How to go from zero to OpenShift cluster using GitOps
GitOps is a declarative approach to application and platform operations that build on Infrastructure as Code (IaC) and emphasizes Git-based processes. OpenShift GitOps, which is based on Argo CD, is commonly used on OpenShift for application continuous delivery and establishing a fleet of clusters based on configurations stored in a set of Git repositories. However, in order to install Argo CD and apply the remainder of the cluster configurations and application installations on top of it, the cluster must first be provisioned and available. Therefore, many cluster admins had been asking for a way to lessen the stairs required for this motive and move from no cluster to an OpenShift cluster this is set up and taken as much as a baseline configuration with apps deployed on pinnacle according to the declared configuration in a Git repository. In this weblog post, we are able to be analyzing this concern and discover approaches that an admin can move from 0 to a baseline OpenShift cluster with the usage of the GitOps workflow.
Using OpenShift Installer
The OpenShift Installer is an interactive CLI that routinely provisions cloud infrastructure on a huge quantity of cloud carriers after which installs the OpenShift Container Platform at the given cloud provider. The OpenShift Installer lets admins declaratively outline diverse factors of the cluster to be set up together with the cloud provider, region, instance/device types, networking, etc.
In addition to customizing the setup technique and the underlying factors of the OpenShift cluster, the OpenShift Installer additionally permits making use of arbitrary sources to the cluster in the course of the setup. This functionality will be used to put in the OpenShift GitOps operator and bootstrap Argo CD a good way to in addition configure the cluster primarily based totally on the declarative configurations which might be to be had in a Git repository.
In order to take gain of the OpenShift Installer for GitOps bootstrapping, run the subsequent command to generate the declarative manifests with the intention to be used in the course of the cluster setup:
$ openshift-install create manifests –dir mycluster
The OpenShift Installer generates the declarative manifests that govern the cloud company infrastructure for putting in the cluster and the cluster infrastructure configurations.
In order to put in the OpenShift GitOps operator, a subscription useful resource is wanted to be introduced to the manifests listing which might train the Operator Lifecycle Manager (OLM) to put in the operator while it’s miles ready.
It’s really well worth noting that the OpenShift installer might observe any appearance this is withinside the manifests listing but as this mechanism is designed for customizations of platform operators, the usage of this listing of putting in non-platform operators (e.g. OpenShift GitOps) is out of the scope of the help for the installer. Red Hat is running to make OpenShift composable in the imminent releases of the OpenShift Container Platform to be able to deliver the admins the capacity to consist of or exclude platform and non-platform (OLM) operators as a part of the setup process.
cat << EOF > mycluster/manifests/gitops-subscription.yaml apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: openshift-gitops-operator namespace: openshift-operators spec: channel: stable name: openshift-gitops-operator source: redhat-operators sourceNamespace: openshift-marketplace EOF
Once the operator is installed, it deploys a default Argo CD example which may be used for bootstrapping the cluster with the aid of using including an Argo CD software aid to the cluster and referring to the Git repository that carries the cluster, offerings, and workload configurations:
cat << EOF > mycluster/manifests/gitops-argocd-app.yaml apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: cluster namespace: openshift-gitops spec: destination: namespace: default server: https://kubernetes.default.svc project: default source: path: cluster/console repoURL: https://github.com/siamaksade/openshift-gitops-getting-started targetRevision: "1.1" syncPolicy: automated: selfHeal: true
It’s really well worth citing that the default Argo CD example does now no longer have cluster-admin privileges for more desirable security. Therefore if needed, extra role bindings must be delivered to the manifests listing withinside the identical way as above to regulate Argo CD privileges for your requirements.
Once the GitOps bootstrapping sources are delivered to the manifests listing, the OpenShift set up CLI can execute to provisioning the cloud infrastructure, defloration OpenShift at the cloud infrastructure after which bootstrap Argo CD if you want to convey the cluster up the baseline configuration exact withinside the referenced Git repository:
$ openshift-install create cluster --dir=sm4
The referenced Git repository may want to comprise extra Argo CD assets and use ApplicationSets in an effort to bootstrap extra Argo CD instances (e.g. namespace-scoped for dev teams) and set up cluster offerings (e.g. Splunk) in addition to workloads at the cluster.
The final result is that when the cluster is mounted, the OpenShift GitOps operator could get mounted on that cluster and could bootstrap Argo CD so as to drag the cluster configurations, cluster offerings, and workloads into the cluster from the supplied Git repository.
Using Red Hat Advanced Cluster Management (pull)
Red Hat Advanced Cluster Management for Kubernetes (RHACM), protected in Red Hat OpenShift Platform Plus, gives stop-to-stop visibility and manages to control Kubernetes clusters. In addition to the capacity to import or create clusters, RHACM gives a declarative API for outlining the OpenShift cluster specification which then might be provisioned on the required infrastructure (public cloud, on-premises, and bare-metal.
You can comply with those steps withinside the RHACM medical doctors to create a cluster from the RHACM dashboard. Alternatively, create a cluster with the usage of the declarative method by including a ClusterClaim aid to the RHACM control cluster (through OpenShift GitOps) which might then kick off cluster provisioning and bring about an OpenShift cluster created primarily based totally on the specs of the of a cluster pool (template).
apiVersion: hive.openshift.io/v1 kind: ClusterClaim metadata: name: mycluster namespace: mypools labels: usage: production spec: clusterPoolName: aws-east
While you may personally construct clusters the use of ClusterDeployment and InstallConfig secrets, the use of a ClusterPool of length 0, is clean to apprehend approach, that embraces each templating and a truthful GitOps integration. By placing the ClusterPool length to 0, no sources are used, till the clusterClaim (for a brand new cluster) is created. The ClusterPool is pre-created via way of means of the Cluster Administrator and may be custom designed in several ways(commands for developing cluster pools). This permits provisioning of clusters via way of means of committing the ClusterClaim to a Git repository being serviced via way of means of OpenShift GitOps. This permits for a clean GitOps flow, wherein know-how and approving the provisioning of clusters the use of Git merge, and evaluating the request, turns into a clean to apprehend task (you’re simply approving a template).
Once the cluster is up and ready, the coverage control skills of RHACM might be taken gain of to put in and configure the OpenShift GitOps operator at the provisioned cluster. The following is an instance coverage that installs the OpenShift GitOps operator and bootstraps the default Argo CD example hooked up via way of means of the operator to drag cluster configurations from a Git repository.
apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 name: gitops-operator namespace: policies spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: gitops-operator spec: object-templates: - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: openshift-gitops-operator namespace: openshift-operators spec: channel: stable name: openshift-gitops-operator source: redhat-operators sourceNamespace: openshift-marketplace - complianceType: musthave objectDefinition: apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: cluster namespace: openshift-gitops spec: destination: namespace: default server: https://kubernetes.default.svc project: default source: path: cluster/console repoURL: https://github.com/siamaksade/openshift-gitops-getting-started targetRevision: "1.1" syncPolicy: automated: selfHeal: true remediationAction: enforce severity: low
In order to use the above coverage in the provisioned cluster, a placement rule and location binding wish to be created in RHACM which might describe the goal of making use of this coverage to the cluster and bring about the set up of the OpenShift GitOps operator and bootstrapping the default Argo CD example on that cluster to tug the cluster configurations, cluster offerings, and workloads into the cluster from the supplied Git repository.
RHACM will find out and show your OpenShift GitOps applications, whether or not they had been deployed the usage of Argo CD at the RHACM cluster, or the OpenShift GitOps operator at the controlled clusters for your fleet. RHACM additionally offers an ApplicationSet wizard, in its console, without difficulty construct Argo CD Applications that focus on exclusive clusters for your fleet and the usage of placement.