#71 Update c3iaas docs
Merged 4 years ago by pbortlov. Opened 4 years ago by pbortlov.
pbortlov/c3i-library missing-docs  into  master

file modified
+20 -20
@@ -5,11 +5,9 @@ 

  or C3IaaS.

  

  ## Onboarding to C3IaaS

+ The access to C3IaaS is limited to `c3iaas-user` role. The definition of `c3iaas-user` role can be found in the [rbac](rbac) directory.

  

- For security reasons, the C3I team restricts the access to C3IaaS jobs only to on-boarded clients.

- 

- A C3I client needs to provide a list of OpenShift users (service accounts) or groups to the C3I team, then the C3I team assigns the `c3iaas-user` role using the following command:

- 

+ The role can be assigned to users and groups using following command:

  ```

  # assign to users

  oc policy add-role-to-user --role-namespace=c3i c3iaas-user mikeb yuxzhu
@@ -18,11 +16,10 @@ 

  oc policy add-role-to-group --role-namespace=c3i c3iaas-user system:serviceaccounts:c3i system:serviceaccounts:c3i-stage

  ```

  

- The definition of `c3iaas-user` role can be found from the `rbac` directory.

+ ## c3iaas-tasks

+ #### c3iaas-request-project

+ This job can be triggered by a C3I user to request a temporary OpenShift project in OpenShift. The projects will be tracked by C3IaaS and they are automatically deleted when expires. There is `c3iaas-cleanup-projects` which ensures that projects don't take resources after the end of life.

  

- ## c3iaas-request-project

- 

- This job can be triggered by a C3I user to request a temporary OpenShift project in OpenShift. That project will be tracked by C3IaaS and is automatically deleted when expires.

  

  To trigger this job, a C3I user can run

  
@@ -32,20 +29,23 @@ 

  

  Following build parameters are supported:

  

- - PROJECT_NAME

- Required, the name of requested OpenShift project, must be prefixed with `c3i-`

+ - PROJECT_NAME - *Required*, the __name of requested OpenShift project__, must be prefixed with `c3i-`

+ 

+ - DELETE_PROJECT_IF_EXISTS - if `true`, delete the project before recreating. *(default: true)*

+ 

+ - ADMIN_USERS - Comma separated __list of OpenShift users__ that will be assigned with the `admin` role.

+ 

+ - ADMIN_GROUPS - Comma separated __list of OpenShift groups__ that will be assigned with the `admin` role.

+ 

+ - VIEW_USERS - Comma separated __list of OpenShift users__ that will be assigned with the `view` role.

  

- - DELETE_PROJECT_IF_EXISTS="true"

- if `true`, delete the project before recreating.

+ - VIEW_GROUPS - Comma separated __list of OpenShift groups__ that will be assigned with the `view` role.

  

- - ADMIN_USERS

- Comma separated list of OpenShift users that will be assigned with the `admin` role.

+ - EDIT_USERS - Comma separated __list of OpenShift users__ that will be assigned with the `edit` role.

  

- - ADMIN_GROUPS

- Comma separated list of OpenShift groups that will be assigned with the `admin` role.

+ - EDIT_GROUPS - Comma separated __list of OpenShift groups__ that will be assigned with the `edit` role. *(default: "system:authenticated")*

  

- - VIEW_USERS

- Comma separated list of OpenShift users that will be assigned with the `view` role.

+ - LIFETIME_IN_MINUTES - __Number of minutes__ which will specify the life time of the project. The project is deleted after this time. *(default: 30, max: 1440 minutes = 1 day)*

  

- - VIEW_GROUPS="system:authenticated"

- Comma separated list of OpenShift groups that will be assigned with the `view` role.

+ #### c3iaas-cleanup-projects

+ This job ensures that non of the expired projects take resources. The job is triggered evey 6 minutes.

  • update c3iaas request project parameters
  • add note about c3iaas cleanup

rebased onto 2fe0775

4 years ago

rebased onto 5b0e8c5

4 years ago

rebased onto 4ee51d4

4 years ago

rebased onto e5b4563

4 years ago

rebased onto ccf1257

4 years ago

rebased onto 36a4067

4 years ago

Pull-Request has been merged by pbortlov

4 years ago