litmuschaos
diff --git a/‎website/docs/architecture/chaos-control-plane.md
Lines changed: 1 addition & 1 deletion b/‎website/docs/architecture/chaos-control-plane.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎website/docs/concepts/teaming.md
Lines changed: 5 additions & 5 deletions b/‎website/docs/concepts/teaming.md
Lines changed: 5 additions & 5 deletions
diff --git a/‎website/docs/getting-started/installation.md
Lines changed: 58 additions & 3 deletions b/‎website/docs/getting-started/installation.md
Lines changed: 58 additions & 3 deletions
diff --git a/‎website/docs/user-guides/chaoscenter-advanced-installation.md
Lines changed: 260 additions & 0 deletions b/‎website/docs/user-guides/chaoscenter-advanced-installation.md
Lines changed: 260 additions & 0 deletions
@@ -32,7 +32,7 @@ Chaos control plane consists of micro-services responsible for the functioning o
 
 ## Standard Chaos Control Plane Flow
 
-1. The User logs in to the ChaosCenter using a valid login credential. A default project is created for the user on initial login. Every user is a part of a project and has a role assigned to them. To schedule a chaos experiment, the user needs to have an Editor or Owner role assigned in the project.
+1. The User logs in to the ChaosCenter using a valid login credential. A default project is created for the user on initial login. Every user is a part of a project and has a role assigned to them. To schedule a chaos experiment, the user needs to have an Owner role assigned in the project.
 2. The user uploads a Chaos Experiment manifest using the ChaosCenter, which is received by the Backend Server.
 3. Backend Server stores the manifest in the Database and also sends it to the Chaos Infrastructure.
 4. Chaos Infrastructure uses the Chaos Experiment manifest to inject chaos into the target resources. The steps of the Chaos Experiment execution can be visualized using the ChaosCenter.
 
@@ -10,12 +10,12 @@ The ChaosCenter has a built in teaming feature to facilitate collaboration betwe
 
 ## Project level roles
 
-Each user has a default project created on user creation by the admin for which they maintain a project level `Owner` access. Every `Owner` has the ability to invite other users into their project with different permission levels, namely `Editor`, and `Viewer`.
+Each user has a default project created on user creation by the admin for which they maintain a project level `Owner` access. Every `Owner` has the ability to invite other users into their project with different permission levels, namely `Executor`, and `Viewer`.
 
 Teaming is based on the following principles and each user can have one of the 3 project roles:
 
-- **Owner:** One who created the project and owns it. Only the owner has permission to manage(invite or remove) the members in his/her project. The owner can schedule chaos experiments, update and delete chaos experiments.
-- **Editor:** Members invited with the editor role can do everything an owner can except for managing the project.
+- **Owner:** One who created the project and owns it. Only the owner has permission to manage(invite or remove) the members in his/her project. The owner can create resources such as infrastructures, probes, hubs, experiments, etc, schedule chaos experiments, update and delete chaos experiments.They have both create and execute perimissions.
+- **Executor:** Members invited with the executor role only have execute and view permissions which allow them to run/stop experiments, use probes etc, they don't have any create/delete permissions.
 - **Viewer:** Members having a viewer role can only view the analytics related to the chaos experiments and the chaos experiments themselves, but are not given permission to schedule chaos experiments in the project.
 
 ## Role privileges
@@ -26,15 +26,15 @@ Teaming is based on the following principles and each user can have one of the 3
 
 - Invite other users for the following roles:
   - Viewer
-  - Editor
+  - Executor
 - View the list of team members with other details including their role in the project, email-id, date-time of joining the project team.
 - Rename your project.
 - Remove a member from your project.
 - Check the status of the invitation you sent to other members.
 - Edit the user role in case the invitation is pending.
 - Cancel the invitation.
 
-**_As a Viewer or Editor you can:_**
+**_As a Viewer or Executor you can:_**
 
 - Check and Accept/Decline the received invitations.
 - Switch and browse any project you are a member of.
 
@@ -1,6 +1,6 @@
 ---
 id: installation
-title: ChaosCenter cluster scope installation
+title: ChaosCenter installation
 sidebar_label: Installation
 ---
 
@@ -100,10 +100,62 @@ Visit https://docs.litmuschaos.io to find more info.
 
 > **Note:** Litmus uses Kubernetes CRDs to define chaos intent. Helm3 handles CRDs better than Helm2. Before you start running a chaos experiment, verify if Litmus is installed correctly.
 
-### **Install Litmus using kubectl**
+## **Install Litmus using kubectl**
 
 In this method the users need to install mongo first via helm and then apply the installation manifest. Follow the instructions [here](https://github.com/litmuschaos/litmus/tree/master/chaoscenter#installation-steps-for-litmus-300-beta9).
 
+### **Install mongo**
+
+ ```bash
+  helm repo add bitnami https://charts.bitnami.com/bitnami
+  ```
+
+Mongo Values
+
+```bash
+  auth:
+  enabled: true
+  rootPassword: "1234"
+  # -- existingSecret Existing secret with MongoDB(&reg;) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, ` mongodb-replica-set-key`)
+  existingSecret: ""
+architecture: replicaset
+replicaCount: 3
+persistence:
+  enabled: true
+volumePermissions:
+  enabled: true
+metrics:
+  enabled: false
+  prometheusRule:
+    enabled: false
+
+# bitnami/mongodb is not yet supported on ARM.
+# Using unofficial tools to build bitnami/mongodb (arm64 support)
+# more info: https://github.com/ZCube/bitnami-compat
+#image:
+#  registry: ghcr.io/zcube
+#  repository: bitnami-compat/mongodb
+#  tag: 6.0.5
+```
+
+```bash 
+helm install my-release bitnami/mongodb --values mongo-values.yml -n <NAMESPACE> --create-namespace
+```
+
+Litmus supports for HTTP and HTTPS mode of installation.
+
+### Basic installation (HTTP based and allows all origins)
+
+Applying the manifest file will install all the required service account configuration and ChaosCenter in namespaced scope.
+
+```bash
+ kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/master/chaoscenter/manifests/litmus-getting-started.yaml -n <NAMESPACE>
+```
+
+### Advanced installation (HTTPS based and CORS rules apply)
+
+For advanced installation visit [here](../user-guides/chaoscenter-advanced-installation.md)
+
 ---
 
 ## **Verify your installation**
@@ -182,6 +234,9 @@ http://172.17.0.3:31846/
 
 > Where `172.17.0.3` is my NodeIP and `31846` is the frontend service PORT. If using a LoadBalancer, the only change would be to provide a `<LoadBalancerIP>:<PORT>`. [Learn more about how to access ChaosCenter with LoadBalancer](../user-guides/setup-without-ingress.md#with-loadbalancer)
 
+
+**NOTE:** With advanced installation CORS rules are applied, once manifest is applied frontend loadbalancer IP needs to be added in the `ALLOWED_ORIGINS` environment in both auth and graphql server deployment.
+
 You should be able to see the Login Page of Litmus ChaosCenter. The **default credentials** are
 
 ```yaml
@@ -197,7 +252,7 @@ By default you are assigned with a default project with Owner permissions.
 
 ## Learn more
 
-- [Install ChaosCenter in Namespace Scope](../user-guides/chaoscenter-namespace-scope-installation.md)
+- [Install ChaosCenter with HTTPS](../user-guides/chaoscenter-advanced-installation.md)
 - [Connect External Chaos Infrastructures to ChaosCenter](../user-guides/chaos-infrastructure-installation.md)
 - [Setup Endpoints and Access ChaosCenter without Ingress](../user-guides/setup-without-ingress.md)
 - [Setup Endpoints and Access ChaosCenter with Ingress](../user-guides/setup-with-ingress.md)
@@ -0,0 +1,260 @@
+---
+id: chaoscenter-advanced-installation
+title: ChaosCenter Advanced Installation
+sidebar_label: Setup with HTTPS
+---
+
+---
+
+## Prerequisites
+
+- Kubernetes 1.17 or later
+
+- A Persistent volume of 20GB
+
+:::note
+Recommend to have a Persistent volume(PV) of 20GB, You can start with 1GB for test purposes as well. This PV is used as persistent storage to store the chaos config and chaos-metrics in the Portal. By default, litmus install would use the default storage class to allocate the PV. Provide this value
+:::
+
+- [Helm3](https://v3.helm.sh/) or [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)
+
+## Installation
+
+Users looking to use Litmus for the first time have two options available to them today. One way is to use a hosted Litmus service like [Harness Chaos Engineering SaaS](https://app.harness.io/auth/#/signin). Alternatively, users looking for some more flexibility can install Litmus into their own Kubernetes cluster.
+
+Users choosing the self-hosted option can refer to our Install and Configure docs for installing alternate versions and more detailed instructions.
+
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+<Tabs>
+  <TabItem value="self-hosted" label="Self-Hosted" default>
+    Installation of Self-Hosted Litmus can be done using either of the below methods:
+    <li><a href="#install-litmus-using-helm">Helm3</a> chart</li>
+    <li><a href="#install-litmus-using-kubectl">Kubectl</a> yaml spec file</li>
+    <br/>
+    Refer to the below details for Self-Hosted Litmus installation.
+  </TabItem>
+  <TabItem value="hosted" label="Hosted (Beta)">
+    <a href="https://harness.io/">Harness</a> offers a free service for community members which makes getting started with Litmus easy. Create an account to get started. Once logged in, create a new hosted control plane and connect to it via the up CLI. Litmus can be used as a hosted cloud service using <a href="https://app.harness.io/auth/#/signin">Harness Chaos Engineering SaaS</a>. Harness Chaos Engineering SaaS executes your Chaos Experiments in the cloud by managing all your Chaos Control Plane components, while the Chaos Execution Plane components exist on your Kubernetes cluster as part of an external chaos infrastructure.
+    <br/><br/>
+    To get started with Harness Chaos Engineering SaaS, visit <a href="https://developer.harness.io/docs/chaos-engineering/get-started/learn-more-free-plan">Harness Chaos Engineering SaaS</a> and register for free. You can skip the below installation steps.
+  </TabItem>
+</Tabs>
+
+### Install Litmus using Helm
+
+The helm chart will install all the required service account configuration and ChaosCenter.
+
+The following steps will help you install Litmus ChaosCenter via helm.
+
+#### Step-1: Add the litmus helm repository
+
+```bash
+helm repo add litmuschaos https://litmuschaos.github.io/litmus-helm/
+helm repo list
+```
+
+#### Step-2: Create the namespace on which you want to install Litmus ChaosCenter
+
+- The ChaosCenter can be placed in any namespace, but for this scenario we are choose `litmus` as the namespace.
+
+```bash
+kubectl create ns litmus
+```
+
+#### Step-3: Install Litmus ChaosCenter
+
+```bash
+helm install chaos litmuschaos/litmus --namespace=litmus --set portal.frontend.service.type=NodePort
+```
+
+> **Note:** If your Kubernetes cluster isn't local, you may want not to expose Litmus via `NodePort`. If so, remove `--set portal.frontend.service.type=NodePort` option. To connect to Litmus UI from your laptop, you can use `port-forward svc/chaos-litmus-frontend-service 9091:9091`. Then you can use your browser and open `127.0.0.1:9091`.
+
+- Litmus helm chart depends on `bitnami/mongodb` [helm chart](https://github.com/bitnami/charts/tree/main/bitnami/mongodb), which uses a mongodb image not supported on ARM. If you want to install Litmus on an ARM-based server, please replace the default one with your custom mongodb arm image as shown below.
+
+  ```bash
+  helm install chaos litmuschaos/litmus --namespace=litmus \
+  --set portal.frontend.service.type=NodePort \
+  --set mongodb.image.registry=<put_registry> \
+  --set mongodb.image.repository=<put_image_repository> \
+  --set mongodb.image.tag=<put_image_tag>
+  ```
+
+<span style={{color: 'green'}}><b>Expected Output</b></span>
+
+```
+NAME: chaos
+LAST DEPLOYED: Tue Jun 15 19:20:09 2021
+NAMESPACE: litmus
+STATUS: deployed
+REVISION: 1
+TEST SUITE: None
+NOTES:
+Thank you for installing litmus 😀
+
+Your release is named chaos and its installed to namespace: litmus.
+
+Visit https://docs.litmuschaos.io to find more info.
+```
+
+> **Note:** Litmus uses Kubernetes CRDs to define chaos intent. Helm3 handles CRDs better than Helm2. Before you start running a chaos experiment, verify if Litmus is installed correctly.
+
+## **Install Litmus using kubectl**
+
+In this method the users need to install mongo first via helm and then apply the installation manifest. Follow the instructions [here](https://github.com/litmuschaos/litmus/tree/master/chaoscenter#installation-steps-for-litmus-300-beta9).
+
+### **Install mongo**
+
+ ```bash
+  helm repo add bitnami https://charts.bitnami.com/bitnami
+  ```
+
+Mongo Values
+
+```bash
+  auth:
+  enabled: true
+  rootPassword: "1234"
+  # -- existingSecret Existing secret with MongoDB(&reg;) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, ` mongodb-replica-set-key`)
+  existingSecret: ""
+architecture: replicaset
+replicaCount: 3
+persistence:
+  enabled: true
+volumePermissions:
+  enabled: true
+metrics:
+  enabled: false
+  prometheusRule:
+    enabled: false
+
+# bitnami/mongodb is not yet supported on ARM.
+# Using unofficial tools to build bitnami/mongodb (arm64 support)
+# more info: https://github.com/ZCube/bitnami-compat
+#image:
+#  registry: ghcr.io/zcube
+#  repository: bitnami-compat/mongodb
+#  tag: 6.0.5
+```
+
+```bash 
+helm install my-release bitnami/mongodb --values mongo-values.yml -n <NAMESPACE> --create-namespace
+```
+
+Litmus supports for HTTP and HTTPS mode of installation.
+
+### Advanced installation (HTTPS based and CORS rules apply)
+
+1. Generate TLS certificates: You can provide your own certificates or can generate using [this](https://github.com/litmuschaos/litmus/blob/master/chaoscenter/mtls-helper.sh) bash script.
+
+2. Create secret
+    
+    ```bash
+    kubectl create secret generic tls-secret --from-file=ca.crt=ca.crt --from-file=tls.crt=tls.crt --from-file=tls.key=tls.key -n <NAMESPCACE>
+    ```
+3. Applying the manifest file will install all the required service account configuration and ChaosCenter in namespaced scope.
+
+```bash
+kubectl apply -f https://raw.githubusercontent.com/litmuschaos/litmus/master/chaoscenter/manifests/litmus-installation.yaml -n <NAMESPACE>
+```
+
+---
+
+## **Verify your installation**
+
+#### **Verify if the frontend, server, and database pods are running**
+
+- Check the pods in the namespace where you installed Litmus:
+
+  ```bash
+  kubectl get pods -n litmus
+  ```
+
+  <span style={{color: 'green'}}><b>Expected Output</b></span>
+
+  ```bash
+  NAME                                       READY   STATUS    RESTARTS   AGE
+  litmusportal-server-6fd57cc89-6w5pn        1/1     Running     0          57s
+  litmusportal-auth-server-7b596fff9-5s6g5   1/1     Running     0          57s
+  litmusportal-frontend-55974fcf59-cxxrf     1/1     Running     0          58s
+  my-release-mongodb-0                       1/1     Running     0          63s
+  my-release-mongodb-1                       1/1     Running     0          63s
+  my-release-mongodb-2                       1/1     Running     0          62s
+  my-release-mongodb-arbiter-0               1/1     Running     0          64s
+
+  ```
+
+- Check the services running in the namespace where you installed Litmus:
+
+  ```bash
+  kubectl get svc -n litmus
+  ```
+
+  <span style={{color: 'green'}}><b>Expected Output</b></span>
+
+  ```bash
+  NAME                                  TYPE           CLUSTER-IP     EXTERNAL-IP      PORT(S)                         AGE
+  chaos-exporter                        ClusterIP      10.68.45.7     <none>           8080/TCP                        23h
+  litmusportal-auth-server-service      NodePort       10.68.34.91    <none>           9003:32368/TCP,3030:31051/TCP   23h
+  litmusportal-frontend-service         NodePort       10.68.43.68    <none>           9091:30070/TCP                  23h
+  litmusportal-server-service           NodePort       10.68.33.242   <none>           9002:32455/TCP,8000:30722/TCP   23h
+  my-release-mongodb-arbiter-headless   ClusterIP      None           <none>           27017/TCP                       23h
+  my-release-mongodb-headless           ClusterIP      None           <none>           27017/TCP                       23h
+  workflow-controller-metrics           ClusterIP      10.68.33.65    <none>           9090/TCP                        23h
+  ```
+
+---
+
+## **Accessing the ChaosCenter**
+
+To setup and login to ChaosCenter expand the available services just created and copy the `PORT` of the `litmusportal-frontend-service` service
+
+```bash
+kubectl get svc -n litmus
+```
+
+<span style={{color: 'green'}}><b>Expected Output</b></span>
+
+```bash
+NAME                               TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                         AGE
+litmusportal-frontend-service      NodePort    10.43.79.17    <none>        9091:31846/TCP                  102s
+litmusportal-server-service        NodePort    10.43.30.54    <none>        9002:31245/TCP,8000:32714/TCP   101s
+litmusportal-auth-server-service   NodePort    10.43.81.108   <none>        9003:32618/TCP,3030:31899/TCP   101s
+mongo-service                      ClusterIP   10.43.227.10   <none>        27017/TCP                       101s
+mongo-headless-service             ClusterIP   None           <none>        27017/TCP                       101s
+```
+
+> **Note**: In this case, the PORT for `litmusportal-frontend-service` is `31846`. Yours will be different.
+
+Once you have the PORT copied in your clipboard, simply use your IP and PORT in this manner `<NODEIP>:<PORT>` to access the Litmus ChaosCenter.
+
+For example:
+
+```yaml
+https://172.17.0.3:31846/
+```
+
+> Where `172.17.0.3` is my NodeIP and `31846` is the frontend service PORT. If using a LoadBalancer, the only change would be to provide a `<LoadBalancerIP>:<PORT>`. [Learn more about how to access ChaosCenter with LoadBalancer](../user-guides/setup-without-ingress.md#with-loadbalancer)
+
+
+**NOTE:** With advanced installation CORS rules are applied, once manifest is applied frontend loadbalancer IP needs to be added in the `ALLOWED_ORIGINS` environment in both auth and graphql server deployment.
+
+You should be able to see the Login Page of Litmus ChaosCenter. The **default credentials** are
+
+```yaml
+Username: admin
+Password: litmus
+```
+
+<img src={require('../assets/login.png').default} width="800" />
+
+By default you are assigned with a default project with Owner permissions.
+
+<img src={require('../assets/landing-page.png').default} width="800" />
+
+## Learn more
+
+- [Install ChaosCenter with HTTP](../getting-started/installation.md)
+- [Setup Endpoints and Access ChaosCenter without Ingress](setup-without-ingress.md)
+- [Setup Endpoints and Access ChaosCenter with Ingress](setup-with-ingress.md)