README.md

Core Services and Configuration

Only core-services/secrets folder is applied to the cluster api.ci.

Except user secret management, no services are running on api.ci.

All directories should contain OWNERS and README.md files. This is enforced by make check locally and by the ci/prow/core-valid check on pull requests.
Config is applied to the cluster using the applyconfig tool. The tool applies all YAML files under your service subdirectory. Subdirectories are searched recursively and directories with names starting with _ are skipped. All YAML filenames should follow the following convention:
- All admin resources should be in admin_*.yaml files
- Names of YAML files that should not be applied to the cluster should start with _.
- The remaining YAML files are considered "standard" resources.
applyconfig applies files in lexicographical order. In the case when some resources need to be created before others, this needs to be reflected by the naming of the files (e.g. by including a numerical component).
The config-updater service account in the ci namespace must have permissions to apply all standard resources.
Destination namespaces should always be specified within a manifest, never rely on a currently set OpenShift project.
All ConfigMaps need to be set up for automated updates by the config-updater Prow plugin.

There are two types of configuration: resources and ConfigMaps.

Everything is automatically applied to the cluster by a prow postsubmit after each PR is merged, and also periodically.
ConfigMaps are automatically updated by the config-updater Prow plugin, configured in its config.yaml file. Additionally, they are periodically synced by a Prow job.

Resources can be created by make core, provided the user has rights to perform all necessary actions
ConfigMaps can be manually created by the config-bootstrapper tool.

Additionally, the applyconfig can be used directly. See its README.md for more details.