diff --git a/Readme.md b/Readme.md index 11146e6a67ebb0a9fae8c028eebce698cf37bcc3..b6545b12585321afb6f443db11808a8b22d73dbd 100644 --- a/Readme.md +++ b/Readme.md @@ -91,7 +91,7 @@ $ deployer undeploy \ * `--service-account`: this is the name of the service-account, that is used to perform the deployment. This string is provided by the k8s-admin * `--name`: sets the name of the deployment. * `--charts`: sets the path where the helm-charts reside. -* `--values`: overrides the values from `Values.yaml` in the helm-charts with values in the specified YAML file. May be provided multiple times. +* `--values`: overrides the values from `Values.yaml` in the helm-charts with values in the specified YAML file. May be provided multiple times. * `--set`: overrides the values from `Values.yaml` in the helm-charts. Provide multiple `--set`-options if you want to provide multiple overrides. * `--set-string`: overrides the values from `Values.yaml` in the helm-charts as string. Provide multiple `--set-string`-options if you want to provide multiple overrides. @@ -103,3 +103,27 @@ $ deployer undeploy \ * `--namespace`: sets the k8s-namespace where the deployment is located. This string is provided by the k8s-admin. * `--service-account`: this is the name of the service-account, that is used to perform the deployment. This string is provided by the k8s-admin * `--name`: sets the name of the deployment. + +# Assumptions + +This tool makes a few assumptions in order to simplify usage respecting the workflow and cluster-configuration principals if University Library Leipzig + +## One service account per namespace + +Namespaces are used to separate a project deployment from another. Each namespace is unique per project per deployment i.e. *website-alpha*, *website-staging* and *website-production*. + +The rights of a service account are bound to a namespace, therefore each namespace has its own service account which is allowed to apply deployments in it. + +By this we are able to publish the credentials of uncritical deployments such as *alpha* and *staging* to developers, so they can independently deploy their features. The credentials of critical deployments such as *production* are restricted to maintainers which are held responsible for their deployments. + +## One Tiller per namespace + +*Tiller* - the service component of *Helm* - is deployed in each namespace so they are independent from each other. Also *Tiller* is using the service account of the namespace to create deployments, so that a user can modify or interact with the deployments by using the service accounts credentials. + +## Helmchart location + +Each project consists of one or more applications which are deployed together in the projects deployment-environment. Each application is responsible for its own components and defines it via helm charts located in the application repository. For consistency this folders should be named `helmchart`. + +[Workflow of University Library of Leipzig]: https://git.sc.uni-leipzig.de/ubl/git-test/wikis/home +[Advanced Configuration]: #Advanced-Configuration +[Docker-Hub]: https://hub.docker.com/u/ubleipzig/dashboard/ \ No newline at end of file diff --git a/docs/deployenv.md b/docs/deployenv.md deleted file mode 100644 index e9f386dc0e57feb6b6f01374ba2332110a304673..0000000000000000000000000000000000000000 --- a/docs/deployenv.md +++ /dev/null @@ -1,33 +0,0 @@ -# create deploy environment - -consists of -* _namespace_: where will all services be deployed -* _service account_: which account will deploy the services - -## install via helm - -assuming the service-account name is "testuser" and the namespace is "testns" - -``` -$ helm install k8s-admin/deployenv/ \ - --wait \ - --name test-deployenv \ - --set saName=testuser \ - --set namespace=testns \ -``` -_will create a service account *testuser* in namespace *testns*. the helm install-name is *test-deployenv*_ - -# remove serviceaccount - -``` -$ helm delete --purge test-deployenv -``` - -_will remove namespace service account, role and rolebinding for helm-install *test-deployenv*_ - -# retrieve bearer token for service account - -``` -$ export ns=testns -$ export user=testuser -$ kubectl --namespace $ns get secret $(kubectl --namespace ${ns} get serviceaccount $user -o jsonpath={.secrets[0].name}) -o jsonpath={.data.token} \ No newline at end of file diff --git a/docs/workflow.wsd b/docs/workflow.wsd deleted file mode 100644 index 35206e9ff3880673f727b250f6e7e975ffd2a117..0000000000000000000000000000000000000000 --- a/docs/workflow.wsd +++ /dev/null @@ -1,18 +0,0 @@ -@startuml "Deploy Alpha" -"Developer" as dev -> "Gitlab" as gitlab: commit:1-issue -gitlab -> "CI-Runner" as runner: build image -runner->runner: docker build -runner-->gitlab: ok (docker-image) -gitlab->runner: publish image -runner->hub as "Docker-Hub": docker push alpha-1-issue -hub-->runner: ok -runner-->gitlab: ok -gitlab->runner: deploy -runner->cluster as "K8S-Cluster": helm install alpha-1-issue -cluster->hub: docker pull alpha-1-issue -hub-->cluster: docker-image -cluster->cluster: deploy alpha -cluster-->runner: ok -runner-->gitlab: ok -gitlab-->dev: https://alpha.uni-leipzig.de/alpha-1-issue/ -@enduml \ No newline at end of file