docs(docs): Add some basic documentation for applications

615bc7a5 · Sheogorath · 797843c9 · 615bc7a5 · 615bc7a5 · 615bc7a5
Verified Commit 615bc7a5 authored 1 year ago by Sheogorath
--- a/docs/src/SUMMARY.md
+++ b/docs/src/SUMMARY.md
@@ -12,6 +12,10 @@
  - [GitOps](concepts/gitops.md)
  - [SRE](concepts/sre.md)
  - [Ingress Termination](concepts/ingress-termination.md)
+- [Apps](apps/README.md)
+  - [Blog](apps/blog.md)
+  - [Keycloak](apps/keycloak.md)
+  - [Mastodon](apps/mastodon.md)
 - [Infrastructure Components](components/README.md)
  - [calico](components/calico.md)
  - [cert-manager](components/cert-manager.md)

--- a/docs/src/apps/README.md
+++ b/docs/src/apps/README.md
+# Apps
+This category lists software that is used to provide Services around the Shivering-Isles infrastructure.
\ No newline at end of file
--- a/docs/src/apps/blog.md
+++ b/docs/src/apps/blog.md
+# Blog
+The [Shivering-Isles blog](https://shivering-isles.com) is a simple nginx image, that was infused with a built of the [jekyll-based blog content](https://git.shivering-isles.com/shivering-isles/blog).
+Besides being a static blog, it also houses the .well-known directory, that handles the [Web Key Directory](https://datatracker.ietf.org/doc/draft-koch-openpgp-webkey-service/) for the Shivering-Isles. Additionally it delegates Matrix and [Mastodon](./mastodon.md) to their respective services, allowing to use `shivering-isles.com` as domain for user identities.
--- a/docs/src/apps/images/authentication-config.png
+++ b/docs/src/apps/images/authentication-config.png
--- a/docs/src/apps/keycloak.md
+++ b/docs/src/apps/keycloak.md
@@ -2,6 +2,17 @@
 In the Shivering-Isles Infrastructure Keycloak is the central identity provider. It allows users to manage their sessions and provides Multi-Factor authentication for all services.
-The Keycloak instance is usually referred to as "SI-Auth". The Shivering-Isles realm contains the user-base. The Keycloak system realm, called "Master,"  administrates the Shivering-Isles realm.
+The Keycloak instance is usually referred to as ["SI-Auth"](https://auth.shivering-isles.com). The Shivering-Isles realm contains the user-base. The Keycloak system realm, called "Master,"  administrates the Shivering-Isles realm.
 While the Shivering-Isles realm is accessible over the internet, allowing easy access and authentication from everywhere in the world, the "master" realm is only accessible through the local-network administration endpoint. This reduces the risk of a take over, even if an attacker compromises credentials.
+## Authentication configuration
+To allow Multi-Factor-Authentication (MFA) a copy of the web browser flow was adjusted to account for WebAuthn and TOTP-based MFA.
+![Keycloak flow with both TOTP and WebAuthn as MFA options.](images/authentication-config.png)
+The official keycloak documentation describes the basics to [set up WebAuthn as MFA flow](https://www.keycloak.org/docs/latest/server_admin/index.html#_webauthn-authenticator-setup).
+While Passwordless authentication is prepared to be rolled out, some experimentation showed that the authentication flow becomes too complex.
--- a/docs/src/apps/mastodon.md
+++ b/docs/src/apps/mastodon.md
+# Mastodon
+Mastodon is the Fediverse software run in the Shivering-Isles infrastructure. It is currently running as a single-user instance.
\ No newline at end of file
--- a/docs/src/concepts/sre.md
+++ b/docs/src/concepts/sre.md
@@ -16,4 +16,13 @@ A good start is this small video Series by Google:
 <iframe width="100%" height="480" src="https://www.youtube-nocookie.com/embed/?listType=playlist&list=PLIivdWyY5sqJrKl7D2u-gmis8h9K66qoj" frameborder="0" allow="autoplay; encrypted-media" allowfullscreen></iframe>
 Further there is the [Google SRE book](https://sre.google/sre-book/introduction/) as recommended read.
\ No newline at end of file
+Service Level Objectives
+---
+All public facing apps should have an Service Level Objective (SLO). The most basic SLOs for web apps are the availability and latency measured throught the ingress controller. [An examples for an SLO definitions is the Shivering-Isles blog.](https://git.shivering-isles.com/shivering-isles/infrastructure-gitops/-/blob/797843c960f82a1974e2c3b632f0d45e5de9d6fe/apps/k8s01/blog/slo.yaml)
+Apps that provide more insight via metrics, can have app-specific SLOs to optimise for user impacting situations, that aren't covered by basic web metrics. [An example is the sidekiq SLO for Mastodon.](https://git.shivering-isles.com/shivering-isles/infrastructure-gitops/-/blob/797843c960f82a1974e2c3b632f0d45e5de9d6fe/apps/k8s01/mastodon/slo.yaml#L9-21)
+The actual objectives in the Shivering-Isles infrastructure are often relatively low around 95 percent.
\ No newline at end of file