Keep Your Openshift Cluster Operators Highly Traceable Using GitOps
See how to keep your Openshift cluster operators highly traceable using GitOps.
Join the DZone community and get the full member experience.Join For Free
Currently, GitOps has become increasingly present in the day-to-day of an SRE. Fast error recovery, Self-documenting deployments, and highly traceable changes are just a few advantages provided in this case.
The core idea is having a Git repository that always contains declarative descriptions of the infrastructure currently desired in the environment and an automated process (ArgoCD) to make the environment match the described state in the repository.
In the next lines, we will focus specifically on objects such as Namespaces, Roles, Operators, etc. The requirements for following the next steps are that you already have the Openshift GitOps Operator installed on your cluster. This operator will install an instance of ArgoCD which is the tool we are going to use to perform the orchestration. If you haven't this tool on your cluster, see how to install it here: https://github.com/redhat-developer/gitops-operator.
We will use the RHPAM Operator as an example. You can learn more about RHPAM here: https://dzone.com/articles/code-ready-containers-getting-started-with-process
The first step is to define a structure that will store the manifests. You can use the following:
Kustomize will be used by ArgoCD to apply the manifests in our cluster. So keep the file very simple:
Now add the file with the "Namespace" name:
Create the "Operator Group" and the "Subscription":
Finally, create the "RoleBinding" with the necessary permissions for the user to access the namespace.
These objects must be stored in a Git repository. For this example, I am using the following repo: https://github.com/msmagnanijr/dzone-gitops-blog
In the Argo CD dashboard, click on the New App button to add a new Argo CD application. Enter the following details and click on Create.
Looking at the Argo CD dashboard, you will notice that the synchronization has already occurred (green) and the objects have already been created in Openshift.
Now go back to the OpenShift Web Console and see that the namespace has been created and the RHPAM operator was installed as expected.
If you go back to ArgoCD dashboard you will be able to know exactly when RHPAM Operator was installed:
Furthermore, see your relationships:
As we have seen, it is a tool with a lot of potentials to achieve great reliability not only for your Operators but for the entire Openshift Cluster.
Opinions expressed by DZone contributors are their own.