Draft: starting glossary and ERD

README.md

@@ -1,2 +1,95 @@
-# acme
-"ACM Everywhere" - All of the Platform Infrastructure necessary to bring-up a managed service application
+# ACME
+
+"ACM Everywhere" is a base platform of best practices, best-of-breed components, and common patterns using
+[Advanced Cluster Management's](https://www.redhat.com/en/technologies/management/advanced-cluster-management)
+declarative resource and application management technologies.
+
+Modern service architectures will span clusters and clouds with many different applications deployed across
+environments that must be built, tested, progressively delivered, and supported by live SRE staff. ACMEverywhere helps managed this complexity
+with declarative CRUD (Clusters, Resources, Users, and Deployments) that is infrastructure-as-code and delivered through pipelines.
+
+## Fully Declarative
+
+A live service represents both platform and business logic components. In fact, you have to bootstrap a *lot* of your
+base platform before you can write any business logic that provides value. For example, a service would need, at a minimum, 
+a code repository and a build system, an image repository, some fleet of clusters to deploy to complete with peering and properly secure networking, 
+an Identity Provider to manage access to your clusters, something to orchestrate your deployments throughout your fleet, Vault to manage secrets,
+and more. You haven't gotten to any business logic yet.
+
+### CRUD: Clusters, Resources, Users, Deployments
+
+#### Clusters
+
+CAPI provides the building blocks for declaring a fleet 
+
+`Cluster` - top-level Kind that declares your cluster, its network config, and its control plane and worker nodes.
+
+TODO: Research and Replace with OpenShift/HCP equivalents -- `AWSCluster`, `KubeadmControlPlane`, `MachineDeployment`, `AWSMachineTemplate`. See [example](generated-examples/capi-int-cluster-example.yaml).
+
+`Peering` -- describes relationships and networking between clusters, implemented using such things as VPCs and PrivateLinks and the equivalents across cloud providers.
+
+TODO: Research and define the schema for Peering (app-interface to start and/or community offering)
+
+`CloudAccount` -- cloud accounts own resources, including clusters and cloud resources. 
+
+`ClusterAuthentication` -- a cluster's configured IDP and auth solution
+
+#### Resources
+
+<< Use Radius (or similar plugin architecture) to declare cloud resources (e.g, Postgres in RDS/Aurora/Pod) >>
+
+`CloudResource` -- a resource provided by a hyperscalar. Resources will follow plugins/interfaces/recipes so that a postgres
+database is seamlessly provided by pods, AWS RDS instances, Azure Aurora, or any other flavor desired and implemented.
+
+CloudResources are deployed to specific Namespaces on Clusters 
+
+`CloudAccount` -- cloud accounts own resources, including clusters and cloud resources.
+
+#### Users
+
+`IdentityProvider` -- an IDP secures access to all clusters, resources, and deployments.
+
+`User` -- Users are internal developers, engineers, and other SRE staff who managed the clusters, resources, and deployments.
+
+`Role`, `Permission`, `RoleBinding` -- full RBAC model to authorize Users to perform specific actions across clusters and deployments.
+
+
+#### Deployments
+
+`ImageRegistry` -- an image registry to host container images, such as Quay, ACR, and ECR.
+
+`Build` --  the build system for service development, such as Konflux.
+
+`Repository` -- the repository for project source code, such as GitHub or GitLab.
+
+`Component` -- a specific piece of functionality, such as an individual microservice.
+
+`Application` -- a collection of components create an Application.
+
+`ComponentImageRegistry` -- a image registry configured for a specific component.
+
+`ComponentBuild` -- a build configured for a specific component.
+
+`ComponentRepository` -- a code repository configured for a specific component.
+
+
+## Entity Relationship Diagram
+
+Draft (at best).  Deployment section TDB based on Argo Rollouts.
+
+![ERD](the%20big%20erd.drawio.png )
+
+
+
+
+
+
+
+### Users
+
+<< Explain IAM strategy.  Keycloak, roles, permissions, etc. >>
+
+### Deployments
+
+<< Explain progressive delivery of deployments throughout the fleet with tests, soak time, and metrics >>
+

generated-examples/capi-int-cluster-example.yaml

@@ -0,0 +1,143 @@
+# example generated by gemini
+# integration-cluster.yaml
+---
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: Cluster
+metadata:
+  name: integration-cluster
+  namespace: default # Or your desired namespace
+spec:
+  clusterNetwork:
+    pods:
+      cidrBlocks:
+        - 192.168.0.0/16
+    services:
+      cidrBlocks:
+        - 10.96.0.0/12
+  controlPlaneRef:
+    apiVersion: controlplane.cluster.x-k8s.io/v1beta1
+    kind: KubeadmControlPlane
+    name: integration-cluster-kcp
+  infrastructureRef:
+    apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+    kind: AWSCluster
+    name: integration-cluster-aws
+
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+kind: AWSCluster
+metadata:
+  name: integration-cluster-aws
+  namespace: default
+spec:
+  region: us-east-1 # Change to your desired AWS region
+  sshKeyName: capi-key # Replace with your SSH key pair name in AWS
+  # You might want to define a specific VPC and subnets here,
+  # or let CAPI create them. For simplicity, we let CAPI create.
+  networkSpec:
+    cni:
+      cniPlugin: calico # Or cilium, amazon-vpc-cni, etc.
+    # We will let CAPI create a new VPC and subnets for simplicity.
+    # For production, you might want to reference existing network resources.
+    # vpc:
+    #   id: vpc-xxxxxxxxxxxxxxxxx
+    # subnets:
+    #   - id: subnet-xxxxxxxxxxxxxxxxx
+    #     availabilityZone: us-east-1a
+    #   - id: subnet-xxxxxxxxxxxxxxxxx
+    #     availabilityZone: us-east-1b
+    #   - id: subnet-xxxxxxxxxxxxxxxxx
+    #     availabilityZone: us-east-1c
+---
+apiVersion: controlplane.cluster.x-k8s.io/v1beta1
+kind: KubeadmControlPlane
+metadata:
+  name: integration-cluster-kcp
+  namespace: default
+spec:
+  replicas: 3 # For high availability in a medium-sized cluster
+  version: v1.28.3 # Specify your desired Kubernetes version
+  kubeadmConfigSpec:
+    clusterConfiguration:
+      controllerManager:
+        extraArgs:
+          bind-address: 0.0.0.0
+      scheduler:
+        extraArgs:
+          bind-address: 0.0.0.0
+    initConfiguration:
+      nodeRegistration:
+        kubeletExtraArgs:
+          cloud-provider: aws
+    joinConfiguration:
+      nodeRegistration:
+        kubeletExtraArgs:
+          cloud-provider: aws
+  machineTemplate:
+    infrastructureRef:
+      apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+      kind: AWSMachineTemplate
+      name: integration-cluster-control-plane-machine-template
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+kind: AWSMachineTemplate
+metadata:
+  name: integration-cluster-control-plane-machine-template
+  namespace: default
+spec:
+  template:
+    spec:
+      instanceType: m5.xlarge # Medium size instance type
+      ami:
+        id: ami-0abcdef1234567890 # Replace with a valid CAPI-compatible Kubernetes AMI for your region and K8s version
+      sshKeyName: capi-key # Replace with your SSH key pair name
+---
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: MachineDeployment
+metadata:
+  name: integration-cluster-md-0
+  namespace: default
+spec:
+  clusterName: integration-cluster
+  replicas: 3 # Starting with 3 worker nodes for a medium-sized cluster
+  selector:
+    matchLabels: null
+  template:
+    spec:
+      bootstrap:
+        configRef:
+          apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
+          kind: KubeadmConfigTemplate
+          name: integration-cluster-md-0-kct
+      clusterName: integration-cluster
+      version: v1.28.3 # Must match control plane Kubernetes version
+      infrastructureRef:
+        apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+        kind: AWSMachineTemplate
+        name: integration-cluster-md-0-amt
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+kind: AWSMachineTemplate
+metadata:
+  name: integration-cluster-md-0-amt
+  namespace: default
+spec:
+  template:
+    spec:
+      instanceType: m5.xlarge # Medium size instance type for worker nodes
+      ami:
+        id: ami-0abcdef1234567890 # Replace with a valid CAPI-compatible Kubernetes AMI for your region and K8s version
+      sshKeyName: capi-key # Replace with your SSH key pair name
+---
+apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
+kind: KubeadmConfigTemplate
+metadata:
+  name: integration-cluster-md-0-kct
+  namespace: default
+spec:
+  template:
+    spec:
+      joinConfiguration:
+        nodeRegistration:
+          kubeletExtraArgs:
+            cloud-provider: aws