets-inc-registry/public/charts/external-secrets
+```
+</Tab>
+</Tabs>