The GitOps concept originated from Weaveworks back in 2017 and the goal was to automate the operations of a Kubernetes (K8s) system using a model external to the system as the source of truth (History of GitOps).
This repository provides our opinionated point of view on how GitOps
can be used to manage the infrastructure, services and application layers of K8s based systems. It takes into account the various personas interacting with the system and accounts for separation of duties. The instructions and examples are focused around the Red Hat OpenShift platform and IBM Cloud Paks.
The reference architecture for this GitOps workflow can be found here.
Install the OpenShift CLI oc (version 4.7+) . The binary can be downloaded from the Help menu from the OpenShift Console.
oc login --token=<token> --server=<server>
The IBM Entitlement Key
is required to pull IBM Cloud Pak specific container images from the IBM Entitled Registry. To get an entitlement key,
A Secret containing the entitlement key is created in the tools
namespace.
oc new-project tools || true
oc create secret docker-registry ibm-entitlement-key -n tools \
--docker-username=cp \
--docker-password="<entitlement_key>" \
--docker-server=cp.icr.io
infrastructure
, services
and application
layers. Each ArgoCD Application will reference a specific K8s resource (yaml resides in a separate git repository), contain the configuration of the K8s resource, and determine where it will be deployed into the cluster.namespaces
, clusterroles
, clusterrolebindings
, machinesets
to name a few.application
layer. This could include subscriptions
for Operators, YAMLs of custom resources provided, or Helm Charts for tools provided by a third party. These resource would usually be managed by the Administrator(s) and/or a DevOps team supporting application developers.Use this template
button and create a copy of the repository in your new GitHub Organization.
mkdir -p gitops-repos
cd gitops-repos
# Clone using SSH
git clone git@github.com:<GIT_ORG>/multi-tenancy-gitops.git
git clone git@github.com:<GIT_ORG>/multi-tenancy-gitops-infra.git
git clone git@github.com:<GIT_ORG>/multi-tenancy-gitops-services.git
multi-tenancy-gitops
repository by running the provided script ./scripts/set-git-source.sh
script.
cd multi-tenancy-gitops
GIT_ORG=<GIT_ORG> GIT_BRANCH=master ./scripts/set-git-source.sh
git commit -m "Update Git URl and branch references"
git push origin master
ClusterRole
and deploy a default instance of ArgoCD.
oc apply -f setup/ocp47/
while ! oc wait crd applications.argoproj.io --timeout=-1s --for=condition=Established 2>/dev/null; do sleep 30; done
while ! oc wait pod --timeout=-1s --for=condition=Ready -l '!job-name' -n openshift-gitops > /dev/null; do sleep 30; done
oc delete gitopsservice cluster -n openshift-gitops || true
oc delete argocd openshift-gitops -n openshift-gitops || true
oc apply -f setup/ocp47/argocd-instance/ -n openshift-gitops
while ! oc wait pod --timeout=-1s --for=condition=ContainersReady -l app.kubernetes.io/name=openshift-gitops-cntk-server -n openshift-gitops > /dev/null; do sleep 30; done
0-bootstrap
directory. If this is your first usage of the gitops workflow, use the single-cluster
profile and deploy the ArgoCD Bootstrap Application.
GITOPS_PROFILE="0-bootstrap/single-cluster"
oc apply -f ${GITOPS_PROFILE}/bootstrap.yaml
oc get route -n openshift-gitops openshift-gitops-cntk-server -o template --template='https://{{.spec.host}}'
oc extract secrets/openshift-gitops-cntk-cluster --keys=admin.password -n openshift-gitops --to=-
multi-tenancy-gitops
repository in your Git Organization if you have not already done so and select the K8s resources to deploy in the infrastructure and services layers.0-bootstrap
directory. If this is your first usage of the gitops workflow, Use the single-cluster
profile.
GITOPS_PROFILE="0-bootstrap/single-cluster"
Infrastructure
layer kustomization.yaml and un-comment the resources to deploy.Services
layer kustomization.yaml and un-comment the resources to deploy.git add .
git commit -m "initial bootstrap setup"
git push origin
Validation
section in the recipe.