This configuration can be automatically applied to the OpenShift cluster by Argo CD.
- Create ArgoCD
Applicationthat automatically manages existing namespaces on the local cluster
The configuration is provided inside the clusters directory via Helm chart:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cluster-config
spec:
destination:
server: 'https://kubernetes.default.svc'
project: default
source:
path: clusters
repoURL: 'https://github.com/piomin/openshift-cluster-config.git'
targetRevision: HEAD
helm:
valueFiles:
- values-local.yaml
syncPolicy:
automated:
selfHeal: trueWe use the values-local.yaml file to fill Helm template. Here are the current values:
projects:
- name: pminkows-test
managedBy: pminkows-cicd
group: app-owners
- name: pminkows-stage
managedBy: pminkows-cicd
group: app-owners
- name: pminkows-prod
managedBy: pminkows-cicd
group: app-owners
quotas:
pods: '8'
requests.memory: 4Gi
limits.memory: 10Gi
- name: pminkows-cicd
group: app-owners
quotas:
pods: '20'
requests.cpu: '4'
requests.memory: 4Gi
limits.cpu: '20'
limits.memory: 20Gi
default:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 250m
memory: 256Mi- Create ArgoCD
Applicationthat automatically manages components related to the CI/CD process
The configuration is provided inside the cicd directory:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cluster-config
spec:
destination:
server: 'https://kubernetes.default.svc'
project: default
source:
path: cicd
repoURL: 'https://github.com/piomin/openshift-cluster-config.git'
targetRevision: HEAD
syncPolicy:
automated:
selfHeal: true- xxx
Create ArgoCD Application that automatically manages existing operators and CRDs on the local cluster
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cluster-config
spec:
destination:
server: 'https://kubernetes.default.svc'
project: default
source:
path: global
repoURL: 'https://github.com/piomin/openshift-cluster-config.git'
targetRevision: HEAD
helm:
valueFiles:
- values.yaml
syncPolicy:
automated:
selfHeal: trueCreate Argo CD Application for the hub cluster:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cluster-pool-config
spec:
ignoreDifferences:
- group: '*'
kind: Secret
jsonPointers:
- /metadata/labels
destination:
server: 'https://kubernetes.default.svc'
project: default
source:
path: clusterpool/hub
repoURL: 'https://github.com/piomin/openshift-cluster-config.git'
targetRevision: HEAD
syncPolicy:
automated:
selfHeal: trueCreate Argo CD ApplicationSet:
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: apps-generator
namespace: openshift-gitops
spec:
generators:
- git:
directories:
- path: multiapps/config/*
repoURL: 'https://github.com/piomin/openshift-cluster-config.git'
revision: HEAD
template:
metadata:
name: '{{path.basename}}-creator'
spec:
destination:
namespace: '{{path.basename}}'
server: 'https://kubernetes.default.svc'
project: default
source:
helm:
valueFiles:
- 'config/{{path.basename}}/values.yaml'
path: multiapps
repoURL: 'https://github.com/piomin/openshift-cluster-config.git'
targetRevision: HEAD
syncPolicy:
syncOptions:
- CreateNamespace=trueWhy SealedSecret stays in Progressing status:
https://argo-cd.readthedocs.io/en/stable/faq/#why-are-resources-of-type-sealedsecret-stuck-in-the-progressing-state
Use Kustomize for patching resource: https://kubernetes.io/docs/tasks/manage-kubernetes-objects/kustomization/
Secrets with ArgoCD: https://argo-cd.readthedocs.io/en/stable/operator-manual/secret-management/