docs: new section Manuals in How To Administrate

src/how-to/administrate/README.md

@@ -1,25 +1,29 @@
 # Administration Guide
 
 ## 1. Kubernetes
+
 - [Kubernetes](kubernetes/README.md)
   - [Certificate renewal](kubernetes/certificate-renewal/README.md)
   - [How to restart a machine that is part of a Kubernetes cluster?](kubernetes/restart-machines/README.md)
   - [Upgrading a Kubernetes cluster](kubernetes/upgrade-cluster/README.md)
   - [Troubleshooting problems arising after Kubernetes cluster upgrades](kubernetes/upgrade-cluster/README.md#troubleshooting-problems-arising-after-kubernetes-cluster-upgrades)
 
 ## 2. Backup and Disaster Recovery
+
 - [Backup and disaster recovery](backup-disaster-recovery.md)
   - [Introduction](backup-disaster-recovery.md#introduction)
   - [Backing up](backup-disaster-recovery.md#backing-up)
   - [Recovery procedure](backup-disaster-recovery.md#recovery-procedure)
 
 ## 3. Cassandra
+
 - [Cassandra](cassandra.md)
   - [Check the health of a Cassandra node](cassandra.md#check-the-health-of-a-cassandra-node)
   - [How to inspect tables and data manually](cassandra.md#how-to-inspect-tables-and-data-manually)
   - [How to rolling-restart a Cassandra cluster](cassandra.md#how-to-rolling-restart-a-cassandra-cluster)
 
 ## 4. Elasticsearch
+
 - [Elasticsearch](elasticsearch.md)
   - [How to rolling-restart an Elasticsearch cluster](elasticsearch.md#how-to-rolling-restart-an-elasticsearch-cluster)
   - [How to manually look into what is stored in Elasticsearch](elasticsearch.md#how-to-manually-look-into-what-is-stored-in-elasticsearch)
@@ -29,6 +33,7 @@
   - [Troubleshooting](elasticsearch.md#troubleshooting)
 
 ## 5. Etcd
+
 - [Etcd](etcd.md)
   - [How to see cluster health](etcd.md#how-to-see-cluster-health)
   - [How to inspect tables and data manually](etcd.md#how-to-inspect-tables-and-data-manually)
@@ -37,12 +42,14 @@
   - [Troubleshooting](etcd.md#troubleshooting)
 
 ## 6. General - Linux
+
 - [General - Linux](general-linux.md)
   - [Which ports and network interface is my process running on?](general-linux.md#which-ports-and-network-interface-is-my-process-running-on)
   - [How can I see if my TLS certificates are configured the way I expect?](general-linux.md#how-can-i-see-if-my-tls-certificates-are-configured-the-way-i-expect)
   - [How can I see if my TLS certificates are configured the way I expect (special case Kubernetes from a Kubernetes machine)](general-linux.md#how-can-i-see-if-my-tls-certificates-are-configured-the-way-i-expect-special-case-kubernetes-from-a-kubernetes-machine)
 
 ## 7. Minio
+
 - [Minio](minio.md)
   - [Should you be using Minio?](minio.md#should-you-be-using-minio)
   - [Setting up interaction with Minio](minio.md#setting-up-interaction-with-minio)
@@ -51,13 +58,15 @@
   - [Check the health of a MinIO node](minio.md#check-the-health-of-a-minio-node)
 
 ## 8. Operational Procedures
+
 - [Operational procedures](operations.md)
   - [Reboot procedures](operations.md#reboot-procedures)
   - [Health checks](operations.md#health-checks)
   - [Draining pods from a node for maintenance](operations.md#draining-pods-from-a-node-for-maintainance)
   - [Understand release tags](operations.md#understand-release-tags)
 
 ## 9. Restund (TURN)
+
 - [Restund (TURN)](restund.md)
   - [Wire-Server Configuration](restund.md#wire-server-configuration)
   - [How to see how many people are currently connected to the restund server](restund.md#how-to-see-how-many-people-are-currently-connected-to-the-restund-server)
@@ -68,6 +77,7 @@
   - [How to check which restund/TURN servers will be used by clients](restund.md#how-to-check-which-restund-turn-servers-will-be-used-by-clients)
 
 ## 10. Investigative Tasks
+
 - [Investigative tasks (e.g. searching for users as server admin)](users.md)
   - [Manually searching for users in Cassandra](users.md#manually-searching-for-users-in-cassandra)
   - [Deleting a user which is not a team user](users.md#deleting-a-user-which-is-not-a-team-user)
@@ -83,4 +93,9 @@
   - [Identify all users using SSO](users.md#identify-sso-users)
   - [Create a team using the SCIM API](users.md#create-a-team-using-the-scim-api)
 
+## 11. Manuals
+
+- [Test an ingress is working from inside the cluster](manuals.md#test-an-ingress-is-working-from-inside-the-cluster)
+- [Load an image into containerd in an offline/airgapped environment](manuals.md#load-an-image-into-containerd-in-an-offlineairgapped-environment)
+
 <!-- TODO: .. include:: administration/redis.rst -->

src/how-to/administrate/manuals.md

@@ -0,0 +1,70 @@
+# Manuals
+
+This section will cover various administrative tasks that one might need when running a Kubernetes cluster in general (and Wire).
+
+## Test an ingress is working from inside the cluster
+
+Source the [d](https://github.com/wireapp/wire-server-deploy/blob/master/offline/docs_ubuntu_22.04.md#making-tooling-available-in-your-environment) alias from our script if you haven't done so already.
+
+```
+source ./bin/offline-env.sh
+```
+
+List out
+Fetch the IP address of your `ingress-nginx-controller-controller` LoadBalancer with:
+
+```
+d kubectl get svc ingress-nginx-controller-controller
+```
+
+Get the full name of your `fake-aws-sns` pod with:
+
+```
+d kubectl get pods
+# or
+d kubectl get pods -l app=fake-aws-sns
+```
+
+Log onto the SNS pod with:
+
+```
+d kubectl exec -it fake-aws-sns-xxxxxx-yyyyyyy -- /bin/bash
+```
+
+This will drop you into a bash shell. In here, run:
+
+```
+curl -k -H "X-Host: WEBAPPDOMAINNAME" -H "Host: WEBAPPDOMAINNAME" https://NGINXCONTROLLERCONTROLLER:443/ -v
+```
+
+You should get a valid response and the HTML of webapp if all is working correctly.
+
+## Load an image into containerd in an offline/airgapped environment
+
+If you ever need to load an image in an offline/airgapped environment for an important security update of a Wire or Kubernetes component. First, download the new release you will be installing. For example, with docker:
+
+```
+docker pull registry.k8s.io/ingress-nginx/controller:v1.12.1
+```
+
+Now save it in `.tar` and replace the forward slashes and colons with underscores, like this:
+
+```
+docker save -o registry.k8s.io_ingress-nginx_controller_v1.12.1.tar registry.k8s.io/ingress-nginx/controller:v1.12.1
+```
+
+Now copy the `.tar` file over to all of your kubernetes hosts.
+
+Load it into containerd with:
+
+```
+ctr -n k8s.io images import registry.k8s.io_ingress-nginx_controller_v1.12.1.tar
+```
+
+Verify the image is in the containerd list after import with:
+
+```
+ctr -n k8s.io images list | grep ingress-nginx
+```
+
+The image is now ready to be used.