This repository configures different OpenShift clusters that I use regularly.
This repository uses Kustomize to configure all the necessary Kubernetes resources.
However, I use the .yml extensions for Kustomization files rather than the standard .yaml extension as a personal preference.
The clusters directory contains configuration for each cluster.
See Bootstrapping a cluster to get started with a new cluster.
Once bootstrapped, an Argo CD Application will be automatically created for each directory (except for bootstrap) under each cluster directory using an ApplicationSet.
Therefore, for each component a cluster will want to use, a subdirectory is created with a kustomization.yml file.
This Kustomization should use the equivalent component directory as a base before implementing any cluster-specific configuration.
The base cluster subdirectory contains a Kustomization file which includes all the individual components in order to allow the configuration of the cluster as a whole to be tested in CI.
The infra directory contains various pieces of configuration. These are typically sourced from external, shared repositories and could be omitted here and sourced remotely in the cluster configurations. However, I have still included them here in case there are any personal modifications I would like to make that could be shared amongst all my clusters.
- Install the openshift-gitops & sealed-secrets operators. The process has been simplified with the following command.
cluster=homelab oc apply -k clusters/$cluster/bootstrap/0-operators - Once the operators are installed, configure the ArgoCD instance and, optionally, the shared sealed secrets key.
oc apply -k clusters/$cluster/bootstrap/1-gitops-instancenamespace=sealed-secrets label=sealedsecrets.bitnami.com/sealed-secrets-key # deactivate existing active secrets oc get secrets -n "$namespace" -l "$label=active" -o name | xargs -I{} oc label -n "$namespace" {} "$label-" # add shared secrets as the active cert # NOTE: ensure they are labelled as the active cert oc apply -f <secret> # delete controller to pick up new secret oc -n "$namespace" delete pod -l name=sealed-secrets-controller
NOTE: If you opt not to use a shared sealed secrets key you will need to regenerate all sealed secrets for the cluster in question.
- Once Argo CD & Sealed Secrets are configured, create the ArgoCD applications.
Argo CD will now configure the rest of the cluster, and manage itself and its applications.
oc apply -k clusters/$cluster/bootstrap/2-gitops
| Cluster | Description |
|---|---|
| homelab | Configuration for my homelab cluster |
| rhpds-demo-gitops-cicd | Configuration for setting up the GitOps & CI/CD demo on an RHPDS Open Environment cluster |
| Component | Description |
|---|---|
| acm | Installs & configures Red Hat Advanced Cluster Management (Note: out of date) |
| gitops | Configures the ArgoCD Applications for cluster configuration |
| image-registry | Configures the Image Registry Operator |
| namespace-config | Installs the Namespace Configuration Operator |
| nfs-provisioner | Installs the NFS Subdir External Provisioner |
| oauth | Configures OpenShift OAuth identity providers |
| openshift-gitops-instance | Configures the cluster-wide ArgoCD instance |
| openshift-gitops-operator | Installs OpenShift GitOps |
| openshift-pipelines | Installs OpenShift Pipelines |
| sealed-secrets | Installs Sealed Secrets |
| user-workload-monitoring | Enables User Workload Monitoring in the cluster monitoring stack (Note: out of date) |