GitOps/ArgoCD configuration for managing OpenShift clusters and apps running there
This configuration can be automatically applied to the OpenShift cluster by Argo CD.
Application
that automatically manages existing namespaces on the local clusterThe configuration is provided inside the clusters
directory via Helm chart:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cluster-config
spec:
destination:
server: 'https://kubernetes.default.svc'
project: default
source:
path: clusters
repoURL: 'https://github.com/piomin/openshift-cluster-config.git'
targetRevision: HEAD
helm:
valueFiles:
- values-local.yaml
syncPolicy:
automated:
selfHeal: true
We use the values-local.yaml
file to fill Helm template. Here are the current values:
projects:
- name: pminkows-test
managedBy: pminkows-cicd
group: app-owners
- name: pminkows-stage
managedBy: pminkows-cicd
group: app-owners
- name: pminkows-prod
managedBy: pminkows-cicd
group: app-owners
quotas:
pods: '8'
requests.memory: 4Gi
limits.memory: 10Gi
- name: pminkows-cicd
group: app-owners
quotas:
pods: '20'
requests.cpu: '4'
requests.memory: 4Gi
limits.cpu: '20'
limits.memory: 20Gi
default:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 250m
memory: 256Mi
Application
that automatically manages components related to the CI/CD processThe configuration is provided inside the cicd
directory:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cluster-config
spec:
destination:
server: 'https://kubernetes.default.svc'
project: default
source:
path: cicd
repoURL: 'https://github.com/piomin/openshift-cluster-config.git'
targetRevision: HEAD
syncPolicy:
automated:
selfHeal: true
Create ArgoCD Application
that automatically manages existing operators and CRDs on the local cluster
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cluster-config
spec:
destination:
server: 'https://kubernetes.default.svc'
project: default
source:
path: global
repoURL: 'https://github.com/piomin/openshift-cluster-config.git'
targetRevision: HEAD
helm:
valueFiles:
- values.yaml
syncPolicy:
automated:
selfHeal: true
Create Argo CD Application
for the hub cluster:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cluster-pool-config
spec:
ignoreDifferences:
- group: '*'
kind: Secret
jsonPointers:
- /metadata/labels
destination:
server: 'https://kubernetes.default.svc'
project: default
source:
path: clusterpool/hub
repoURL: 'https://github.com/piomin/openshift-cluster-config.git'
targetRevision: HEAD
syncPolicy:
automated:
selfHeal: true
Create Argo CD ApplicationSet
:
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: apps-generator
namespace: openshift-gitops
spec:
generators:
- git:
directories:
- path: multiapps/config/*
repoURL: 'https://github.com/piomin/openshift-cluster-config.git'
revision: HEAD
template:
metadata:
name: '{{path.basename}}-creator'
spec:
destination:
namespace: '{{path.basename}}'
server: 'https://kubernetes.default.svc'
project: default
source:
helm:
valueFiles:
- 'config/{{path.basename}}/values.yaml'
path: multiapps
repoURL: 'https://github.com/piomin/openshift-cluster-config.git'
targetRevision: HEAD
syncPolicy:
syncOptions:
- CreateNamespace=true
Why SealedSecret
stays in Progressing status:
https://argo-cd.readthedocs.io/en/stable/faq/#why-are-resources-of-type-sealedsecret-stuck-in-the-progressing-state
Use Kustomize for patching resource: https://kubernetes.io/docs/tasks/manage-kubernetes-objects/kustomization/
Secrets with ArgoCD: https://argo-cd.readthedocs.io/en/stable/operator-manual/secret-management/