From 562249e9f4cbc9857fee009d007206d1ae70c4a0 Mon Sep 17 00:00:00 2001
From: Florian <flo@meergans.org>
Date: Sun, 19 Oct 2025 20:55:29 +0200
Subject: [PATCH] Added readme

---
 README.md | 75 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 75 insertions(+)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..bced892
--- /dev/null
+++ b/README.md
@@ -0,0 +1,75 @@
+# ops-deployment
+
+This repository contains declarative Kubernetes configurations (deployments, services, persistent volumes) for all application services. Changes are automatically synchronized to the cluster by Flux.
+
+## Structure
+
+Each service directory contains:
+- `deployment.yaml` - Pod specifications, container images, environment variables, volume mounts
+- `service.yaml` - Service exposure (ClusterIP, NodePort)
+- Additional resources as needed (PVCs, ConfigMaps, etc.)
+
+## Workflow
+
+1. **CI/CD Pipeline**: Build process generates new container image
+2. **Automatic Update**: Pipeline commits updated image tag to this repository
+3. **Flux Synchronization**: Flux detects changes and applies to cluster
+4. **Rolling Deployment**: Kubernetes performs rolling update
+
+## Secrets Management
+
+Secrets are managed directly in Kubernetes using `kubectl` or sealed-secrets:
+- Never committed to this repository
+- Mounted as volumes at `/etc/secrets` in containers
+- Referenced via `secretName` in deployment manifests
+
+## Persistent Storage
+
+Services requiring data persistence (MySQL, RabbitMQ) use PersistentVolumeClaims:
+- Storage classes define volume provisioning
+- Data survives pod restarts and redeployments
+- Backups handled separately
+
+## Example Service
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: backend-push-notifications
+  namespace: app-notifications
+spec:
+  replicas: 1
+  template:
+    spec:
+      containers:
+        - name: backend-push-notifications
+          image: ghcr.io/user/service:2
+          ports:
+            - containerPort: 9000
+          volumeMounts:
+            - name: secrets
+              mountPath: /etc/secrets
+              readOnly: true
+      volumes:
+        - name: secrets
+          secret:
+            secretName: backend-push-notifications
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: backend-push-notifications
+spec:
+  selector:
+    app: backend-push-notifications
+  ports:
+    - port: 9000
+      targetPort: 9000
+      nodePort: 30904
+  type: NodePort
+```
+
+## Monitoring
+
+Services expose Prometheus metrics endpoints where applicable, on port 9000 and exposed via NodePort.