From ab84369b495ee26d69cc61d37f37a9e31daeeeaf Mon Sep 17 00:00:00 2001
From: Martin Weise <martin.weise@tuwien.ac.at>
Date: Sun, 22 Oct 2023 21:26:56 +0200
Subject: [PATCH] Added stuff

---
 docs/deployment-helm.md                | 65 ++++++++++++++++++++++----
 docs/deployment-kubernetes-azure.md    |  4 +-
 docs/deployment-kubernetes-minikube.md |  2 +-
 3 files changed, 59 insertions(+), 12 deletions(-)

diff --git a/docs/deployment-helm.md b/docs/deployment-helm.md
index a9d4c88..f31fef5 100644
--- a/docs/deployment-helm.md
+++ b/docs/deployment-helm.md
@@ -5,10 +5,9 @@ author: Martin Weise
 ## TL;DR
 
 To install DBRepo in your existing cluster, download the sample [`values.yaml`](https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-deployment/-/raw/master/charts/dbrepo-core/values.yaml?inline=false)
-for your deployment and update the variables `hostname` and `authAdminApiUrl` to your domain.
-
-If you have [Helm](https://helm.sh/docs/intro/install/) already installed on your system, you can
-install DBRepo with:
+for your deployment and update the variables, especially `hostname`. The chart depends on 
+installed [Keycloak Operator](https://www.keycloak.org/operator/installation) that can be installed following the 
+official guide.
 
 ```shell
 helm upgrade --install dbrepo \
@@ -20,9 +19,57 @@ helm upgrade --install dbrepo \
   --cleanup-on-fail
 ```
 
-## Architecture
+## Dependencies
+
+The helm chart depends on four components:
+
+1. [Ingress NGINX Controller](https://kubernetes.github.io/ingress-nginx/) for basic ingress.
+2. [Cert-Manager Controller](https://cert-manager.io/) for TLS certificate management with Let's Encrypt.
+3. [MariaDB Operator](https://github.com/mariadb-operator/mariadb-operator/) for creation of databases.
+4. [Keycloak Operator](https://www.keycloak.org/operator/installation) for creation of the authentication service.
+
+## Configuration before the installation
+
+Define an admin user that the services can use to communicate with 
+the [authentication service](../system-services-authentication). You will need to manually create this user later after
+the installation.
+
+## Configuration after the installation
+
+After installing, get the initial administrator password created by the [Keycloak operator](https://www.keycloak.org/operator/basic-deployment):
+
+```shell
+kubectl -n dbrepo \
+  get \
+  secret \
+  auth-service-initial-admin \
+  -o jsonpath='{.data.password}' | base64 --decode
+```
+
+On success, the output should look like this: `1f5581a01d8e8f47f2dae08cc88f56fd` which is the initial password for the
+user `admin`. This password should be considered as *temporary* and be changed immediately now! Login into 
+the [authentication service](../system-services-authentication) as `admin` and:
+
+1. Create a new user in the `master` realm.
+2. Create credentials (non-temporary) for this user in the `master` realm.
+3. Assign this user the role `admin`.
+4. Delete the user `admin`.
+
+### Backup
+
+tbd
+
+### Restore
+
+tbd
+
+## Limitations
+
+1. MariaDB Galera does not (yet) support XA-transactions required by the authentication service (=Keycloak). Therefore
+   only a single MariaDB pod can be deployed at once for the [auth database](../system-databases-auth).
+
+!!! question "Do you miss functionality? Do these limitations affect you?"
 
-<figure markdown>
-![Architecture Kubernetes Azure](images/architecture-core.svg)
-<figcaption>Architecture of the services on Kubernetes</figcaption>
-</figure>
+    We strongly encourage you to help us implement it as we are welcoming contributors to open-source software and get
+    in [contact](../contact) with us, we happily answer requests for collaboration with attached CV and your programming 
+    experience!
diff --git a/docs/deployment-kubernetes-azure.md b/docs/deployment-kubernetes-azure.md
index f262016..12f0a2e 100644
--- a/docs/deployment-kubernetes-azure.md
+++ b/docs/deployment-kubernetes-azure.md
@@ -17,9 +17,9 @@ with Kubernetes version *1.24.10* and node sizes *Standard_B4ms*
 
 - 4 vCPU cores
 - 16GB RAM memory
-- 100GB SSD storage
+- 200GB SSD storage
 
-This is roughly met by selecting the *Standard_B4ms* flavor.
+This is roughly met by selecting the *Standard_B4ms* flavor and three worker nodes.
 
 ## Deployment
 
diff --git a/docs/deployment-kubernetes-minikube.md b/docs/deployment-kubernetes-minikube.md
index db2d7fc..7c9376c 100644
--- a/docs/deployment-kubernetes-minikube.md
+++ b/docs/deployment-kubernetes-minikube.md
@@ -18,7 +18,7 @@ this is because of Docker. During idle times, the deployment will use significan
 
 - 4 vCPU cores
 - 16GB RAM memory
-- 100GB SSD storage
+- 200GB SSD storage
 
 ### Minikube
 
-- 
GitLab