upgrade version + improve docs for connecting Kerberos Agent to Kerbe…

…ros Vault

docker/README.md

@@ -157,4 +157,36 @@ Open the account page, by selectig the `Accounts` navigation item. Select the `+
 
 ## You're done!
 
-Now you are ready setting up Kerberos Vault with Minio! It's time to connect some Kerberos Agents! Let's have a look here how to do that.
+Now you are ready setting up Kerberos Vault with Minio! It's time to connect some Kerberos Agents! Let's have a look here how to do that. If you didn't already create a Kerberos Agent, [please have a look here](https://github.com/kerberos-io/agent/tree/master/deployments/docker) to understand how it's done.
+
+### Connect Kerberos Agent to Kerberos Vault
+
+Once you have spinned up one or more agents through `docker`, `docker compose`, `Kerberos Factory` or any other automation tool you can configure your Kerberos Agents to connect to Kerberos Vault.
+
+As you might have noticed is that each Kerberos Agent will connect to a single camera, coming with its own dedicated agent configuration for that specific camera. This design principle allows us to support a distributed and resilent approach where workloads can be spread towards a cluster of machines.
+
+A Kerberos Agent can be configured using various methods: `the UI`, `environment variables` or `configuration files`. 
+
+#### UI
+
+When running the Kerberos Agent through one of the deployments as mentioned above you should be able reach the Kerberos Agent UI through the defined port. You should see a login screen where can signin with the default username and password: `root`, `root`.
+
+![Login Kerberos agent](./assets/kerberos-agent-overview.gif)
+
+Once signed in you should head over the `settings` or `configuration page` and look for the `persistence` tab. Change the dropdown to `Kerberos Vault`, you will see that several details are required to be filled in, by adding the correct values we are able to setup a secure connection to `Kerberos Vault`
+
+![Change persistence settings](./assets/kerberos-agent-to-kerberos-vault.gif)
+
+The information we need to provide are the following fields.
+
+- `Kerberos Vault API URL`:  The API url is hosted on the `http://{your-vault-domain}/api`, where the `/api` suffix is added to the domain of your Kerberos Vault. You can verify this by browsing to `http://{your-vault-domain}/api/health`.
+- `Provider`: The storage provider you would like to use. You can find the providers on the "Storage providers" page (or specified in the Kerberos Vault account you have setup).
+- `Directory`:  This is the (sub) directory where the recordings will be stored in the storage provider. Important to note is that if you want to view your recordings through Kerberos Hub, this directory has to match the username of your Kerberos Hub account.
+- `Access Key`: The access key of the account you have created in previous steps.
+- `Secret Key`: The secret key of the account you have created in previous steps.
+
+Once you have filled in the relevant credentials you can hit the `Verify Connection` button and you should see a green success bar shown on top of the UI. You could also verify on your storage provider by connecting to the configured storage provider and see if a `test-provider` directory was created with a sample video.
+
+![Verify settings](./assets/save-kerberos-vault-setings.gif)
+
+Congratulations! Your Kerberos Agent is now successfully connected to the Kerberos Vault. You can centralize your recordings on the storage provider of your choice, whether it's Edge or Cloud. This will allow you to manage and access your recordings more efficiently and securely.

docker/docker-compose.yml

@@ -16,6 +16,52 @@ services:
   #  volumes:
   #    - "/var/run/docker.sock:/var/run/docker.sock:ro"
 
+  vault:
+    image: "kerberos/vault:1.0.1398121865"
+    restart: always
+    container_name: "kerberos-vault"
+    hostname: "kerberos-vault"
+    depends_on:
+      mongo:
+        condition: service_healthy
+    ports:
+      - "80:80"
+    volumes:
+      - "./vault:/vault"
+    environment:
+      - GIN_MODE=release
+      - KERBEROS_LOGIN_USERNAME=root
+      - KERBEROS_LOGIN_PASSWORD=pass
+
+      # This is the mongodb database where data will be stored, you might use a different name if you want.
+      - MONGODB_DATABASE_STORAGE=KerberosStorage
+
+      # MongoDB URI (for example for a SaaS service like MongoDB Atlas)
+      # If uri is set, the below properties are not used (host, adminDatabase, username, password)
+      #- MONGODB_URI="mongodb+srv://xx:[email protected]/?retryWrites=true&w=majority&appName=xxx"
+
+      # If you do not wish to use the URI, you can specify the individual values.
+      - MONGODB_HOST=mongo
+      - MONGODB_DATABASE_CREDENTIALS=admin
+      - MONGODB_USERNAME=root
+      - MONGODB_PASSWORD=pass
+
+      # MQTT broker to be used for on-demand forwarding.
+      - MQTTURI=
+      - MQTT_USERNAME=
+      - MQTT_PASSWORD=
+
+      # If you have a chained vault setup, enable this.
+      - CONTINUOUS_FORWARDING=false
+    #labels:
+    #  - 'traefik.enable=true'
+    #  - 'traefik.http.routers.kerberos-vault.rule=Host(`kerberos-vault.domain.tld`)'
+    #  - 'traefik.http.routers.kerberos-vault.entrypoints=web'
+    #  - 'traefik.http.routers.kerberos-vault.tls=false'
+    #  - 'traefik.http.routers.kerberos-vault.tls.certresolver=leresolver'
+    #  - "traefik.http.routers.kerberos-vault.service=kerberos_vault"
+    #  - 'traefik.http.services.kerberos_vault.loadbalancer.server.port=80'
+
   mongo:
     image: "mongo:4.4.16" # or mongo:5.x, mongo:6.x or later
     container_name: "mongo"
@@ -64,51 +110,17 @@ services:
     #  - "traefik.http.routers.minio-console.service=minio-console"
     #  - 'traefik.http.services.minio-console.loadbalancer.server.port=9090'
 
-  vault:
-    image: "kerberos/vault:1.0.1389072349"
+  rabbitmq:
+    image: rabbitmq:3-management-alpine
+    container_name: "rabbitmq"
+    hostname: "rabbitmq"
     restart: always
-    container_name: "kerberos-vault"
-    hostname: "kerberos-vault"
-    depends_on:
-      mongo:
-        condition: service_healthy
     ports:
-      - "80:80"
+      - 5672:5672
+      - 15672:15672
     volumes:
-      - "./vault:/vault"
-    environment:
-      - GIN_MODE=release
-      - KERBEROS_LOGIN_USERNAME=root
-      - KERBEROS_LOGIN_PASSWORD=pass
-
-      # This is the mongodb database where data will be stored, you might use a different name if you want.
-      - MONGODB_DATABASE_STORAGE=KerberosStorage
-
-      # MongoDB URI (for example for a SaaS service like MongoDB Atlas)
-      # If uri is set, the below properties are not used (host, adminDatabase, username, password)
-      #- MONGODB_URI="mongodb+srv://xx:[email protected]/?retryWrites=true&w=majority&appName=xxx"
-
-      # If you do not wish to use the URI, you can specify the individual values.
-      - MONGODB_HOST=mongo
-      - MONGODB_DATABASE_CREDENTIALS=admin
-      - MONGODB_USERNAME=root
-      - MONGODB_PASSWORD=pass
-
-      # MQTT broker to be used for on-demand forwarding.
-      - MQTTURI=
-      - MQTT_USERNAME=
-      - MQTT_PASSWORD=
-
-      # If you have a chained vault setup, enable this.
-      - CONTINUOUS_FORWARDING=false
-    #labels:
-    #  - 'traefik.enable=true'
-    #  - 'traefik.http.routers.kerberos-vault.rule=Host(`kerberos-vault.domain.tld`)'
-    #  - 'traefik.http.routers.kerberos-vault.entrypoints=web'
-    #  - 'traefik.http.routers.kerberos-vault.tls=false'
-    #  - 'traefik.http.routers.kerberos-vault.tls.certresolver=leresolver'
-    #  - "traefik.http.routers.kerberos-vault.service=kerberos_vault"
-    #  - 'traefik.http.services.kerberos_vault.loadbalancer.server.port=80'
+      - ./rabbitmq/data/:/var/lib/rabbitmq/
+      - ./rabbitmq/log/:/ar/log/rabbitmq
 
 volumes:
   kerberos-data:

kubernetes/kerberos-vault/deployment.yaml

@@ -20,11 +20,11 @@ spec:
     spec:
       containers:
       - name: vault
-        image: kerberos/vault:1.0.1389072349
+        image: kerberos/vault:1.0.1398121865
         #imagePullPolicy: Always
         resources:
           limits:
-            memory: 2048Mi
+            memory: 4096Mi
             cpu: 2000m
         ports:
           - containerPort: 80