Skip to content

Commit

Permalink
Merge pull request #70 from stakater/update-del-dev
Browse files Browse the repository at this point in the history
update docs to follow divio
  • Loading branch information
AsfaMumtaz authored Jun 2, 2023
2 parents 1510a93 + 7dd1741 commit ff92df5
Show file tree
Hide file tree
Showing 135 changed files with 543 additions and 395 deletions.

This file was deleted.

This file was deleted.

13 changes: 0 additions & 13 deletions content/for-delivery-engineers/ci-pipelines/tekton/bot-account.md

This file was deleted.

This file was deleted.

Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# GitOps structure
# Stakater opinionated GitOps structure

We manage GitOps with two different kinds of repository with different purpose enlisted below:

Expand Down Expand Up @@ -64,6 +64,8 @@ Inside `argocd-apps` folder, there are multiple clusters defined. Each cluster h
└── README.md
```

![Apps-GitOps-Structure](images/apps-gitops-config-structure.png)

## Structure of Infra GitOps Config

In each cluster folder there are folders containing resource for particular cluster. These include resources that are cluster scoped or don't belong to application tenant. It is further divided into 2 kinds of folders:
Expand Down
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@

SAAP Pipelines requires secrets for CI/CD workflow. Following are the secrets used, along with their usage details.

## nexus-helm-auth-forked
## nexus-helm-auth

**Purpose:** nexus-helm-auth-forked secret is used in CI pipeline to push and pull helm charts from private nexus registry hosted on the cluster. This secret contains credentials for a machine-user to login into the registry.
**Purpose:** nexus-helm-auth secret is used in CI pipeline to push and pull helm charts from private nexus registry hosted on the cluster. This secret contains credentials for a machine-user to login into the registry.

**Owner:** Stakater

Expand All @@ -20,9 +20,9 @@ SAAP Pipelines requires secrets for CI/CD workflow. Following are the secrets us

**Stored in:** Keeper

## nexus-docker-auth-forked
## nexus-docker-auth

**Purpose:** nexus-docker-auth-forked secret is used in CI pipeline to push and pull docker images from private nexus registry hosted on the cluster. This secret contains credentials for a machine-user to login into the registry.
**Purpose:** nexus-docker-auth secret is used in CI pipeline to push and pull docker images from private nexus registry hosted on the cluster. This secret contains credentials for a machine-user to login into the registry.

**Owner:** Stakater

Expand All @@ -38,9 +38,9 @@ SAAP Pipelines requires secrets for CI/CD workflow. Following are the secrets us

**Stored in:** Keeper

## git-auth-forked
## git-auth

**Purpose:** git-auth-forked secret is used in CI pipeline. It's purpose is to clone git repositories into workspaces that are used in pipeline steps to perform any defined action. The secret contains a token that has access to defined user and repository permission (fine-grained token).
**Purpose:** git-auth secret is used in CI pipeline. It's purpose is to clone git repositories into workspaces that are used in pipeline steps to perform any defined action. The secret contains a token that has access to defined user and repository permission (fine-grained token).

**Owner:** Stakater

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# Types of Environments

There are three type of environments for each tenant:

1. Sandbox Environment
1. CI/CD Environments
1. Other Environments

## 1. Sandbox Environment

A dedicated namespace in cluster for developer in the cluster for every member of the specific tenant, that will also be preloaded with any selected templates and consume the same pool of resources from the tenants quota creating safe remote dev namespaces that teams can use as scratch namespace for rapid prototyping and development. So, every developer gets a Kubernetes-based cloud development environment that feel like working on localhost. These environments are not present in our GitOps structure, they are deployed by `Multi Tenant Operator` if enabled in `Tenant` specification.

## 2. CI/CD Environments

There are three CI/CD environments per tenant

The CI/CD Environments are special Environments that are part of CI/CD workflow. There are 3 kinds of CI/CD environments:

1. Build - Build environment contains all Tekton pipeline configurations/resources like *pipeline,eventlistener,pipelinrun* etc. These pipelines respond to changes in Application/Service source repositories. This environment is used for running pipelines of tenant applications.

1. Preview - Preview environment contains all preview application deployments. As soon as there is a new PR in application, pipeline creates new environment to test this PR. Each PR is deployed in separate namespace.

1. Development - The dynamic test environment is automatically deleted and the Helm manifests are pushed to first permanent application environment i.e. `dev` by the CI pipeline when the pull request is merged.

## 3. Other Environments

There are applications environments like *qa,staging,pre-prod,prod* etc other than CI/CD environment. Application promotion in other environments is done manually by creating a PR to the GitOps repo which includes the:

- bumping of the helm chart version in `Chart.yaml` and
- bumping image tag version in helm values in `values.yaml`
175 changes: 0 additions & 175 deletions content/for-delivery-engineers/gitops/environments.md

This file was deleted.

10 changes: 0 additions & 10 deletions content/for-delivery-engineers/gitops/github.md

This file was deleted.

8 changes: 0 additions & 8 deletions content/for-delivery-engineers/gitops/gitlab.md

This file was deleted.

Original file line number Diff line number Diff line change
@@ -1,10 +1,9 @@
# Configure Repository Secret for ArgoCD

We need to add secret in ArgoCD namespace that will allow read access over the `apps-gitops-config` repository created in previous section.
## GitHub

## Configure token or SSH keys
### Configure token or SSH keys

You need to configure token or SSH based access over the `apps-gitops-config` repository.
Use the following links:

- For token access
Expand All @@ -29,7 +28,9 @@ By properly configuring the permissions and access levels for the PAT, you can e
- [`Add SSH Public key to your GitHub Account`](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account) or [`Add Deploy Key to your Repository`](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys)
*Note: A deploy key is specific to a single repository and cannot be used for multiple repositories whereas, a single SSH key can be used for multiple repositories.*

## Create a Secret with Token or SSH key
## Kubernetes

### Create a Kubernetes Secret with Token or SSH key

Create a Kubernetes Secret in ArgoCD namespace with repository credentials. Each repository secret must have a url field and, depending on whether you connect using HTTPS, SSH, username and password (for HTTPS), sshPrivateKey (for SSH).

Expand Down Expand Up @@ -75,7 +76,9 @@ stringData:
Login to the ArgoCD UI. Click `Setting` from left sidebar, then `Repositories` to view connected repositories.
> Make sure connection status is successful

![`ArgoCD-repositories`](images/ArgoCD-repositories.png)
![`ArgoCD-repositories`](../images/ArgoCD-repositories.png)

### Create an External Secret

> Ask stakater-admin or user belonging to `customer-root-tent` to add this secret via Vault and External Secrets to ArgoCD namespace.

Expand All @@ -88,7 +91,7 @@ If connection status is failed, hover over the ❌ adjacent to `Failed` to view
> Related GitHub Issue: [here](https://github.com/argoproj/argo-cd/issues/7723)

If you see the following error. Check `argocd-ssh-known-hosts-cm` config map in ArgoCD namespace to verify that public key for repository server is added as `ssh_known_hosts`.
![`ArgoCD-repo-connection-ssh-issue`](images/ArgoCD-repo-connection-ssh-issue.png)
![`ArgoCD-repo-connection-ssh-issue`](../images/ArgoCD-repo-connection-ssh-issue.png)

Some known hosts public keys might be missing in `argocd-ssh-known-hosts-cm` for older ArgoCD versions, Find full list of public keys against repository server [here](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#ssh-known-host-public-keys).
> Note: If the error persists, contact **Stakater Support** to review it.
Loading

0 comments on commit ff92df5

Please sign in to comment.