From 5380ea63b401b6adc1cf6bd1344f75ec030e1bf4 Mon Sep 17 00:00:00 2001
From: Mikhail Goncharov <goncharov.mikhail@gmail.com>
Date: Fri, 28 Aug 2020 13:08:40 +0200
Subject: [PATCH] docs about machine config and ingress

---
 .../buildkite-premerge-debian/pre-checkout    |  2 +
 docs/development.md                           | 38 +++++++++++++++++++
 docs/playbooks.md                             | 15 ++++++++
 3 files changed, 55 insertions(+)

diff --git a/containers/buildkite-premerge-debian/pre-checkout b/containers/buildkite-premerge-debian/pre-checkout
index 9a7b0c1..1b505d4 100755
--- a/containers/buildkite-premerge-debian/pre-checkout
+++ b/containers/buildkite-premerge-debian/pre-checkout
@@ -17,4 +17,6 @@
 # checked out from your SCM provider
 
 set -e
+# Convert https://github.com/llvm-premerge-tests/llvm-project.git -> llvm-project
+# to use the same directory for fork and origin.
 BUILDKITE_BUILD_CHECKOUT_PATH="${BUILDKITE_BUILD_PATH}/$(echo $BUILDKITE_REPO | sed -E "s#.*/([^/]*)#\1#" | sed "s/.git$//")"
\ No newline at end of file
diff --git a/docs/development.md b/docs/development.md
index 728e3d0..142a8d3 100644
--- a/docs/development.md
+++ b/docs/development.md
@@ -2,6 +2,10 @@
 - [Phabricator integration](#phabricator-integration)
 - [Buildkite pipelines](#buildkite-pipelines)
 - [Life of a pre-merge check](#life-of-a-pre-merge-check)
+- [Cluster parts](#cluster-parts)
+  * [Ingress and public addresses](#ingress-and-public-addresses)
+  * [Linux agents](#linux-agents)
+  * [Windows agents](#windows-agents)
 - [Enabled projects and project detection](#enabled-projects-and-project-detection)
 - [Agent machines](#agent-machines)
 - [Compilation caching](#compilation-caching)
@@ -82,6 +86,40 @@ branches older than 30 days.
 builds and tests changes on Linux and Windows agents. Then it uploads a
 combined result to Phabricator.
 
+# Cluster parts
+
+## Ingress and public addresses
+
+https://build.llvm-merge-guard.org/ URL points to [phabricator
+proxy](../phabricator-proxy) application.
+
+We use NGINX ingress for Kubernetes and Let's Encrypt certificate manager.
+Follow up to date docs to install [reverse
+proxy](https://kubernetes.github.io/ingress-nginx/deploy/#gce-gke) and
+[certificate
+manager](http://docs.cert-manager.io/en/latest/getting-started/install/kubernetes.html).
+
+Access to the service is restricted with basic HTTP auth. It's configured with
+k8s secret 'http-auth' in 'buildkite' namespace (see [how to update
+auth](playbooks.md#update-http-auth-credentials))
+
+llvm-merge-guard.org domain is managed by [Google
+Domains](https://domains.google.com/).
+
+## Linux agents
+
+- docker image [buildkite-premerge-debian](../containers/buildkite-premerge-debian).
+
+- [Kubernetes manifests](../kubernetes/buildkite).
+
+## Windows agents
+
+- docker image [agent-windows-buildkite](../containers/agent-windows-buildkite).
+
+- VMs are manually managed and updated, use RDP to access.
+
+- there is an 'windows development' VM to do Windows-related development.
+
 # Enabled projects and project detection
 
 To reduce build times and mask unrelated problems, we're only building and
diff --git a/docs/playbooks.md b/docs/playbooks.md
index 842b016..a572a19 100644
--- a/docs/playbooks.md
+++ b/docs/playbooks.md
@@ -8,6 +8,7 @@
   * [Testing scripts locally](#testing-scripts-locally)
   * [Custom environment variables](#custom-environment-variables)
   * [Testing changes before merging](#testing-changes-before-merging)
+- [Update HTTP auth credentials](#update-http-auth-credentials)
 - [Phabricator integration](#phabricator-integration)
   * [Herald](#herald)
   * [Harbormaster](#harbormaster)
@@ -199,6 +200,20 @@ It's recommended to test even smallest changes before committing them to the `ma
    `scripts_branch="my-feature"` (see also "Custom environment variables" for other options above). To test "premerge-tests" pipeline pick an existing build and copy parameters from it, omitting "ph_target_phid", namely: "ph_build_id", "ph_buildable_diff", "ph_buildable_revision", "ph_initiator_phid" and "scripts_branch" variables.
 1. Wait for build to complete and maybe attach a link to it to your PR.
 
+# Update HTTP auth credentials
+
+To update e.g. buildkite http-auth:
+```shell script
+kubectl get secret http-auth -n buildkite -o yaml
+# base64 decode it's data to 'auth'.
+echo <data/auth from yaml> | base64 --decode > auth
+# add / update passwords
+htpasswd -b auth <user> <pass> 
+# update secret
+kubectl delete secret http-auth -n buildkite
+kubectl create secret generic http-auth -n buildkite --from-file=./auth
+```
+
 # Phabricator integration
 
 The general flow for builds on Phabricator is: