Add missing docs

Related-Prod: PRODX-3456
Change-Id: I2b9cfa4b31793db7f4bf9799c736910b1604fbe0

docs/architecture/rockoon-admission.md

@@ -0,0 +1,19 @@
+# OpenStack Controller Admission
+
+The [CustomResourceDefinition](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/)
+resource in Kubernetes uses the [OpenAPI Specification version 2](https://swagger.io/specification/v2/) to specify the schema of
+the resource defined. The Kubernetes API outright rejects the resources that do not pass this schema validation.
+
+The language of the schema, however, is not expressive enough to define a specific validation logic that may be needed for a given
+resource. For this purpose, Kubernetes enables the extension of its API with Dynamic Admission Control.
+
+For the OpenStackDeployment (OsDpl) CR the ValidatingAdmissionWebhook is a natural choice. It is deployed as part of OpenStack Controller
+in dedicated deployment by default and performs specific extended validations when an `OpenStackDeployment` CR is created or updated.
+
+The inexhaustive list of additional validations includes:
+
+ - Deny the OpenStack version downgrade
+ - Deny the OpenStack version skip-level upgrade
+ - Deny the OpenStack master version deployment
+ - Deny upgrade to the OpenStack master version
+ - Deny deploying invalid configuration

docs/architecture/rockoon/configuration.md

@@ -0,0 +1,85 @@
+# Configuration
+
+The OpenStack Controller enables you to modify its configuration at runtime without restarting. MOSK stores the controller configuration
+in the `openstack-controller-config` `ConfigMap` in the osh-system namespace of your cluster.
+
+To retrieve the OpenStack Controller configuration `ConfigMap`, run:
+
+```bash
+kubectl get configmaps openstack-controller-config -o yaml
+```
+
+Example of OpenStackController configuration
+
+```yaml
+apiVersion: v1
+data:
+  extra_conf.ini: |
+    [maintenance]
+    respect_nova_az = false
+kind: ConfigMap
+metadata:
+  annotations:
+    openstackdeployments.lcm.mirantis.com/skip_update: "true"
+  name: openstack-controller-config
+  namespace: osh-system
+```
+
+```ini
+[osctl]
+# The number of seconds to wait for all component from application becomes ready
+wait_application_ready_timeout = 1200
+
+# The number of seconds to sleep between checking application ready attempts
+wait_application_ready_delay = 10
+
+# The amount of time to wit for flapping node
+node_not_ready_flapping_timeout = 120
+
+[helmbundle]
+# The number of seconds to wait for values set in manifest are propagated to child objects.
+manifest_enable_timeout = 600
+
+# The number of seconds between attempts to check that values were applied.
+manifest_enable_delay = 10
+
+# The number of seconds to wait for values are removed from manifest and propagated to child objects.
+manifest_disable_timeout = 600
+
+# The number of seconds between attempts to check that values were removed from release.
+manifest_disable_delay = 10
+
+# The number of seconds to wait for kubernetes object removal
+manifest_purge_timeout = 600
+
+# The number of seconds between attempts to check that kubernetes object is removed
+manifest_purge_delay = 10
+
+# The number of seconds to pause for helmbundle changes
+manifest_apply_delay = 10
+
+# The number of seconds to run for helm command
+helm_cmd_timeout = 120
+
+[maintenance]
+# number of instances to migrate concurrently
+instance_migrate_concurrency = 1
+
+# max number of compute nodes we allow to update in parallel
+nwl_parallel_max_compute = 30
+
+# max number of gateway nodes we allow to update in parallel
+nwl_parallel_max_gateway = 1
+
+# respect nova AZs, when set to true parallel update is allowed only for computes in same AZ
+respect_nova_az = True
+
+# flag to skip instance check on host before proceeding with node removal. By default is False
+# which means that node removal will be blocked unless at least 1 instance exists on host.
+ndr_skip_instance_check = False
+
+# flag to skip volume check on host before proceeding with node removal. By default is False
+# which means that node removal will be blocked unless at least 1 volume exists on host.
+# Volume is tied to specific host only for LVM backend.
+ndr_skip_volume_check = False
+```

docs/architecture/rockoon/custom-images.md

@@ -0,0 +1,24 @@
+# Customize images
+
+OpenStack Controller has default built in images that were verified against different
+production configurations. However it may be needed to inclide additional patches
+into openstack code or 3rd party software.
+
+OpenStack images are built with help of [Loci](https://github.com/openstack/loci).
+Please refer to its documentation to get more detail about build process.
+
+To inject a custom image create configmap with `<openstackdeployment-name>-artifacts` name
+in `openstack` namespace and folling data structure:
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: osh-dev-artifacts
+  namespace: openstack
+data:
+  caracal: |
+    libvirt: docker-dev-kaas-virtual.mcp.mirantis.com/general/libvirt:6.0.0-focal-20221028120749
+  antelope: |
+    libvirt: docker-dev-kaas-virtual.mcp.mirantis.com/general/libvirt:6.0.0-focal-20221028120749
+```

docs/architecture/rockoon/overview.md

@@ -0,0 +1,17 @@
+# OpenStack Controller
+
+`OpenStack controller` is running as a deployment in Kubernetes with multiple
+subcontrollers that are running as dedicated containers in the deployment.
+Each subcontroller 
+
+
+| <div style="width:150px">Container</div> | Description                                                                          |
+| ------------------------ | ------------------------------------------------------------------------------------ |
+| `osdpl`                  | The core subcontroller that handles changes of `OpenStackDeployment` object          |
+| `secrets`                | Subcontroller that provides data excange between different components                |
+| `health`                 | Subcontroller that constantly watching for OpenStack health and reporting its status |
+| `node`                   | Subcontroller that watches for `Node` object                                         |
+| `nodemaintenancerequest` | Subcontroller that provides integration with Kubernetes lifecycle management         |
+| `ceph-secrets`           | Subcontroller that provides integration with `Ceph` storage                          |
+| `osdplstatus`            | Subcontroller responsible for status reporting                                       |
+| `tf-secrets`             | Subcontroller that provides integration with TungstenFabric                          |

tox.ini

@@ -50,6 +50,12 @@ deps =
     -r{toxinidir}/docs/requirements.txt
 commands = mkdocs build -d docs_build
 
+[testenv:dev-docs]
+envdir = {toxworkdir}/docs
+deps =
+    -r{toxinidir}/docs/requirements.txt
+commands = mkdocs serve
+
 [testenv:releasenotes]
 envdir = {toxworkdir}/docs
 deps=