Documentation and Administrative changes (README.md and OWNERS)

OWNERS

@@ -4,6 +4,7 @@ approvers:
   - durandom
   - tumido
   - HumairAK
+  - Gregory-Pereira
 
 reviewers:
   - hemajv

README.md

@@ -28,6 +28,7 @@ Available Commands:
   enable-monitoring Enable monitoring for a Kubernetes namespace
   grant-access      Grant a group access to a namespace
   help              Help about any command
+  onboard           Creates Groups, Namespaces, and Roles for a new Operate First project
 
 Flags:
   -a, --app-name string   application name (default "cluster-scope")
@@ -47,7 +48,10 @@ Usage:
   opfcli create-group group [flags]
 
 Flags:
-  -h, --help                 help for create-project
+  -h, --help                  help for create-project
+  -d, --display-name          short team description for easy identification of project
+  -n                          do not set a limitrange on this project
+  -u, --users                 comma seperated list of users to add to the group
 ```
 
 ### create-project
@@ -76,7 +80,7 @@ Global Flags:
 ## enable-monitoring
 
 ```
-Enable monitoring fora Kubernetes namespace.
+Enable monitoring for a Kubernetes namespace.
 
 This will add a RoleBinding to the target namespace that permits
 Prometheus to access certain metrics about pods, services, etc.
@@ -103,6 +107,107 @@ Flags:
   -h, --help   help for grant-access
 ```
 
+### Onboard
+```
+Onboard everything necesary for a new application into the Operate-first environment.
+
+Creates the necesary groups, namespaces and roles, for a new project from a deployment file. Has been set up with git ops from the Operate-first/support repository, so one can raise an Onboarding-to-cluster issue and onboard that way.
+
+The onboard command expects an onboarding file, which is setup to work by default with the webhook in operate-first/support. This webhook passes in some necesary and optional parameters:
+  Necesary:
+    - Team Name
+    - Desired Project Names / Namespaces
+    - Project Description
+    - Target Cluster and Environment
+  Optional:
+    - Namespace Quota
+    - Custom Quota (per namespace)
+    - Users to add to group created
+
+For more information on this, see the onboarding template in operate-first/support docs: https://github.com/operate-first/support/blob/main/.github/ISSUE_TEMPLATE/onboarding_to_cluster.yaml
+
+The onboard command works on a configuration file which replicates the onboarding to cluster issue template listed above. This is an example of a valid configuration file using every option. Bellow each component will be discussed.
+
+```
+env: MOC
+namespaces:
+  - enable_monitoring: false
+    name: testproject
+    quota: testquota
+    disable_limit_range: false
+    project_display_name: testprojectdisplayname
+    custom_quota:
+      limits.cpu: '28'
+      requests.cpu: '28'
+      limits.memory: 32Gi
+      requests.memory: 32Gi
+      requests.storage: 100Gi
+      count/objectbucketclaims.objectbucket.io: 1
+project_description: This is the configuration for a sample project / app to onboard
+target_cluster: Smaug
+team_name: testgroup
+users:
+  - testing_gh_handle_1
+  - testing_gh_handle_2
+
+```
+
+### $target_cluster and $env
+
+Values for `$target_cluster` can be obtained by running:
+```
+kustomize build https://github.com/operate-first/apps/acm/overlays/moc/infra/managedclusters?ref=master | yq e -N '.metadata.name' -
+```
+  - Requires: [yq](https://github.com/mikefarah/yq#install) and [kustomize](https://kubectl.docs.kubernetes.io/installation/kustomize/)
+Similarly values for `$env`:
+
+```
+curl -sX GET https://api.github.com/repos/operate-first/apps/contents/argocd/overlays/moc-infra/applications/envs | yq e '.[].name' -
+```
+  - Requires: [yq](https://github.com/mikefarah/yq#install)
+
+NOTE: the `opfcli` is made for use in `operate-first/apps` which is why these urls are either `curl`ed or used in kustomize build.
+
+If you cannot install `kustomize` and or `yq`, our last known options for `$env` and `$target_cluster` are as follows:
+
+- env: `moc`
+  - target_cluster: `smaug`
+  - target_cluster: `infra`
+- env: `osc`
+  - target_cluster: `osc-cl1`
+- env: `emea`:
+  - target_cluster: `rick`
+  - target_cluster: `morty`
+  
+However be aware that things change in Operate-First, and this might be out of date. If you cannot figure it out, [open an  onboarding to cluster issue](https://github.com/operate-first/support/issues/new?assignees=first-operator&labels=kind%2Fonboarding%2Carea%2Fcluster&template=onboarding_to_cluster.yaml&title=NEW+PROJECT%3A+%3Cname%3E) and discuss this there in `operate-first/support` or contact and operater.
+
+### Namespace-Scoped Configurations
+
+1. `quota`s: Quota's are optional values that refer to names common of [ResourceQuotas in `operate-first/apps`](https://github.com/operate-first/apps/tree/master/cluster-scope/components/resourcequotas). They limit the resources able to be used in a specific namespace.
+
+2. `custom_quota`s: Custom quotas are optional configurations for a custom `ResourceQuota` to be used in a namespace. The values of a custom quota reflect those of our resourcequotas defined per namespace in operate-first/apps [see example](https://github.com/operate-first/apps/blob/master/cluster-scope/base/core/namespaces/sandbox/resourcequota.yaml).
+  - If a valid `quota` is selected but a `custom_quota` is also defined in your configuration file, it will default to creating the namespace using the `custom_quota`.
+  - All values are optional in a `custom_quota`.
+  - `custom_quota` options: `[limits.cpu, requests.cpu, limits.memory, requests.memroy, requests.storage, count/objectbucketclaims.objectbucket.io]`
+
+3. `disable_limit_range`: All requests to create and modify resources in Openshift are evaluated against each `LimitRange` object in the project. If the resource violates any of the enumerated constraints, the resource is rejected. Setting `disable_limit_range` to `true`, creates a namespace without the [operate-first default limit range](https://github.com/operate-first/apps/blob/master/cluster-scope/components/limitranges/default/limitrange.yaml).
+
+4. `display_project_name`: display-names in openshift are user-defined strings which provide an alternative, more human readable way to refer to a namespace. For more information on this checkout the [openshift docs](https://docs.openshift.com/online/pro/architecture/core_concepts/projects_and_users.html#projects) on projects.
+
+### Users
+
+For people familair with operate-first/apps we no longer use GPG keys to create access. We instead add GitHub handles to certain groups, and the group gets linked to a namespace through the `openshift.io/requester` `annotation` in the namespace resource.
+
+
+Usage:
+  opfcli onboard <file-path>
+
+Flags:
+  -d, --display-name    provide a shorter name to use to refer to the project in openshift
+  -n, --no-limitrange   Do not set a resource limitrange on this project
+
+```
+
 Use "opfcli [command] --help" for more information about a command.
 
 ## Configuration