GitOps in OpenShift

with ArgoCD and Helm

Christian Hernandez
Senior Principal Technical Marketing Manager, Red Hat

Andrew Block
Distinguished Architect, Red Hat
 What is GitOps?

GitOps is when the infrastructure and/or application state is fully

represented by the contents of a git repository. Any changes to the git
repository are reflected in the corresponding state of the associated
infrastructure and applications through automation.
It is a natural evolution of Agile and DevOps methodologies

“GitOps is the ‘Holy Grail’ of DevOps”

— Chris Short (OpenShift.TV host)
2
 Why GitOps?
The application
behaves different Environments are
It takes weeks in production than all manually
(or months!) to it did in test configured Production
provision an (“pets vs. cattle”) deployments
environment have a very low
success rate

I have no visibility
or record of
configuration I can’t audit
I can’t easily configuration
changes in rollback changes
environments changes
to a specific
version
3
 GitOps Benefits

▸ All changes are auditable

▸ Standard roll-forward or backwards in the event of failure

▸ Disaster recovery is “reapply the current state of the manifests”

▸ Experience is “pushes and pull-requests”

4
 GitOps is for Everyone

Developers Operations

5
 OpenShift and GitOps - A Perfect Match

● OpenShift is a declarative environment

○ Cluster configuration is declared and Operators
make it happen
○ Application deployments are declared and
Kubernetes scheduler makes it happen

● GitOps in traditional environments requires

automation/scripting, declarative environment
minimizes or eliminates this need

● Declarations are yaml files which are easily stored and

managed in git
 OpenShift GitOps Principles

● Separate application source code (Java/.Net/etc) from manifests

(yaml)
● Deployment manifests are standard k8s manifests
● Avoid duplication of yaml across environments
● Manifests should be applied with standard Openshift and k8s tooling
Day 2 operations : All changes triggered from Git
 Tool For Syncing

Syncing tool will expedite drift detection

and correction.

● Built on Kubernetes native CRD and

CRs
● Automatically detect drift and
correction
● Popular GitOps “tools” for syncing
○ ArgoCD
○ RHACM
○ Ansible
○ FluxCD
● Example on the right shows
ArgoCD
 Declarative representation of the entire stack

● Whichever sync tool is used needs to apiVersion: argoproj.io/v1alpha1

kind: Application
consume manifest from Git repo. metadata:
name: product-catalog-dev
● The entire application stack and the namespace: argocd
infrastructure components are in git: spec:
○ All namespaces destination:
namespace: argocd
○ All Deployments server: https://kubernetes.default.svc
○ All Ingress Definitions project: product-catalog
○ All Secrets source:
path: manifests/app/overlays/dev-quay
○ MachineSets/Operator repoURL: https://github.com/gnunn-gitops/product-catalog.git
manifests targetRevision: master
syncPolicy:
● Usually the sync tool has a way of automated:
defining what gets loaded into your prune: false
selfHeal: false
cluster
 Synchronizing - Basic Workflow

Check
Change in git Sync Tool monitors Synchronize
Sync Status
changes via polling
or a push event.
 Avoiding YAML Duplication

GitOps enables deployment across multiple clusters, awesome!

Wait, how do we manage configuration without copying and pasting yaml
everywhere?
 Templating Tools

▸ Various templating tools exist to help avoid YAML duplication

▸ Templating tools work off of a “core” YAML file.

▸ Popular templating tools in GitOps

➤ Kustomize

➤ Helm

13
 Helm is a package manager for Kubernetes
applications

define, install and update applications

14
 Chart Repository Release
a package consisting of a place where Charts can be a specific instance of a Chart
related Kubernetes YAML stored, shared and distributed deployed on Kubernetes
files

15
 How does Helm work?
Image
Repository

Helm Chart
(templates)
Helm CLI

Releases
Values
(configs)
NAMESPACE

OPENSHIFT

16
 Helm Templates

apiVersion: build.openshift.io/v1 apiVersion: apps/v1

kind: BuildConfig kind: Deployment
... metadata:
spec: ...
... spec:
source: replicas: {{ .Values.deploy.replicas }}
type: Git ...
git: template:
uri: {{ .Values.build.uri }} spec:
contextDir: {{ .Values.build.contextDir }} containers:
{{- if and .Values.build.native.useDefaultDockerfile (eq - name: web
.Values.build.mode “native”) }} image: {{ .Release.Name }}:{{ .Values.image.tag }}
dockerfile: |- {{- if .Values.deploy.resources }}
FROM resources:
registry.redhat.com/quarkus/mandrel-20-rhel8 AS {{- toYaml .Values.deploy.resources | nindent 12 }}
builder {{- end }}
... ...
{{- end }}
strategy:
{{- if eq .Values.build.mode “jvm” }}
type: Source
sourceStrategy:
...
 Configuration using “Values”

Create a values.yaml file Install the Helm chart

build:
$ helm install quarkus-app
uri:
redhat-charts/quarkus --values
https://github.com/deweya/quarkus-quickstarts
values.yaml
contextDir: getting-started
mode: jvm
deploy:
resources:
limits:
cpu: 500m
memory: 2Gi

BuildConfig

ImageStream
 Helm Integration with ArgoCD

● Charts can be sourced from:

○ Git Repositories
○ Helm Repositories

● Override Chart Values

○ Separate Values files
○ Individual parameters

● Managed via UI or CLI

 Demo Time!

▸ GitOps Approach for Managing Applications as

Helm charts
+
▸ Leverage Quarkus Red Hat Helm Chart (Alpha)
･ https://github.com/redhat-developer/re
dhat-helm-charts
▸ Demonstrate integration with ArgoCD
 GitOps and ArgoCD Resources

Kubernetes Slack ArgoCD GitHub Repository

https://slack.kubernetes.io/ (#gitops) https://github.com/argoproj/argo-cd/

GitOps on the OpenShift Blog Interactive Lab

https://www.openshift.com/blog/tag/gitops https://learn.openshift.com/cicd-application-delivery/

GitOps Happy Hour on OpenShift.TV

https://www.youtube.com/playlist?list=PLaR6Rq6
Z4IqfGCkI28cUMbNhPhsnj4nq3
 Helm Resources

Helm Documentation Interactive Lab

https://helm.sh/docs/ https://learn.openshift.com/developing-on-openshift/helm/

Helm Project Repository Learn Helm

https://github.com/helm/helm https://www.packtpub.com/cloud-networking/learn-helm

Kubernetes Slack Contact the Red Hat Helm Team

https://slack.kubernetes.io/ (#helm) helm@redhat.com
 Thank you linkedin.com/company/red-hat

youtube.com/user/RedHatVideos

Red Hat is the world’s leading provider of

facebook.com/redhatinc
enterprise open source software solutions.
Award-winning support, training, and consulting
services make twitter.com/RedHat
23 Red Hat a trusted adviser to the Fortune 500.