From 408781d376c16067511f82f6ab9b8a4880815554 Mon Sep 17 00:00:00 2001 From: Bart Zhang <60352611+bazhang87@users.noreply.github.com> Date: Tue, 15 Mar 2022 21:43:46 -0500 Subject: [PATCH 1/6] Update README.md --- README.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/README.md b/README.md index 7892c5e..7f39ec0 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,28 @@ Click on Argo CD from the OpenShift Web Console application launcher and then lo In the current Git repository, the [cluster](cluster/) directory contains OpenShift cluster configurations such as an OpenShift Web Console customization as well as namespaces that should be created. Let's configure Argo CD to recursively sync the content of the [cluster](cluster/) directory to the OpenShift cluster. Initially, we can set the sync policy to manual in order to be able to review changes before rolling out configurations to the cluster. +Before we create an application which will be able to properly sync, we will need to modify the argocd-default-cluster-config secret to include the following key-value pair: clusterResources: true, which tells argocd that it's allowed to manage resources outside its own namespace. We will also need to include an environment variable for the operator subscription to give our ArgoCD deployment visibility to resources outside of the openshift-operators namespace. + +![Argo CD](https://user-images.githubusercontent.com/3875338/144000902-850e8115-489f-4101-939c-324fd737a65f.png) + +``` +$ > oc get subscriptions.operators.coreos.com argocd-operator + +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + name: argocd + namespace: argocd +... + +spec: + channel: preview + config: + env: + - name: ARGOCD_CLUSTER_CONFIG_NAMESPACES + value: openshift-operators +``` + In the Argo CD dashboard, click on the **New App** button to add a new Argo CD application that syncs a Git repository containing cluster configurations with the OpenShift cluster. Enter the following details and click on **Create**. From 4d4006cbcaaaf6ee633b4b8dd5a420ea07bbd883 Mon Sep 17 00:00:00 2001 From: Bart Zhang <60352611+bazhang87@users.noreply.github.com> Date: Tue, 15 Mar 2022 21:46:48 -0500 Subject: [PATCH 2/6] Update README.md --- README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 7f39ec0..f17be4f 100644 --- a/README.md +++ b/README.md @@ -45,12 +45,13 @@ Click on Argo CD from the OpenShift Web Console application launcher and then lo In the current Git repository, the [cluster](cluster/) directory contains OpenShift cluster configurations such as an OpenShift Web Console customization as well as namespaces that should be created. Let's configure Argo CD to recursively sync the content of the [cluster](cluster/) directory to the OpenShift cluster. Initially, we can set the sync policy to manual in order to be able to review changes before rolling out configurations to the cluster. -Before we create an application which will be able to properly sync, we will need to modify the argocd-default-cluster-config secret to include the following key-value pair: clusterResources: true, which tells argocd that it's allowed to manage resources outside its own namespace. We will also need to include an environment variable for the operator subscription to give our ArgoCD deployment visibility to resources outside of the openshift-operators namespace. - +Before we create an application which will be able to properly sync, we will need to modify the argocd-default-cluster-config secret to include the following key-value pair: ```clusterResources: true```, which tells argocd that it's allowed to manage resources outside its own namespace. ![Argo CD](https://user-images.githubusercontent.com/3875338/144000902-850e8115-489f-4101-939c-324fd737a65f.png) +We will also need to include an environment variable for the operator subscription to give our ArgoCD deployment visibility to resources outside of the openshift-operators namespace. This can be accomplished by either navigating to Installed Operators > Openshift GitOps > Subscription > Actions > Edit Subscription to edit the subscription yaml to include the environment variable within the Openshift web console or directly via the command line. + ``` -$ > oc get subscriptions.operators.coreos.com argocd-operator +$ > oc edit subscriptions.operators.coreos.com argocd-operator apiVersion: operators.coreos.com/v1alpha1 kind: Subscription @@ -67,7 +68,7 @@ spec: value: openshift-operators ``` -In the Argo CD dashboard, click on the **New App** button to add a new Argo CD application that syncs a Git repository containing cluster configurations with the OpenShift cluster. +Once we have properly configured our ArgoCD deployment to be able to view and manage resources outside of the namespace it is deployed to, we'll begin to deploy ArgoCD managed applications. In the Argo CD dashboard, click on the **New App** button to add a new Argo CD application that syncs a Git repository containing cluster configurations with the OpenShift cluster. Enter the following details and click on **Create**. From 2d3f47f029f8f3c729cec060f9b3a4143178b3ba Mon Sep 17 00:00:00 2001 From: Bart Zhang <60352611+bazhang87@users.noreply.github.com> Date: Tue, 15 Mar 2022 21:47:57 -0500 Subject: [PATCH 3/6] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f17be4f..ed217ca 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ In the current Git repository, the [cluster](cluster/) directory contains OpenSh Before we create an application which will be able to properly sync, we will need to modify the argocd-default-cluster-config secret to include the following key-value pair: ```clusterResources: true```, which tells argocd that it's allowed to manage resources outside its own namespace. ![Argo CD](https://user-images.githubusercontent.com/3875338/144000902-850e8115-489f-4101-939c-324fd737a65f.png) -We will also need to include an environment variable for the operator subscription to give our ArgoCD deployment visibility to resources outside of the openshift-operators namespace. This can be accomplished by either navigating to Installed Operators > Openshift GitOps > Subscription > Actions > Edit Subscription to edit the subscription yaml to include the environment variable within the Openshift web console or directly via the command line. +We will also need to include an environment variable for the operator subscription to give our ArgoCD deployment visibility to resources outside of the ```openshift-operators``` namespace. This can be accomplished by either navigating to ```Installed Operators > Openshift GitOps > Subscription > Actions > Edit Subscription``` in order to edit the subscription yaml to include the environment variable within the Openshift web console or directly via the command line. ``` $ > oc edit subscriptions.operators.coreos.com argocd-operator @@ -68,7 +68,7 @@ spec: value: openshift-operators ``` -Once we have properly configured our ArgoCD deployment to be able to view and manage resources outside of the namespace it is deployed to, we'll begin to deploy ArgoCD managed applications. In the Argo CD dashboard, click on the **New App** button to add a new Argo CD application that syncs a Git repository containing cluster configurations with the OpenShift cluster. +Once we have properly configured our ArgoCD deployment to be able to view and manage resources outside of the namespace it is deployed to, we'll begin to deploy our example applications to ArgoCD. In the Argo CD dashboard, click on the **New App** button to add a new Argo CD application that syncs a Git repository containing cluster configurations with the OpenShift cluster. Enter the following details and click on **Create**. From f870bb0f55c8fafbb69583944783fe69be02d3a7 Mon Sep 17 00:00:00 2001 From: Bart Zhang <60352611+bazhang87@users.noreply.github.com> Date: Tue, 15 Mar 2022 21:49:06 -0500 Subject: [PATCH 4/6] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ed217ca..ae683ab 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ In the current Git repository, the [cluster](cluster/) directory contains OpenSh Before we create an application which will be able to properly sync, we will need to modify the argocd-default-cluster-config secret to include the following key-value pair: ```clusterResources: true```, which tells argocd that it's allowed to manage resources outside its own namespace. ![Argo CD](https://user-images.githubusercontent.com/3875338/144000902-850e8115-489f-4101-939c-324fd737a65f.png) -We will also need to include an environment variable for the operator subscription to give our ArgoCD deployment visibility to resources outside of the ```openshift-operators``` namespace. This can be accomplished by either navigating to ```Installed Operators > Openshift GitOps > Subscription > Actions > Edit Subscription``` in order to edit the subscription yaml to include the environment variable within the Openshift web console or directly via the command line. +We will also need to include an environment variable for the operator subscription to give our ArgoCD deployment visibility to resources outside of the ```openshift-operators``` namespace. This can be accomplished by either navigating to ```Installed Operators > Openshift GitOps > Subscription > Actions > Edit Subscription``` within the Openshift web console in order to edit the subscription yaml to include the environment variable. Alternatively, you can modify the Openshift GitOps operator subscription directly via the command line. ``` $ > oc edit subscriptions.operators.coreos.com argocd-operator From 95ec3e27ac63c4149a6b20a02df46a08270fda45 Mon Sep 17 00:00:00 2001 From: Bart Zhang <60352611+bazhang87@users.noreply.github.com> Date: Wed, 16 Mar 2022 11:45:57 -0500 Subject: [PATCH 5/6] Update README.md --- README.md | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ae683ab..da934ca 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ In the current Git repository, the [cluster](cluster/) directory contains OpenSh Before we create an application which will be able to properly sync, we will need to modify the argocd-default-cluster-config secret to include the following key-value pair: ```clusterResources: true```, which tells argocd that it's allowed to manage resources outside its own namespace. ![Argo CD](https://user-images.githubusercontent.com/3875338/144000902-850e8115-489f-4101-939c-324fd737a65f.png) -We will also need to include an environment variable for the operator subscription to give our ArgoCD deployment visibility to resources outside of the ```openshift-operators``` namespace. This can be accomplished by either navigating to ```Installed Operators > Openshift GitOps > Subscription > Actions > Edit Subscription``` within the Openshift web console in order to edit the subscription yaml to include the environment variable. Alternatively, you can modify the Openshift GitOps operator subscription directly via the command line. +We will also need to include an environment variable for the operator subscription to give our ArgoCD deployment visibility to resources outside of the ```openshift-operators``` namespace. This can be accomplished by either navigating to ```Installed Operators > Openshift GitOps > Subscription > Actions > Edit Subscription``` within the Openshift web console in order to edit the subscription yaml to include the environment variable. Alternatively, you can modify the Openshift GitOps operator subscription directly via the command line. ``` $ > oc edit subscriptions.operators.coreos.com argocd-operator @@ -115,10 +115,18 @@ Now that the configuration sync is in place, any changes in the Git repository w ## Deploy Applications with Argo CD -In addition to configuring OpenShift clusters, many teams use GitOps workflows for continuous delivery and deploying applications in multi-cluster Kubernetes environments. +In addition to configuring OpenShift clusters, many teams use GitOps workflows for continuous delivery and deploying applications in multi-cluster Kubernetes environments. The [app](app/) directory in the current Git repository contains the Kubernetes manifests using Kustomize for deploying the sample Spring PetClinic application. Let's configure Argo CD to automatically and recursively deploy any changes made to these manifests on the OpenShift cluster in the `spring-petclinic` namespace that was created by Argo CD in the previous step. +We will need to grant RBAC permissions to the service account we created in our ArgoCD cluster-configs manifests: you can authorize your service account to perform either namespace-constrained or cluster-wide CRUD operations on Openshift resources via one of the following commands: + +``` + oc adm policy add-role-to-user admin system:serviceaccount:openshift-operators:argocd-argocd-application-controller -n spring-petclinic + + oc adm policy add-cluster-role-to-user cluster-admin system:serviceaccount:openshift-operators:argocd-argocd-application-controller +``` + In the Argo CD dashboard, click on the **New App** button to add a new Argo CD application that syncs a Git repository containing cluster configurations with the OpenShift cluster. Create a new Argo CD application by clicking on the **New App** button in the Argo CD dashboard and entering the following details. From 683b8db2cd405a3b9c6aad9025fa3bee353c160c Mon Sep 17 00:00:00 2001 From: Bart Zhang <60352611+bazhang87@users.noreply.github.com> Date: Wed, 16 Mar 2022 11:47:04 -0500 Subject: [PATCH 6/6] Update README.md --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index da934ca..d464473 100644 --- a/README.md +++ b/README.md @@ -147,6 +147,12 @@ Create a new Argo CD application by clicking on the **New App** button in the Ar > oc create -f argo/app.yaml > ``` +You will notice that your app will be created but not successfully sync. This is because you must first allow the openshift-gitops namespace to manage the spring-petclinic namespace by running the following command: + +``` +oc label namespace spring-petclinic argocd.argoproj.io/managed-by=openshift-gitops +``` + Because we set up the sync policy to `Automatic`, as soon as the Argo CD application is created, a sync is started in order to rollout the Spring PetClinic manifests to the `spring-petclinic` namespace. ![Argo CD - Spring PetClinic](images/gitops-15.png)