Add a guide on creating a tenant. #164
Conversation
✅ Deploy Preview for cozystack ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
WalkthroughA new documentation page titled "Create User Tenant and Configure Access" has been added. This guide explains the concept of tenants in Cozystack, their role as isolation units, and provides detailed instructions for creating tenants and managing access credentials. The document covers prerequisites, step-by-step creation via the dashboard or HelmRelease manifests, configuration options, and methods for retrieving Kubernetes access credentials, both with and without OIDC enabled. It also distinguishes between administrator and tenant user responsibilities regarding cluster access. Changes
Assessment against linked issues
Poem
Tip ⚡💬 Agentic Chat (Pro Plan, General Availability)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Actionable comments posted: 3
🧹 Nitpick comments (8)
content/en/docs/getting-started/tenant-kubeconfig.md (8)
19-20: Add missing comma and tighten wording.Consider updating to improve flow:
- But for day-to-day operations you must create the user credentials. + For day-to-day operations, you must create user credentials.🧰 Tools
🪛 LanguageTool
[uncategorized] ~19-~19: Possible missing comma found.
Context: ...omething goes wrong. But for day-to-day operations you must create the user credentials. ...(AI_HYDRA_LEO_MISSING_COMMA)
24-26: Improve sentence structure for OIDC prerequisite.Split into two sentences and sharpen phrasing:
- If using OIDC, users and roles must be configured, see the [OIDC guide]({{% ref "/docs/operations/oidc" %}}) for more - details how to work with built-in OIDC server. + If you're using OIDC, users and roles must be configured. See the [OIDC guide]({{% ref "/docs/operations/oidc" %}}) for details on working with the built-in OIDC server.
39-39: Hyphenate “built-in” and streamline phrasing.Use a hyphen for the adjective and improve readability:
- Search for `Tenant` application badge and click on it. Application builtin documentation will open. + Search for the `Tenant` application badge and click it. The built-in application documentation will open.
42-43: Add missing article and combine lines.Include “the” and merge for clarity:
- When left blank, domain will be formed by adding `name` - subdomain to the main Cozystack domain. + When left blank, the domain will be formed by adding the `name` subdomain to the main Cozystack domain.🧰 Tools
🪛 LanguageTool
[uncategorized] ~42-~42: Possible missing article found.
Context: ...to set up DNS records. When left blank, domain will be formed by addingnamesubd...(AI_HYDRA_LEO_MISSING_A)
44-45: Fix plurality and negative construction.Adjust “user will be not able” to “users will not be able”:
- The checkboxes `etcd`/`monitoring`/`ingress`/`seaweedfs` refer to applications that user will be not able to install - or uninstall with their credentials. Only administrators can do this. + The checkboxes `etcd`/`monitoring`/`ingress`/`seaweedfs` refer to applications that users will not be able to install + or uninstall with their credentials. Only administrators can do this.🧰 Tools
🪛 LanguageTool
[style] ~44-~44: Consider using “unable” to avoid wordiness.
Context: ...refer to applications that user will be not able to install or uninstall with their c...(NOT_ABLE_PREMIUM)
46-47: Capitalize “Kubernetes”.“Kubernetes” is a proper noun and should be capitalized:
- The `etcd` checkbox is required for nested kubernetes cluster. It must be enabled before installation of the + The `etcd` checkbox is required for nested Kubernetes cluster. It must be enabled before installation of the
109-112: Remove redundant adverb and clarify token retrieval.Streamline wording by dropping “actually” and clarifying the secret-to-token relationship:
- As an administrator, get the service account token secret in the tenant namespace. The secret name is the same as the - tenant name. You actually only need the token from there. + As an administrator, get the service account token secret in the tenant namespace (secret name matches the tenant name). You only need the token itself.🧰 Tools
🪛 LanguageTool
[style] ~110-~110: Possibly, ‘actually’ is redundant. Consider using “only”.
Context: ...ame is the same as the tenant name. You actually only need the token from there. Example of ...(ADVERB_ONLY)
119-120: Reposition “also” and streamline sentence.Move “also” for natural flow and remove redundant commas:
- Then fill this token into the kubeconfig template, and save it as `kubeconfig-tenant-<name>.yaml` file. The namespace - should be also set to the tenant name, otherwise many GUI clients will complain about missing permissions. + Then fill this token into the kubeconfig template and save it as `kubeconfig-tenant-<name>.yaml`. The namespace should also be set to the tenant name, otherwise many GUI clients will complain about missing permissions.🧰 Tools
🪛 LanguageTool
[style] ~119-~119: To make your writing flow more naturally, try moving ‘also’ before the verb.
Context: ...tenant-.yaml` file. The namespace should be also set to the tenant name, otherwise many ...(ALSO_PLACEMENT)
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
content/en/docs/getting-started/tenant-kubeconfig.md(1 hunks)
🧰 Additional context used
🪛 LanguageTool
content/en/docs/getting-started/tenant-kubeconfig.md
[uncategorized] ~17-~17: Possible missing comma found.
Context: ...install it. While installing Talos for Cozystack you should have get the KUBECONFIG fo...
(AI_HYDRA_LEO_MISSING_COMMA)
[grammar] ~17-~17: The verb form ‘get’ does not seem to be suitable in this context.
Context: ...ing Talos for Cozystack you should have get the KUBECONFIG for you new cluster. T...
(HAVE_VB)
[uncategorized] ~17-~17: “you” seems less likely than “your” (belonging to you).
Context: ...ou should have get the KUBECONFIG for you new cluster. This config file was requi...
(AI_HYDRA_LEO_CP_YOU_YOUR)
[uncategorized] ~19-~19: Possible missing comma found.
Context: ...omething goes wrong. But for day-to-day operations you must create the user credentials. ...
(AI_HYDRA_LEO_MISSING_COMMA)
[uncategorized] ~42-~42: Possible missing article found.
Context: ...to set up DNS records. When left blank, domain will be formed by adding name subd...
(AI_HYDRA_LEO_MISSING_A)
[style] ~44-~44: Consider using “unable” to avoid wordiness.
Context: ...refer to applications that user will be not able to install or uninstall with their c...
(NOT_ABLE_PREMIUM)
[style] ~110-~110: Possibly, ‘actually’ is redundant. Consider using “only”.
Context: ...ame is the same as the tenant name. You actually only need the token from there. Example of ...
(ADVERB_ONLY)
[style] ~119-~119: To make your writing flow more naturally, try moving ‘also’ before the verb.
Context: ...tenant-.yaml` file. The namespace should be also set to the tenant name, otherwise many ...
(ALSO_PLACEMENT)
| tenant `tenant-root`. It must be used by platform administrators only, and should be used to create child tenants only. | ||
| It's technically possible to install applications in the root tenant, but it's not recommended for production use. | ||
|
|
||
| {{< tabs name="redis_password" >}} |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Rename tabs identifier for clarity.
The tabs shortcode name “redis_password” appears unrelated to tenant creation. Use a more descriptive identifier, e.g. “tenant_creation”:
- {{< tabs name="redis_password" >}}
+ {{< tabs name="tenant_creation" >}}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| {{< tabs name="redis_password" >}} | |
| {{< tabs name="tenant_creation" >}} |
| In short, tenants are the isolation feature of Cozystack. They are used to separate clients, teams or environments. | ||
| Tenants also may have quotes set to prevent overuse of resources. Each tenant has its own set of applications and one or | ||
| more nested Kubernetes. Tenant users have full access to their Kubernetes. | ||
|
|
There was a problem hiding this comment.
🛠️ Refactor suggestion
Correct terminology and pluralization.
The term “quotes” in line 9 should be “quotas” (resource limits), and references to “nested Kubernetes” should pluralize to “nested Kubernetes clusters” for accuracy and clarity.
- Tenants also may have quotes set to prevent overuse of resources. Each tenant has its own set of applications and one or
- more nested Kubernetes. Tenant users have full access to their Kubernetes.
+ Tenants also may have resource quotas set to prevent overuse of resources. Each tenant has its own set of applications and one or more nested Kubernetes clusters. Tenant users have full access to their Kubernetes clusters.📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| In short, tenants are the isolation feature of Cozystack. They are used to separate clients, teams or environments. | |
| Tenants also may have quotes set to prevent overuse of resources. Each tenant has its own set of applications and one or | |
| more nested Kubernetes. Tenant users have full access to their Kubernetes. | |
| In short, tenants are the isolation feature of Cozystack. They are used to separate clients, teams or environments. | |
| Tenants also may have resource quotas set to prevent overuse of resources. Each tenant has its own set of applications and one or more nested Kubernetes clusters. Tenant users have full access to their Kubernetes clusters. |
| While installing Talos for Cozystack you should have get the `KUBECONFIG` for you new cluster. This config file was | ||
| required to bootstrap the framework. It may also be useful later for system troubleshooting if something goes wrong. |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Fix grammatical errors in prerequisite step.
Rewrite for clarity and correctness:
- While installing Talos for Cozystack you should have get the `KUBECONFIG` for you new cluster. This config file was
- required to bootstrap the framework.
+ While installing Talos for Cozystack, you should have obtained the `KUBECONFIG` for your new cluster. This configuration file is required to bootstrap the framework.📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| While installing Talos for Cozystack you should have get the `KUBECONFIG` for you new cluster. This config file was | |
| required to bootstrap the framework. It may also be useful later for system troubleshooting if something goes wrong. | |
| While installing Talos for Cozystack, you should have obtained the `KUBECONFIG` for your new cluster. This configuration file is required to bootstrap the framework. |
🧰 Tools
🪛 LanguageTool
[uncategorized] ~17-~17: Possible missing comma found.
Context: ...install it. While installing Talos for Cozystack you should have get the KUBECONFIG fo...
(AI_HYDRA_LEO_MISSING_COMMA)
[grammar] ~17-~17: The verb form ‘get’ does not seem to be suitable in this context.
Context: ...ing Talos for Cozystack you should have get the KUBECONFIG for you new cluster. T...
(HAVE_VB)
[uncategorized] ~17-~17: “you” seems less likely than “your” (belonging to you).
Context: ...ou should have get the KUBECONFIG for you new cluster. This config file was requi...
(AI_HYDRA_LEO_CP_YOU_YOUR)
8dab99b to
c4dc968
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (3)
content/en/docs/getting-started/create-tenant.md (3)
18-19: Standardize Hugorefshortcode usage
The links currently use mixed({{% ref %}})syntax, which can lead to rendering errors. Consider switching to the recommended{{< ref "path" >}}syntax consistently across the document.Example diff:
-[installation guide]({{% ref "/docs/getting-started/first-deployment" %}}) +[installation guide]({{< ref "/docs/getting-started/first-deployment" >}}) -[OIDC guide]({{% ref "/docs/operations/oidc" %}}) +[OIDC guide]({{< ref "/docs/operations/oidc" >}}) -[OIDC guide]({{% ref "/docs/operations/oidc/enable_oidc#step-4-retrieve-kubeconfig" %}}) +[OIDC guide]({{< ref "/docs/operations/oidc/enable_oidc#step-4-retrieve-kubeconfig" >}})Also applies to: 26-29, 123-123
59-59: Refine preposition for clarity
Change “This does not affect visibility in the dashboard.” to “This does not affect visibility on the dashboard.”🧰 Tools
🪛 LanguageTool
[uncategorized] ~59-~59: The preposition “on” seems more likely in this position than the preposition “in”.
Context: ... This does not affect visibility in the dashboard. In most cases, it sh...(AI_EN_LECTOR_REPLACEMENT_PREPOSITION_IN_ON)
141-141: Remove unnecessary comma
Revise “CozyStack dashboard, if OIDC is disabled.” to “CozyStack dashboard if OIDC is disabled.”🧰 Tools
🪛 LanguageTool
[typographical] ~141-~141: Usually, there’s no comma before “if”.
Context: ...user to log into the Cozystack dashboard, if OIDC is disabled. ### Get Nested Kuber...(IF_NO_COMMA)
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
content/en/docs/getting-started/create-tenant.md(1 hunks)
🧰 Additional context used
🪛 LanguageTool
content/en/docs/getting-started/create-tenant.md
[uncategorized] ~59-~59: The preposition “on” seems more likely in this position than the preposition “in”.
Context: ... This does not affect visibility in the dashboard. In most cases, it sh...
(AI_EN_LECTOR_REPLACEMENT_PREPOSITION_IN_ON)
[typographical] ~141-~141: Usually, there’s no comma before “if”.
Context: ...user to log into the Cozystack dashboard, if OIDC is disabled. ### Get Nested Kuber...
(IF_NO_COMMA)
🔇 Additional comments (7)
content/en/docs/getting-started/create-tenant.md (7)
1-6: Frontmatter structure is correct
The YAML frontmatter (title, linkTitle, description, weight) follows conventions and renders properly.
8-13: Introduction is clear and concise
The opening section effectively explains the tenant concept and optional quotas. No issues detected.
32-39: Create Tenant section is well-structured
The "Create a Tenant" overview clearly explains built-in vs. child tenants and root restrictions. Looks good.
71-96: HelmRelease manifest snippet is accurate
The example YAML for the HelmRelease is properly formatted and covers all required fields.
98-105: kubectl apply snippet is clear
The steps to exportKUBECONFIGand apply the manifest are correct and easy to follow.
109-113: Tenant access notes read well
The guidance on switching context and tenant user permissions is concise and informative.
115-118: Get Tenant Kubeconfig heading and intro are good
The heading hierarchy and introductory paragraph for kubeconfig retrieval are well-placed.
| {{< tabs name="redis_password" >}} | ||
| {{% tab name="in Dashboard" %}} | ||
|
|
||
| 1. Open the dashboard as a `tenant-root` user. | ||
| 1. Ensure the current context is set to `tenant-root`. Switch context and reload the page if needed. | ||
| 1. Click the **Catalog** tab in the left-hand menu. | ||
| 1. Search for the **Tenant** application and click on it. The built-in documentation will open. | ||
| 1. Review the documentation, then click the **Deploy** button to proceed to the parameters page. | ||
| 1. The only required parameter is `name`. | ||
| The domain in the `host` field must already exist. | ||
| Ensure that the tenant user has enough control over the domain to configure DNS records. | ||
| If left blank, the domain will default to `<name>.<cozystack-domain>`. | ||
| All parameters except `name` can be changed later. | ||
| 1. The checkboxes `etcd`, `monitoring`, `ingress`, and `seaweedfs` control system-level apps. | ||
| Tenant users will **not** be able to install or uninstall these apps — only administrators can. | ||
| 1. The `etcd` option is required for nested Kubernetes. | ||
| Enable it before installing the **Kubernetes** application in the tenant. | ||
| Only disable it if you're certain the tenant won’t use nested Kubernetes. | ||
| 1. The `isolated` option determines whether sibling tenants can communicate over the network. | ||
| This does **not** affect visibility in the dashboard. | ||
| In most cases, it should be enabled (i.e., isolation is on). | ||
| 1. By default, no resource quotas are set. This means no usage limits. | ||
| You can define quotas to prevent resource overuse. | ||
| 1. Click **Deploy <version>** to install the tenant application into the root tenant. | ||
|
|
||
| {{% /tab %}} | ||
|
|
||
| {{% tab name="with kubectl" %}} | ||
|
|
There was a problem hiding this comment.
Inconsistent shortcode syntax and misnamed tab group
You’re mixing {{< tabs >}} with {{% tab %}} and using the leftover name="redis_password" from another guide. This may break the tabs functionality.
Apply this diff to harmonize and rename the tab group:
- {{< tabs name="redis_password" >}}
+ {{< tabs name="create_tenant" >}}
- {{% tab name="in Dashboard" %}}
+ {{< tab name="In Dashboard" >}}
- {{% tab name="with kubectl" %}}
+ {{< tab name="With kubectl" >}}
- {{% /tab %}}
+ {{< /tab >}}
- {{% /tab %}}
+ {{< /tab >}}
- {{< /tabs >}}
+ {{< /tabs >}}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| {{< tabs name="redis_password" >}} | |
| {{% tab name="in Dashboard" %}} | |
| 1. Open the dashboard as a `tenant-root` user. | |
| 1. Ensure the current context is set to `tenant-root`. Switch context and reload the page if needed. | |
| 1. Click the **Catalog** tab in the left-hand menu. | |
| 1. Search for the **Tenant** application and click on it. The built-in documentation will open. | |
| 1. Review the documentation, then click the **Deploy** button to proceed to the parameters page. | |
| 1. The only required parameter is `name`. | |
| The domain in the `host` field must already exist. | |
| Ensure that the tenant user has enough control over the domain to configure DNS records. | |
| If left blank, the domain will default to `<name>.<cozystack-domain>`. | |
| All parameters except `name` can be changed later. | |
| 1. The checkboxes `etcd`, `monitoring`, `ingress`, and `seaweedfs` control system-level apps. | |
| Tenant users will **not** be able to install or uninstall these apps — only administrators can. | |
| 1. The `etcd` option is required for nested Kubernetes. | |
| Enable it before installing the **Kubernetes** application in the tenant. | |
| Only disable it if you're certain the tenant won’t use nested Kubernetes. | |
| 1. The `isolated` option determines whether sibling tenants can communicate over the network. | |
| This does **not** affect visibility in the dashboard. | |
| In most cases, it should be enabled (i.e., isolation is on). | |
| 1. By default, no resource quotas are set. This means no usage limits. | |
| You can define quotas to prevent resource overuse. | |
| 1. Click **Deploy <version>** to install the tenant application into the root tenant. | |
| {{% /tab %}} | |
| {{% tab name="with kubectl" %}} | |
| {{< tabs name="create_tenant" >}} | |
| {{< tab name="In Dashboard" >}} | |
| 1. Open the dashboard as a `tenant-root` user. | |
| 1. Ensure the current context is set to `tenant-root`. Switch context and reload the page if needed. | |
| 1. Click the **Catalog** tab in the left-hand menu. | |
| 1. Search for the **Tenant** application and click on it. The built-in documentation will open. | |
| 1. Review the documentation, then click the **Deploy** button to proceed to the parameters page. | |
| 1. The only required parameter is `name`. | |
| The domain in the `host` field must already exist. | |
| Ensure that the tenant user has enough control over the domain to configure DNS records. | |
| If left blank, the domain will default to `<name>.<cozystack-domain>`. | |
| All parameters except `name` can be changed later. | |
| 1. The checkboxes `etcd`, `monitoring`, `ingress`, and `seaweedfs` control system-level apps. | |
| Tenant users will **not** be able to install or uninstall these apps — only administrators can. | |
| 1. The `etcd` option is required for nested Kubernetes. | |
| Enable it before installing the **Kubernetes** application in the tenant. | |
| Only disable it if you're certain the tenant won’t use nested Kubernetes. | |
| 1. The `isolated` option determines whether sibling tenants can communicate over the network. | |
| This does **not** affect visibility in the dashboard. | |
| In most cases, it should be enabled (i.e., isolation is on). | |
| 1. By default, no resource quotas are set. This means no usage limits. | |
| You can define quotas to prevent resource overuse. | |
| 1. Click **Deploy <version>** to install the tenant application into the root tenant. | |
| {{< /tab >}} | |
| {{< tab name="With kubectl" >}} | |
| <!-- kubectl instructions go here --> | |
| {{< /tab >}} | |
| {{< /tabs >}} |
🧰 Tools
🪛 LanguageTool
[uncategorized] ~59-~59: The preposition “on” seems more likely in this position than the preposition “in”.
Context: ... This does not affect visibility in the dashboard. In most cases, it sh...
(AI_EN_LECTOR_REPLACEMENT_PREPOSITION_IN_ON)
c4dc968 to
964fe00
Compare
There was a problem hiding this comment.
Actionable comments posted: 0
♻️ Duplicate comments (1)
content/en/docs/getting-started/create-tenant.md (1)
40-68: Inconsistent shortcode syntax and misnamed tab group
You’re mixing{{< tabs >}}with{{% tab %}}and using the leftovername="redis_password"from another guide. This may break the tabs functionality. Please standardize to one shortcode style (e.g.,{{< tabs >}}with{{< tab >}}) and rename the group to something likecreate_tenant.Suggested diff:
- {{< tabs name="redis_password" >}} + {{< tabs name="create_tenant" >}} - {{% tab name="in Dashboard" %}} + {{< tab name="In Dashboard" >}} ... - {{% /tab %}} + {{< /tab >}} - {{% tab name="with kubectl" %}} + {{< tab name="With kubectl" >}} ... - {{% /tab %}} + {{< /tab >}} - {{< /tabs >}} + {{< /tabs >}}🧰 Tools
🪛 LanguageTool
[uncategorized] ~59-~59: The preposition “on” seems more likely in this position than the preposition “in”.
Context: ... This does not affect visibility in the dashboard. In most cases, it sh...(AI_EN_LECTOR_REPLACEMENT_PREPOSITION_IN_ON)
🧹 Nitpick comments (1)
content/en/docs/getting-started/create-tenant.md (1)
141-142: Remove Unnecessary Comma
The comma before the conditional clause is not needed and slightly disrupts the flow.Proposed diff:
- The same token can also be used by the tenant user to log into the Cozystack dashboard, if OIDC is disabled. + The same token can also be used by the tenant user to log into the Cozystack dashboard if OIDC is disabled.🧰 Tools
🪛 LanguageTool
[typographical] ~141-~141: Usually, there’s no comma before “if”.
Context: ...user to log into the Cozystack dashboard, if OIDC is disabled. ### Get Nested Kuber...(IF_NO_COMMA)
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
content/en/docs/getting-started/create-tenant.md(1 hunks)
🧰 Additional context used
🪛 LanguageTool
content/en/docs/getting-started/create-tenant.md
[uncategorized] ~59-~59: The preposition “on” seems more likely in this position than the preposition “in”.
Context: ... This does not affect visibility in the dashboard. In most cases, it sh...
(AI_EN_LECTOR_REPLACEMENT_PREPOSITION_IN_ON)
[typographical] ~141-~141: Usually, there’s no comma before “if”.
Context: ...user to log into the Cozystack dashboard, if OIDC is disabled. ### Get Nested Kuber...
(IF_NO_COMMA)
🔇 Additional comments (10)
content/en/docs/getting-started/create-tenant.md (10)
1-6: Front Matter Looks Good
The title, linkTitle, description, and weight fields are well-defined and align with other guides.
8-13: Introduction Is Clear
The overview effectively explains tenants, isolation, and optional quotas.
15-30: Prerequisites Section
Prerequisites are clearly listed with direct links to the installation and OIDC guides. The structure and wording are consistent with existing documentation.
32-38: Create a Tenant Overview
This section concisely describes the root tenant and best practices for child tenants.
69-96: HelmRelease Manifest Example
The manifest snippet is comprehensive, with version locking and recommended default values. It aligns with best practices for Flux HelmRelease.
98-105: Apply Manifest Instructions
Thekubectlcommands are clear and include context switching for the root tenant.
110-113: Post-Installation Guidance
Advice on switching contexts in the dashboard is helpful for both administrators and tenant users.
115-124: Get Tenant Kubeconfig Section
Good distinction between OIDC-enabled and non-OIDC workflows. The reference to the OIDC guide is appropriate.
126-134: Non-OIDC Kubeconfig Retrieval
The example for extracting the service account token and embedding it into a kubeconfig is accurate and well-documented.
143-152: Nested Kubernetes Kubeconfig Retrieval
This section is clear: administrators generally don’t need nested cluster kubeconfigs, and tenant users know where to download them.
b78fa1f to
c3cf88e
Compare
Signed-off-by: Nick Volynkin <nick.volynkin@gmail.com>
Signed-off-by: Denis Seleznev <kto.3decb@gmail.com>
c3cf88e to
d3e6ef8
Compare
Resolves #136 Signed-off-by: Nick Volynkin <nick.volynkin@gmail.com>
d3e6ef8 to
4b552d7
Compare
There was a problem hiding this comment.
Actionable comments posted: 0
♻️ Duplicate comments (1)
content/en/docs/getting-started/create-tenant.md (1)
42-44: Inconsistent shortcode delimiters for tabs
You’re mixing{{< tabs >}}with{{% tab %}}/{{% /tab %}}. This will likely break your tab rendering. Please harmonize the syntax, for example:- {{< tabs name="create_tenant" >}} - {{% tab name="Using Dashboard" %}} + {{< tabs name="create_tenant" >}} + {{< tab name="Using Dashboard" >}} … - {{% /tab %}} + {{< /tab >}} … - {{< /tabs >}} + {{< /tabs >}}Also applies to: 71-73
🧹 Nitpick comments (2)
content/en/docs/getting-started/create-tenant.md (2)
8-13: Use an indefinite article for clarity
Line 8 currently reads:Tenants are the isolation mechanism in Cozystack.
Since tenants are one of several mechanisms, consider:
Tenants are an isolation mechanism in Cozystack.
154-158: Add a trailing newline
Ensure the file ends with a blank line to adhere to POSIX conventions and avoid warnings in some CI tooling.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
content/en/docs/getting-started/create-tenant.md(1 hunks)content/en/docs/getting-started/first-deployment.md(1 hunks)
✅ Files skipped from review due to trivial changes (1)
- content/en/docs/getting-started/first-deployment.md
🧰 Additional context used
🪛 LanguageTool
content/en/docs/getting-started/create-tenant.md
[uncategorized] ~64-~64: The preposition “on” seems more likely in this position than the preposition “in”.
Context: ... This does not affect visibility in the dashboard. In most cases, it sh...
(AI_EN_LECTOR_REPLACEMENT_PREPOSITION_IN_ON)
🔇 Additional comments (1)
content/en/docs/getting-started/create-tenant.md (1)
14-31:✅ Verification successful
Verify internal reference shortcodes resolve correctly
You added several{% ref %}calls (to Core Concepts, the installation guide, and OIDC). Broken links will fail your Hugo build.
🏁 Script executed:
#!/usr/bin/env bash set -eo pipefail # List of ref targets to verify refs=( "/docs/guides/concepts#tenant-system" "/docs/getting-started/first-deployment" "/docs/getting-started/first-deployment#cozystack-dashboard" "/docs/operations/oidc" "/docs/operations/oidc/enable_oidc#step-4-retrieve-kubeconfig" ) # Check each ref occurs in your markdown files for ref in "${refs[@]}"; do if ! rg -q "ref \"$ref\"" content/en/docs; then echo "❌ Missing or mismatched ref: $ref" exit 1 fi done echo "✅ All internal refs found."Length of output: 824
✅ All internal
{% ref %}shortcodes verified
All referenced targets are present in the repository and will resolve correctly in the Hugo build. Great work!
Resolves #136
Summary by CodeRabbit