//// Purpose ------- Capture information about how to use the deployed and related systems. Recommended to primarily be workflow diagrams, possible with labeled and annotated steps. Examples -------- * Continues Integration and Continues Deployment/Delivery processes * DeclarativeOps / GitOps processes * Update/Upgrade processes * Self service processes, - EX: create a CR for a custom operator to create a new namespace and attach it to the correct team RBAC. //// [id="processes_{context}"] = Processes == Cluster Lifecycle === Install New clusters are installed using the ROSA cli and bootstrap scripts. === Upgrades 2 minor version (e.g. 4.14 => 4.16) upgrades per year with weekly patches. Weekly pathes all on he same day to ensure all stages are on the same patch version. == Secure Software Development Lifecycle // GitHub Enterprise, Nexus, === Ordering a Namespace To order a namespace, users need a LeanIX number, which is an asset inventory tracking system akin to a configuration management database [CMDB]. The LeanIX number is entered into a ServiceNow ticket along with the target stage (non-prod or prod), and a name. Naming of namespaces follows a `--` convention. image::order-ns.png[Process of ordering a namespace visualised. Adapted from workshop notes.] The namespcae is created according to a project template. Upon creation, RBAC role bindings are created and an in-house operator creates a GitOps repository on GitHub. The namespace creation itself is not yet gitopsed. To begin using the GitOps repository, developers need to copy paste a secret value from OpenShift to GitHub. === Increasing Resource Quotas Self-service === Releasing and deploying Software image::release.png[Process of releasing, and deploying software to a cluster visualised. Adapted from workshop notes.] === Ordering managed services === Managing vulnerabilities CVEs ACS, gatekeeper, RBAC admission ACS default policy set + a few custom ones No security quality gates File integrity & compliance operators decomissioned. === Debugging === End-User Training The HCP team has created training courses on the internal IT academy learning platform that focus on {@cust} specific processes and technologies. The courses are adapted to different levels of know-how and range from read + click, to screen casts, and homework project-based trainings. === Conculsions Overall, the processes owned by the HCP team seem to be designed to make the developer experience as frictionless as possible. Based on the imformation shared, the time required for developers to go from zero to production seems significantly shorter than the average when compared to other Red Hat customers. The targeted, on-demand training offering is especially impressive and far exceeds what average customers offer their end-users.