moved docs somewhere else

3b775c98 · Ulf Seltmann · b0f519da · 3b775c98 · b0f519da · b0f519da
Commit 3b775c98 authored 6 years ago by Ulf Seltmann
--- a/Readme.md
+++ b/Readme.md
@@ -91,7 +91,7 @@ $ deployer undeploy \
 * `--service-account`: this is the name of the service-account, that is used to perform the deployment. This string is provided by the k8s-admin
 * `--name`: sets the name of the deployment.
 * `--charts`: sets the path where the helm-charts reside.
-* `--values`: overrides the values from `Values.yaml` in the helm-charts with values in the specified YAML file. May be provided multiple times. 
+* `--values`: overrides the values from `Values.yaml` in the helm-charts with values in the specified YAML file. May be provided multiple times.
 * `--set`: overrides the values from `Values.yaml` in the helm-charts. Provide multiple `--set`-options if you want to provide multiple overrides.
 * `--set-string`: overrides the values from `Values.yaml` in the helm-charts as string. Provide multiple `--set-string`-options if you want to provide multiple overrides.

@@ -103,3 +103,27 @@ $ deployer undeploy \
 * `--namespace`: sets the k8s-namespace where the deployment is located. This string is provided by the k8s-admin.
 * `--service-account`: this is the name of the service-account, that is used to perform the deployment. This string is provided by the k8s-admin
 * `--name`: sets the name of the deployment.
+
+# Assumptions
+
+This tool makes a few assumptions in order to simplify  usage respecting the workflow and cluster-configuration principals if University Library Leipzig
+
+## One service account per namespace
+
+Namespaces are used to separate a project deployment from another. Each namespace is unique per project per deployment i.e. *website-alpha*, *website-staging* and *website-production*.
+
+The rights of a service account are bound to a namespace, therefore each namespace has its own service account which is allowed to apply deployments in it.
+
+By this we are able to publish the credentials of uncritical deployments such as *alpha* and *staging* to developers, so they can independently deploy their features. The credentials of critical deployments such as *production* are restricted to maintainers which are held responsible for their deployments.
+
+## One Tiller per namespace
+
+*Tiller* - the service component of *Helm* - is deployed in each namespace so they are independent from each other. Also *Tiller* is using the service account of the namespace to create deployments, so that a user can modify or interact with the deployments by using the service accounts credentials.
+
+## Helmchart location
+
+Each project consists of one or more applications which are deployed together in the projects deployment-environment. Each application is responsible for its own components and defines it via helm charts located in the application repository. For consistency this folders should be named `helmchart`.
+
+[Workflow of University Library of Leipzig]: https://git.sc.uni-leipzig.de/ubl/git-test/wikis/home
+[Advanced Configuration]: #Advanced-Configuration
+[Docker-Hub]: https://hub.docker.com/u/ubleipzig/dashboard/
\ No newline at end of file
--- a/docs/deployenv.md
+++ b/docs/deployenv.md
-# create deploy environment
-
-consists of
-* _namespace_: where will all services be deployed
-* _service account_: which account will deploy the services
-
-## install via helm
-
-assuming the service-account name is "testuser" and the namespace is "testns"
-
-```
-$ helm install k8s-admin/deployenv/ \
-	--wait \
-	--name test-deployenv \
-	--set saName=testuser \
-	--set namespace=testns \
-```
-_will create a service account *testuser* in namespace *testns*. the helm install-name is *test-deployenv*_
-
-# remove serviceaccount
-
-```
-$ helm delete --purge test-deployenv
-```
-
-_will remove namespace service account, role and rolebinding for helm-install *test-deployenv*_
-
-# retrieve bearer token for service account
-
-```
-$ export ns=testns
-$ export user=testuser
-$ kubectl --namespace $ns get secret $(kubectl --namespace ${ns} get serviceaccount $user -o jsonpath={.secrets[0].name}) -o jsonpath={.data.token}
\ No newline at end of file
--- a/docs/workflow.wsd
+++ b/docs/workflow.wsd
-@startuml "Deploy Alpha"
-"Developer" as dev -> "Gitlab" as gitlab: commit:1-issue
-gitlab -> "CI-Runner" as runner: build image
-runner->runner: docker build
-runner-->gitlab: ok (docker-image)
-gitlab->runner: publish image
-runner->hub as "Docker-Hub": docker push alpha-1-issue
-hub-->runner: ok
-runner-->gitlab: ok
-gitlab->runner: deploy
-runner->cluster as "K8S-Cluster": helm install alpha-1-issue
-cluster->hub: docker pull alpha-1-issue
-hub-->cluster: docker-image
-cluster->cluster: deploy alpha
-cluster-->runner: ok
-runner-->gitlab: ok
-gitlab-->dev: https://alpha.uni-leipzig.de/alpha-1-issue/
-@enduml
\ No newline at end of file