From 99f0539587fad35bdbf1b16ea4f082757f44b053 Mon Sep 17 00:00:00 2001
From: Thong Kuah <tkuah@gitlab.com>
Date: Thu, 13 Dec 2018 16:23:39 +1300
Subject: Document Auto DevOps secret variables

Cross link from GitLab CI variable doc too

Add note about running pods and updating secrets without any code change
---
 doc/ci/variables/README.md     | 13 ++++++++++
 doc/topics/autodevops/index.md | 55 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 68 insertions(+)

diff --git a/doc/ci/variables/README.md b/doc/ci/variables/README.md
index 209a2c15d90..396fd91174e 100644
--- a/doc/ci/variables/README.md
+++ b/doc/ci/variables/README.md
@@ -249,6 +249,19 @@ the project services that you are using to learn which variables they define.
 An example project service that defines deployment variables is the
 [Kubernetes integration](../../user/project/clusters/index.md#deployment-variables).
 
+## Auto DevOps application variables
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/49056) in GitLab 11.7.
+
+You can configure [Auto DevOps](../../topics/autodevops/index.md) to
+pass CI variables to the running application by prefixing the key of the
+variable with `K8S_SECRET_`.
+
+These [prefixed
+variables](../../topics/autodevops/index.md#application-secret-variables) will
+then be available as environment variables on the running application
+container.
+
 ## Debug tracing
 
 > Introduced in GitLab Runner 1.7.
diff --git a/doc/topics/autodevops/index.md b/doc/topics/autodevops/index.md
index b41f401e14c..b3fd4261711 100644
--- a/doc/topics/autodevops/index.md
+++ b/doc/topics/autodevops/index.md
@@ -673,6 +673,7 @@ also be customized, and you can easily use a [custom buildpack](#custom-buildpac
 | `REVIEW_DISABLED`            | From GitLab 11.0, this variable can be used to disable the `review` and the manual `review:stop` job. If the variable is present, these jobs will not be created. |
 | `DAST_DISABLED`              | From GitLab 11.0, this variable can be used to disable the `dast` job. If the variable is present, the job will not be created. |
 | `PERFORMANCE_DISABLED`       | From GitLab 11.0, this variable can be used to disable the `performance` job. If the variable is present, the job will not be created. |
+| `K8S_SECRET_*`               | From GitLab 11.7, any variable prefixed with `K8S_SECRET_` will be made available by Auto DevOps as environment variables to the deployed application. |
 
 TIP: **Tip:**
 Set up the replica variables using a
@@ -684,6 +685,60 @@ You should *not* scale your application using Kubernetes directly. This can
 cause confusion with Helm not detecting the change, and subsequent deploys with
 Auto DevOps can undo your changes.
 
+### Application secret variables
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/49056) in GitLab 11.7.
+
+Some applications need to define secret variables that are
+accessible by the deployed application. Starting in GitLab
+11.7, Auto DevOps will now detect variables where the key starts with
+`K8S_SECRET_` and make these prefixed variables available to the
+deployed application, as environment variables.
+
+To configure your application variables:
+
+1. Go to your project's **Settings > CI/CD**, then expand the section
+   called **Variables**
+
+2. Create a CI Variable, ensuring the key is prefixed with
+   `K8S_SECRET_`. For example, you can create a variable with key
+`K8S_SECRET_RAILS_MASTER_KEY`.
+
+3. Run an Auto Devops pipeline either by manually creating a new
+   pipeline or by pushing a code change to GitLab.
+
+Auto DevOps pipelines will take your application secret variables to
+populate a Kubernetes secret. This secret is unique per environment.
+When deploying your application, the secret is loaded as environment
+variables in the container running the application. Following the
+example above, you can see the secret below containing the
+`RAILS_MASTER_KEY` variable.
+
+```sh
+$ kubectl get secret production-secret -n minimal-ruby-app-54 -o yaml
+apiVersion: v1
+data:
+  RAILS_MASTER_KEY: MTIzNC10ZXN0
+kind: Secret
+metadata:
+  creationTimestamp: 2018-12-20T01:48:26Z
+  name: production-secret
+  namespace: minimal-ruby-app-54
+  resourceVersion: "429422"
+  selfLink: /api/v1/namespaces/minimal-ruby-app-54/secrets/production-secret
+  uid: 57ac2bfd-03f9-11e9-b812-42010a9400e4
+type: Opaque
+```
+
+NOTE: **Note:**
+Environment variables are generally considered immutable in a Kubernetes
+pod. Therefore, if you update an application secret without changing any
+code then manually create a new pipeline, you will find that any running
+application pods will not have the updated secrets. In this case, you
+can either 1) push a code update to GitLab to force the Kubernetes
+Deployment to recreate pods; or 2) manually delete running pods to
+cause Kubernetes to create new pods with updated secrets.
+
 #### Advanced replica variables setup
 
 Apart from the two replica-related variables for production mentioned above,
-- 
cgit v1.2.1


From 5976b8f7ad71ba15d77682efc318cdd7ca4ab070 Mon Sep 17 00:00:00 2001
From: Thong Kuah <tkuah@gitlab.com>
Date: Mon, 7 Jan 2019 10:00:24 +1300
Subject: Note that multiline variables are not supported

---
 doc/ci/variables/README.md     | 4 ++++
 doc/topics/autodevops/index.md | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/doc/ci/variables/README.md b/doc/ci/variables/README.md
index 396fd91174e..373876050e3 100644
--- a/doc/ci/variables/README.md
+++ b/doc/ci/variables/README.md
@@ -262,6 +262,10 @@ variables](../../topics/autodevops/index.md#application-secret-variables) will
 then be available as environment variables on the running application
 container.
 
+CAUTION: **Caution:**
+Variables with multiline values are not currently supported, due to
+limitations with the current Auto DevOps scripting environment.
+
 ## Debug tracing
 
 > Introduced in GitLab Runner 1.7.
diff --git a/doc/topics/autodevops/index.md b/doc/topics/autodevops/index.md
index b3fd4261711..d2f5498e6eb 100644
--- a/doc/topics/autodevops/index.md
+++ b/doc/topics/autodevops/index.md
@@ -730,6 +730,10 @@ metadata:
 type: Opaque
 ```
 
+CAUTION: **Caution:**
+Variables with multiline values are not currently supported, due to
+limitations with the current Auto DevOps scripting environment.
+
 NOTE: **Note:**
 Environment variables are generally considered immutable in a Kubernetes
 pod. Therefore, if you update an application secret without changing any
-- 
cgit v1.2.1


From a7f6703d9d05a8f396b974ecf2f29555849417db Mon Sep 17 00:00:00 2001
From: Thong Kuah <tkuah@gitlab.com>
Date: Mon, 7 Jan 2019 08:02:39 +0000
Subject: Apply suggestion to doc/ci/variables/README.md

---
 doc/ci/variables/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/ci/variables/README.md b/doc/ci/variables/README.md
index 373876050e3..115385d7906 100644
--- a/doc/ci/variables/README.md
+++ b/doc/ci/variables/README.md
@@ -263,7 +263,7 @@ then be available as environment variables on the running application
 container.
 
 CAUTION: **Caution:**
-Variables with multiline values are not currently supported, due to
+Variables with multiline values are not currently supported due to
 limitations with the current Auto DevOps scripting environment.
 
 ## Debug tracing
-- 
cgit v1.2.1


From f0e8ca59cb5c22d5b80692f1264093125e273cc5 Mon Sep 17 00:00:00 2001
From: Thong Kuah <tkuah@gitlab.com>
Date: Mon, 7 Jan 2019 08:01:51 +0000
Subject: Apply suggestion to doc/topics/autodevops/index.md

---
 doc/topics/autodevops/index.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/doc/topics/autodevops/index.md b/doc/topics/autodevops/index.md
index d2f5498e6eb..61ee272fb8c 100644
--- a/doc/topics/autodevops/index.md
+++ b/doc/topics/autodevops/index.md
@@ -685,7 +685,7 @@ You should *not* scale your application using Kubernetes directly. This can
 cause confusion with Helm not detecting the change, and subsequent deploys with
 Auto DevOps can undo your changes.
 
-### Application secret variables
+#### Application secret variables
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/49056) in GitLab 11.7.
 
@@ -698,7 +698,7 @@ deployed application, as environment variables.
 To configure your application variables:
 
 1. Go to your project's **Settings > CI/CD**, then expand the section
-   called **Variables**
+   called **Variables**.
 
 2. Create a CI Variable, ensuring the key is prefixed with
    `K8S_SECRET_`. For example, you can create a variable with key
@@ -731,7 +731,7 @@ type: Opaque
 ```
 
 CAUTION: **Caution:**
-Variables with multiline values are not currently supported, due to
+Variables with multiline values are not currently supported due to
 limitations with the current Auto DevOps scripting environment.
 
 NOTE: **Note:**
@@ -739,8 +739,8 @@ Environment variables are generally considered immutable in a Kubernetes
 pod. Therefore, if you update an application secret without changing any
 code then manually create a new pipeline, you will find that any running
 application pods will not have the updated secrets. In this case, you
-can either 1) push a code update to GitLab to force the Kubernetes
-Deployment to recreate pods; or 2) manually delete running pods to
+can either push a code update to GitLab to force the Kubernetes
+Deployment to recreate pods or manually delete running pods to
 cause Kubernetes to create new pods with updated secrets.
 
 #### Advanced replica variables setup
-- 
cgit v1.2.1


From e031ced9be55ea5f4ba97dba7a664721462c87c2 Mon Sep 17 00:00:00 2001
From: danielgruesso <dgruesso@gitlab.com>
Date: Mon, 7 Jan 2019 11:30:45 -0500
Subject: Remove release from body and add links

---
 doc/topics/autodevops/index.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/doc/topics/autodevops/index.md b/doc/topics/autodevops/index.md
index 61ee272fb8c..1528f9c2598 100644
--- a/doc/topics/autodevops/index.md
+++ b/doc/topics/autodevops/index.md
@@ -673,7 +673,7 @@ also be customized, and you can easily use a [custom buildpack](#custom-buildpac
 | `REVIEW_DISABLED`            | From GitLab 11.0, this variable can be used to disable the `review` and the manual `review:stop` job. If the variable is present, these jobs will not be created. |
 | `DAST_DISABLED`              | From GitLab 11.0, this variable can be used to disable the `dast` job. If the variable is present, the job will not be created. |
 | `PERFORMANCE_DISABLED`       | From GitLab 11.0, this variable can be used to disable the `performance` job. If the variable is present, the job will not be created. |
-| `K8S_SECRET_*`               | From GitLab 11.7, any variable prefixed with `K8S_SECRET_` will be made available by Auto DevOps as environment variables to the deployed application. |
+| `K8S_SECRET_*`               | From GitLab 11.7, any variable prefixed with [`K8S_SECRET_`](#application-secret-variables) will be made available by Auto DevOps as environment variables to the deployed application. |
 
 TIP: **Tip:**
 Set up the replica variables using a
@@ -690,8 +690,7 @@ Auto DevOps can undo your changes.
 > [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/49056) in GitLab 11.7.
 
 Some applications need to define secret variables that are
-accessible by the deployed application. Starting in GitLab
-11.7, Auto DevOps will now detect variables where the key starts with
+accessible by the deployed application. Auto DevOps detects variables where the key starts with
 `K8S_SECRET_` and make these prefixed variables available to the
 deployed application, as environment variables.
 
-- 
cgit v1.2.1