spectrocloud · ritawatson · Sep 28, 2023 · Sep 7, 2023 · Sep 7, 2023 · Sep 13, 2023
@@ -18,31 +18,23 @@ Palette Virtual Machine Orchestrator (VMO) provides a unified platform for manag
 
 Palette VM Orchestrator is particularly suitable in the following scenarios: 
 
-<br />
-
 - Organizations that want to remove their virtualization infrastructure due to an aging environment or to reduce costs. By using Palette VM Orchestrator, legacy applications and modern, containerized applications can be deployed on VMs. 
 
-
 - Edge locations with a few VMs deployed and where a hypervisor is no longer desired.
 
 
 ## Prerequisites
 
 Palette Virtual Machine Orchestrator requires the following:
 
-<br />
-
 - Palette version 3.3.0 or higher.
 
-
 - For data centers, production VMs are supported on bare metal Kubernetes clusters deployed on Canonical MAAS. To learn how to configure MAAS and create MAAS clusters in Palette, refer to the [Install and Manage MAAS Gateway](/clusters/data-center/maas/install-manage-maas-pcg) guide.
 
 - To use VMO on Edge, contact our support team by sending an email to [support@spectrocloud.com](mailto:support@spectrocloud.com)
 
 - VMs with Persistent Volume Claim (PVC) must have a StorageClass that supports ``ReadWriteMany`` (``RWX``) access mode for seamless live migration to a different node - either when triggered manually or during a Kubernetes upgrades.
 
-  <br />
-
   :::caution
 
   In environments that use nested virtualization, where VMs operate inside of VMs due to lack of hardware to host VMs, it is technically possible to operate VMs in Kubernetes by setting the KubeVirt resource ``useEmulation`` to true. However, we do not recommend this approach.
@@ -63,8 +55,6 @@ Palette VM Orchestrator provides various methods to quickly deploy VMs from out-
 
 Palette VM Orchestrator utilizes open-source KubeVirt as a component of the **Virtual Machnine Orchestrator** pack to manage VMs and enables the following KubeVirt feature gates by default:
 
-<br />
-
 - LiveMigration
 - Snapshot
 - HotplugVolumes
@@ -103,8 +93,4 @@ For more information on KubeVirt feature gates, refer to the [KubeVirt user guid
 - [VM Roles and Permissions](/vm-management/vm-roles-permissions)
 
 
-- [KubeVirt user guide](https://kubevirt.io/user-guide/operations/activating_feature_gates/)
-
-<br />
-
-<br />
+- [KubeVirt user guide](https://kubevirt.io/user-guide/operations/activating_feature_gates/)
@@ -22,14 +22,9 @@ You must configure permissions for actions that users can perform on Virtual Mac
 
 - Additional cluster roles, based on the user's persona, must be associated with the user by specifying a cluster role binding or a namespace-restricted role binding:
 
-    <br />
-
     - ``spectro-vm-admin``
-
     - ``spectro-vm-power-user``
-
     - ``spectro-vm-user``
-
     - ``spectro-vm-viewer``
 
     Alternatively, you can use standard Kubernetes roles ``cluster-admin``, ``admin``, ``edit``, and ``view`` instead of defining bindings based on ``spectro-vm-*`` roles.
@@ -48,6 +43,8 @@ You must configure permissions for actions that users can perform on Virtual Mac
 
 3. Click on **Settings** and choose **RBAC** to add role bindings. Refer to [Create a Role Binding](/clusters/cluster-management/cluster-rbac#createrolebindings) for guidance. Refer to [VM User Roles and Permissions](/vm-management/vm-roles-permissions) for a list of Cluster Roles and equivalent Palette Roles.
 
+    <!-- If you have OpenID Connect (OIDC) configured at the Kubernetes layer of your cluster profile, you can create a role binding that maps individual users or groups assigned within the OIDC provider's configuration to a role. To learn more, review [Use RBAC with OIDC](https://docs.spectrocloud.com/integrations/kubernetes/#use-rbac-with-oidc). -->
+
 
 4. Click **Confirm** to update the cluster.
 
@@ -58,9 +55,6 @@ The cluster status displays as **Upgrading** on the **Cluster Overview** page. U
 
 You can verify role creation and role binding is successful by following the steps below.
 
-<br />
-
-
 1. Log in to [Palette](https://console.spectrocloud.com).
 
 

@@ -0,0 +1,48 @@
+---
+sidebar_label: "Configure OIDC"
+title: "Configure OIDC"
+description: "Learn how to configure OIDC so Palette displays the Spectro VM Dashboard."
+icon: " "
+hide_table_of_contents: false
+sidebar_position: 0
+tags: ["vmo", "oidc"]
+---
+
+
+Palette displays the VM dashboard based on OpenID Connect (OIDC) Identity Provider options you enable in the Kubernetes layer of the cluster profile you will use for your Virtual Machine Orchestrator (VMO) cluster.
+
+
+## Prerequisites
+
+- A configured cluster profile. For more information, review [Create a Cluster Profile](/cluster-profiles/task-define-profile).
+
+
+## Configure OIDC Options
+
+1. Log in to [Palette](https://console.spectrocloud.com/).
+
+2. From the left **Main Menu** click **Profiles**.
+
+3. Select the cluster profile to update. Palette displays profile details and the profile stack.
+
+4. Select the Kubernetes layer in the profile stack, and choose **None** or **Palette** as the OIDC Identity Provider.
+
+5. Click **Confirm Updates**. 
+
+6. Save your changes.
+
+
+## Validate
+
+1. From the left **Main Menu** click **Profiles**.
+
+2. Select the cluster profile you updated. Palette displays profile details and the profile stack.
+
+3. Select the Kubernetes layer. Palette displays the OIDC Identity Provider you selected - either **None** or **Palette**.
+
+
+## Next Steps
+
+Now you are ready to create the VMO profile. Refer to [Create the VMO Profile](/vm-management/vm-packs-profiles/create-vmo-profile) for guidance.
+
+
@@ -4,7 +4,7 @@ title: "Create a VMO Profile"
 description: "Learn how to create a cluster profile to utilize Palette Virtual Machine Orchestrator capabilities."
 icon: " "
 hide_table_of_contents: false
-sidebar_position: 0
+sidebar_position: 5
 tags: ["vmo"]
 ---
 
@@ -35,21 +35,16 @@ The **Virtual Machine Orchestrator** pack that you use to create a cluster profi
 
 
 6. Use the information below to find the **Virtual Machine Orchestrator** pack:
-
-    <br />
-
     - **Pack Type**: System App
     - **Registry**: Public Repo
     - **Pack Name**: Virtual Machine Orchestrator
     - **Pack Version**: 1.0 or higher
 
 
-7. Review the **Access** configuration panel at right. The default setting is **Proxied**, which automatically adds the **Spectro Proxy** pack when you create the cluster. Check out the [Spectro Proxy](/integrations/frp) guide to learn more. Changing the default may require some additional configuration. 
+7. Review the **Access** configuration panel at right. The default setting is **Proxied**, which automatically adds the **Spectro Proxy** pack when you create the cluster, allowing access to the Spectro VM Dashboard from anywhere. Check out the [Spectro Proxy](/integrations/frp) guide to learn more. Changing the default may require some additional configuration. 
 
     The **Direct** option is intended for a private configuration where a proxy is not implemented or not desired.
 
-    <br />
-
     :::caution
 
     We recommend using the pack defaults. Default settings provide best practices for your clusters. Changing the default settings can introduce misconfigurations. Carefully review the changes you make to a pack. 
@@ -84,8 +79,6 @@ The **Virtual Machine Orchestrator** pack that you use to create a cluster profi
 
 You can validate the profile is created. 
 
-<br />
-
 1.  Log in to [Palette](https://console.spectrocloud.com).
 
 
@@ -105,6 +98,8 @@ You can validate the profile is created.
 
 You will need to configure roles and role bindings to give users access virtual clusters. You can use VM user roles and permissions or standard Kubernetes roles. For configuration guidance, refer to [Add Roles and Role Bindings](/vm-management/vm-packs-profiles/add-roles-and-role-bindings). The [VM User Roles and Permissions](/vm-management/vm-roles-permissions) reference lists Cluster Roles and equivalent Palette Roles.
 
+If you have OpenID Connect (OIDC) configured at the Kubernetes layer of your cluster profile, you can create a role binding that maps individual users or groups assigned within the OIDC provider's configuration to a role. To learn more, review [Use RBAC with OIDC](https://docs.spectrocloud.com/integrations/kubernetes/#use-rbac-with-oidc).
+
 
 ## Resources
 

@@ -9,11 +9,8 @@ tags: ["vmo"]
 
 The **Virtual Machine Orchestrator** pack provides a single-pack experience that consolidates all the dependencies needed to deploy and manage VMs in your Kubernetes host cluster. You use **Virtual Machine Orchestrator** pack to create a VMO cluster profile. The pack's components are described below. All the components are enabled by default in the `charts:` section of the pack YAML configuration file. 
 
-<br />
-
 - **Spectro VM Dashboard**: Enables access to a web console so you can manage and monitor your VMs. The console is accessible from the **Virtual Machines** tab that appears on the cluster overview page when using Palette Virtual Machine Orchestrator (VMO). The dashboard provides a web interface to create and manage VMs in your Kubernetes cluster. 
 
-
 - **KubeVirt**: Allows you to create VMs within a Kubernetes cluster using open-source [KubeVirt](https://kubevirt.io). KubeVirt provides feature gates you can enable in the Virtual Machine Orchestrator pack YAML file. To learn which feature gates Palette enables by default and how you can enable additional feature gates, check out the [Feature Gates](/vm-management#featuregates) section.
 
     KubeVirt extends Kubernetes with additional virtualization resource types using Kubernetes Custom Resource Definitions (CRD) API. KubeVirt also includes controllers and agents that provide VM management capabilities on the cluster. Through KubeVirt you can use the Kubernetes API to manage VM resources similar to the way you manage Kubernetes resources.     
@@ -44,8 +41,4 @@ Administrators can configure the out-of-the-box add-on packs, cluster profiles,
 - [Spectro Proxy](/integrations/frp)
 
 
-- [Feature Gates](/vm-management#featuregates)
-
-<br />
-
-<br />
+- [Feature Gates](/vm-management#featuregates)