From 3b3d3dd882f68653b0969da26025fcecdf3354c7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vedran=20Ivankovi=C4=87?=
 <33936733+Veki301@users.noreply.github.com>
Date: Thu, 15 May 2025 15:53:24 +0200
Subject: [PATCH 1/3] docs: new section Manuals in How To Administrate

---
 src/how-to/administrate/README.md  | 16 ++++++++
 src/how-to/administrate/manuals.md | 64 ++++++++++++++++++++++++++++++
 2 files changed, 80 insertions(+)
 create mode 100644 src/how-to/administrate/manuals.md

diff --git a/src/how-to/administrate/README.md b/src/how-to/administrate/README.md
index ea055ae..f78bbc0 100644
--- a/src/how-to/administrate/README.md
+++ b/src/how-to/administrate/README.md
@@ -1,6 +1,7 @@
 # Administration Guide
 
 ## 1. Kubernetes
+
 - [Kubernetes](kubernetes/README.md)
   - [Certificate renewal](kubernetes/certificate-renewal/README.md)
   - [How to restart a machine that is part of a Kubernetes cluster?](kubernetes/restart-machines/README.md)
@@ -8,18 +9,21 @@
   - [Troubleshooting problems arising after Kubernetes cluster upgrades](kubernetes/upgrade-cluster/README.md#troubleshooting-problems-arising-after-kubernetes-cluster-upgrades)
 
 ## 2. Backup and Disaster Recovery
+
 - [Backup and disaster recovery](backup-disaster-recovery.md)
   - [Introduction](backup-disaster-recovery.md#introduction)
   - [Backing up](backup-disaster-recovery.md#backing-up)
   - [Recovery procedure](backup-disaster-recovery.md#recovery-procedure)
 
 ## 3. Cassandra
+
 - [Cassandra](cassandra.md)
   - [Check the health of a Cassandra node](cassandra.md#check-the-health-of-a-cassandra-node)
   - [How to inspect tables and data manually](cassandra.md#how-to-inspect-tables-and-data-manually)
   - [How to rolling-restart a Cassandra cluster](cassandra.md#how-to-rolling-restart-a-cassandra-cluster)
 
 ## 4. Elasticsearch
+
 - [Elasticsearch](elasticsearch.md)
   - [How to rolling-restart an Elasticsearch cluster](elasticsearch.md#how-to-rolling-restart-an-elasticsearch-cluster)
   - [How to manually look into what is stored in Elasticsearch](elasticsearch.md#how-to-manually-look-into-what-is-stored-in-elasticsearch)
@@ -29,6 +33,7 @@
   - [Troubleshooting](elasticsearch.md#troubleshooting)
 
 ## 5. Etcd
+
 - [Etcd](etcd.md)
   - [How to see cluster health](etcd.md#how-to-see-cluster-health)
   - [How to inspect tables and data manually](etcd.md#how-to-inspect-tables-and-data-manually)
@@ -37,12 +42,14 @@
   - [Troubleshooting](etcd.md#troubleshooting)
 
 ## 6. General - Linux
+
 - [General - Linux](general-linux.md)
   - [Which ports and network interface is my process running on?](general-linux.md#which-ports-and-network-interface-is-my-process-running-on)
   - [How can I see if my TLS certificates are configured the way I expect?](general-linux.md#how-can-i-see-if-my-tls-certificates-are-configured-the-way-i-expect)
   - [How can I see if my TLS certificates are configured the way I expect (special case Kubernetes from a Kubernetes machine)](general-linux.md#how-can-i-see-if-my-tls-certificates-are-configured-the-way-i-expect-special-case-kubernetes-from-a-kubernetes-machine)
 
 ## 7. Minio
+
 - [Minio](minio.md)
   - [Should you be using Minio?](minio.md#should-you-be-using-minio)
   - [Setting up interaction with Minio](minio.md#setting-up-interaction-with-minio)
@@ -51,6 +58,7 @@
   - [Check the health of a MinIO node](minio.md#check-the-health-of-a-minio-node)
 
 ## 8. Operational Procedures
+
 - [Operational procedures](operations.md)
   - [Reboot procedures](operations.md#reboot-procedures)
   - [Health checks](operations.md#health-checks)
@@ -58,6 +66,7 @@
   - [Understand release tags](operations.md#understand-release-tags)
 
 ## 9. Restund (TURN)
+
 - [Restund (TURN)](restund.md)
   - [Wire-Server Configuration](restund.md#wire-server-configuration)
   - [How to see how many people are currently connected to the restund server](restund.md#how-to-see-how-many-people-are-currently-connected-to-the-restund-server)
@@ -68,6 +77,7 @@
   - [How to check which restund/TURN servers will be used by clients](restund.md#how-to-check-which-restund-turn-servers-will-be-used-by-clients)
 
 ## 10. Investigative Tasks
+
 - [Investigative tasks (e.g. searching for users as server admin)](users.md)
   - [Manually searching for users in Cassandra](users.md#manually-searching-for-users-in-cassandra)
   - [Deleting a user which is not a team user](users.md#deleting-a-user-which-is-not-a-team-user)
@@ -83,4 +93,10 @@
   - [Identify all users using SSO](users.md#identify-sso-users)
   - [Create a team using the SCIM API](users.md#create-a-team-using-the-scim-api)
 
+## 11. Manuals
+
+- [Manuals](manuals.md)
+  - [Test an ingress is working from inside the cluster](manuals.md#test-an-ingress-is-working-from-inside-the-cluster)
+  - [Load an image into containerd in an offline/airgapped environment](manuals.md#load-an-image-into-containerd-in-an-offlineairgapped-environment)
+
 <!-- TODO: .. include:: administration/redis.rst -->
diff --git a/src/how-to/administrate/manuals.md b/src/how-to/administrate/manuals.md
new file mode 100644
index 0000000..eaa923f
--- /dev/null
+++ b/src/how-to/administrate/manuals.md
@@ -0,0 +1,64 @@
+# Manuals
+
+This section will cover various administrative tasks that one might need when running a Kubernetes cluster in general (and Wire).
+
+## Test an ingress is working from inside the cluster
+
+List out
+Fetch the IP address of your `ingress-nginx-controller-controller` LoadBalancer with:
+
+```
+d kubectl get svc ingress-nginx-controller-controller
+```
+
+Get the full name of your `fake-aws-sns` pod with:
+
+```
+d kubectl get pods
+# or
+d kubectl get pods -l app=fake-aws-sns
+```
+
+Log onto the SNS pod with:
+
+```
+d kubectl exec -it fake-aws-sns-xxxxxx-yyyyyyy -- /bin/bash
+```
+
+This will drop you into a bash shell. In here, run:
+
+```
+curl -k -H "X-Host: WEBAPPDOMAINNAME" -H "Host: WEBAPPDOMAINNAME" https://NGINXCONTROLLERCONTROLLER:443/ -v
+```
+
+You should get a valid response and the HTML of webapp if all is working correctly.
+
+## Load an image into containerd in an offline/airgapped environment
+
+If you ever need to load an image in an offline/airgapped environment for an important security update of a Wire or Kubernetes component. First, download the new release you will be installing. For example, with docker:
+
+```
+docker pull registry.k8s.io/ingress-nginx/controller:v1.12.1
+```
+
+Now save it in `.tar` and replace the forward slashes and colons with underscores, like this:
+
+```
+docker save -o registry.k8s.io_ingress-nginx_controller_v1.12.1.tar registry.k8s.io/ingress-nginx/controller:v1.12.1
+```
+
+Now copy the `.tar` file over to all of your kubernetes hosts.
+
+Load it into containerd with:
+
+```
+ctr -n k8s.io images import registry.k8s.io_ingress-nginx_controller_v1.12.1.tar
+```
+
+Verify the image is in the containerd list after import with:
+
+```
+ctr -n k8s.io images list | grep ingress-nginx
+```
+
+The image is now ready to be used.

From d7594fe54f271cbc2ebb080f4e95a1e85d7c2226 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vedran=20Ivankovi=C4=87?=
 <33936733+Veki301@users.noreply.github.com>
Date: Thu, 15 May 2025 16:44:03 +0200
Subject: [PATCH 2/3] remove entry for Manuals as its an early document without
 a sufficient definition as of yet

---
 src/how-to/administrate/README.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/how-to/administrate/README.md b/src/how-to/administrate/README.md
index f78bbc0..939b7a5 100644
--- a/src/how-to/administrate/README.md
+++ b/src/how-to/administrate/README.md
@@ -95,8 +95,7 @@
 
 ## 11. Manuals
 
-- [Manuals](manuals.md)
-  - [Test an ingress is working from inside the cluster](manuals.md#test-an-ingress-is-working-from-inside-the-cluster)
-  - [Load an image into containerd in an offline/airgapped environment](manuals.md#load-an-image-into-containerd-in-an-offlineairgapped-environment)
+- [Test an ingress is working from inside the cluster](manuals.md#test-an-ingress-is-working-from-inside-the-cluster)
+- [Load an image into containerd in an offline/airgapped environment](manuals.md#load-an-image-into-containerd-in-an-offlineairgapped-environment)
 
 <!-- TODO: .. include:: administration/redis.rst -->

From b60fa9be9bcfa21bf05415d5a431e9f6a84dd6f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vedran=20Ivankovi=C4=87?=
 <33936733+Veki301@users.noreply.github.com>
Date: Thu, 15 May 2025 16:44:36 +0200
Subject: [PATCH 3/3] explain the `d` alias, link definition in another
 document

---
 src/how-to/administrate/manuals.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/how-to/administrate/manuals.md b/src/how-to/administrate/manuals.md
index eaa923f..44519fa 100644
--- a/src/how-to/administrate/manuals.md
+++ b/src/how-to/administrate/manuals.md
@@ -4,6 +4,12 @@ This section will cover various administrative tasks that one might need when ru
 
 ## Test an ingress is working from inside the cluster
 
+Source the [d](https://github.com/wireapp/wire-server-deploy/blob/master/offline/docs_ubuntu_22.04.md#making-tooling-available-in-your-environment) alias from our script if you haven't done so already.
+
+```
+source ./bin/offline-env.sh
+```
+
 List out
 Fetch the IP address of your `ingress-nginx-controller-controller` LoadBalancer with: