openshift-cluster-config
GitOps/ArgoCD configuration for managing OpenShift clusters and apps running there
Demo for OpenShift Cluster Configuration 
This configuration can be automatically applied to the OpenShift cluster by Argo CD.
Scenario 1: CI/CD on the local cluster
- Create ArgoCD
Applicationthat automatically manages existing namespaces on the local cluster
The configuration is provided inside the clusters directory via Helm chart:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cluster-config
spec:
destination:
server: 'https://kubernetes.default.svc'
project: default
source:
path: clusters
repoURL: 'https://github.com/piomin/openshift-cluster-config.git'
targetRevision: HEAD
helm:
valueFiles:
- values-local.yaml
syncPolicy:
automated:
selfHeal: true
We use the values-local.yaml file to fill Helm template. Here are the current values:
projects:
- name: pminkows-test
managedBy: pminkows-cicd
group: app-owners
- name: pminkows-stage
managedBy: pminkows-cicd
group: app-owners
- name: pminkows-prod
managedBy: pminkows-cicd
group: app-owners
quotas:
pods: '8'
requests.memory: 4Gi
limits.memory: 10Gi
- name: pminkows-cicd
group: app-owners
quotas:
pods: '20'
requests.cpu: '4'
requests.memory: 4Gi
limits.cpu: '20'
limits.memory: 20Gi
default:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 250m
memory: 256Mi
- Create ArgoCD
Applicationthat automatically manages components related to the CI/CD process
The configuration is provided inside the cicd directory:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cluster-config
spec:
destination:
server: 'https://kubernetes.default.svc'
project: default
source:
path: cicd
repoURL: 'https://github.com/piomin/openshift-cluster-config.git'
targetRevision: HEAD
syncPolicy:
automated:
selfHeal: true
- xxx
Scenario 2: Install and Configure Operators on the local cluster
Create ArgoCD Application that automatically manages existing operators and CRDs on the local cluster
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cluster-config
spec:
destination:
server: 'https://kubernetes.default.svc'
project: default
source:
path: global
repoURL: 'https://github.com/piomin/openshift-cluster-config.git'
targetRevision: HEAD
helm:
valueFiles:
- values.yaml
syncPolicy:
automated:
selfHeal: true
Scenario 3 - Interconnect/ClusterPool
Create Argo CD Application for the hub cluster:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cluster-pool-config
spec:
ignoreDifferences:
- group: '*'
kind: Secret
jsonPointers:
- /metadata/labels
destination:
server: 'https://kubernetes.default.svc'
project: default
source:
path: clusterpool/hub
repoURL: 'https://github.com/piomin/openshift-cluster-config.git'
targetRevision: HEAD
syncPolicy:
automated:
selfHeal: true
Scenario 4 - Multi Apps
Create Argo CD ApplicationSet:
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: apps-generator
namespace: openshift-gitops
spec:
generators:
- git:
directories:
- path: multiapps/config/*
repoURL: 'https://github.com/piomin/openshift-cluster-config.git'
revision: HEAD
template:
metadata:
name: '{{path.basename}}-creator'
spec:
destination:
namespace: '{{path.basename}}'
server: 'https://kubernetes.default.svc'
project: default
source:
helm:
valueFiles:
- 'config/{{path.basename}}/values.yaml'
path: multiapps
repoURL: 'https://github.com/piomin/openshift-cluster-config.git'
targetRevision: HEAD
syncPolicy:
syncOptions:
- CreateNamespace=true
Why SealedSecret stays in Progressing status:
https://argo-cd.readthedocs.io/en/stable/faq/#why-are-resources-of-type-sealedsecret-stuck-in-the-progressing-state
Use Kustomize for patching resource: https://kubernetes.io/docs/tasks/manage-kubernetes-objects/kustomization/
Secrets with ArgoCD: https://argo-cd.readthedocs.io/en/stable/operator-manual/secret-management/