This repository contains an implementation of Red Hat GitOps (GitOps, ArgoCD) for managing the deployment of Red Hat OpenStack Services on OpenShift (RHOSO).
WARNING: This repository is provided as a Developer Preview for testing environments only, before all features have been implemented and tested. Therefore, some functionality may be absent, incomplete, or not work as expected, and is subject to change until the official release. Red Hat encourages customers to use the Developer Preview release to provide feedback.
In your kustomization.yaml and related resources, make sure to use
a fixed reference ?ref=VALUE, where VALUE is a hash or a tag.
We provide a light playbook to facilitate the operator deployment and subsequent ArgoCD instance configuration.
Read the playbook documentation.
- Create the namespace, operatorgroup and subscription:
oc apply -k openshift-gitops.deploy/subscribe
- Ensure that the namespace is present:
oc get namespace openshift-gitops
- Configure the RBAC and ArgoCD instance:
oc apply -k openshift-gitops.deploy/enable
- Ensure that the ArgoCD instance is running:
oc -n openshift-gitops get argocd/openshift-gitops
HashiCorp Vault is used to store secrets, and VaultStaticSecret are used to pull those secrets into OCP.
Procedure
- Create the subscription using ArgoCD:
oc apply -f applications/vault-secrets-operator.yaml
Links
We’re using sync-waves annotations for specific jobs and actions.
The range -20;20 is reserved.
TBD
Installs the foundational OpenStack operators required for the deployment. Covers Installation Documentation Chapter 1 and part of Installation Documentation Chapter 2
- Namespaces:
openstack,openstack-operators - Operator Subscription: OpenStack operator from Red Hat CDN
- RBAC: Install plan approver service account and roles
- Job:
approve-openstack-installplanto "imperatively" accept theinstall_plancreated byOLMand wait for its completion.
Creates the main OpenStack custom resource that defines the overall OpenStack deployment configuration. Covers Installation Documentation Chapter 1.
- OpenStack CR: Primary configuration object in
openstack-operatorsnamespace
Create underlying networks for controlplane and dataplane. Covers Installation Documentation Chapter 3.
- 3.2.1. Preparing RHOCP with isolated network interfaces: for
NodeNetworkConfigurationPoliciesresources - 3.2.2. Attaching service pods to the isolated networks: for
NetworkAttachmentDefinitionsresources - 3.2.3. Preparing RHOCP for RHOSO network VIPS for
L2AdvertisementsandIPAdrressPoolresources - 3.3. CREATING THE DATA PLANE NETWORK: for
NetConfigresources
Deploys and configures OpenStackControlPlane resource. Covers Installation Documentation Chapter 4
OpenStackControlPlane
Deploys and configures the OpenStack data plane nodes. Covers Installation Documentation Chapter 5
OpenStackDataPlaneNodeSetOpenStackDataPlaneDeployment
Dependencies such as MetalLB, NMState and Cert-Manager are not deployed nor managed using ArgoCD Application yet.
Secrets are to be stored within a secure service, such as HashiCorp Vault, and never in Git. Our main focus for now is on the RHOSO application slicing, we will provide an ArgoCD Application definition later.
Provides the base for IPAddressPool, L2Advertisement, NetworkAttachementDefinition, NetConfig NodeNetworkConfigurationPolicy and OpenStackControlPlane on a 3-master OCP cluster.
The CR are extracted from the RHOSO official documentation
Provides the base for the OpenStackDataplaneNodeSet and OpenStackDataPlaneDeployment.
The CRs are extracted from the RHOSO official documentation
These annotations enable ArgoCD to determine the order that resources are created for the whole RHOSO cloud. Learn more about sync-waves
Example usage
- Directly within the Application definition:
apiVersion: argoproj.io/v1alpha1 kind: Application metadata: # [...] spec: project: "default" source: repoURL: "..." targetRevision: "..." path: "..." kustomize: components: - https://github.com/openstack-k8s-operators/gitops/components/argocd/annotations?ref=TAG
- From within an overlay or base:
apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization components: - https://github.com/openstack-k8s-operators/gitops/components/argocd/annotations?ref=TAG # [...]