Christian Hernandez Senior Principal Technical Marketing Manager, Red Hat GitOps in OpenShift with ArgoCD and Helm Andrew Block Distinguished Architect, Red Hat

2 GitOps is when the infrastructure and/or application state is fully represented by the contents of a git repository. Any changes to the git repository are reflected in the corresponding state of the associated infrastructure and applications through automation. It is a natural evolution of Agile and DevOps methodologies “GitOps is the ‘Holy Grail’ of DevOps” — Chris Short (OpenShift.TV host) What is GitOps?

3 Why GitOps? It takes weeks (or months!) to provision an environment The application behaves different in production than it did in test Environments are all manually configured (“pets vs. cattle”) Production deployments have a very low success rate I have no visibility or record of configuration changes in environments I can’t easily rollback changes to a specific version I can’t audit configuration changes

4 ▸ All changes are auditable ▸ Standard roll-forward or backwards in the event of failure ▸ Disaster recovery is “reapply the current state of the manifests” ▸ Experience is “pushes and pull-requests” GitOps Benefits

5 GitOps is for Everyone Developers Operations

OpenShift and GitOps - A Perfect Match ● OpenShift is a declarative environment ○ Cluster configuration is declared and Operators make it happen ○ Application deployments are declared and Kubernetes scheduler makes it happen ● GitOps in traditional environments requires automation/scripting, declarative environment minimizes or eliminates this need ● Declarations are yaml files which are easily stored and managed in git

OpenShift GitOps Principles ● Separate application source code (Java/.Net/etc) from manifests (yaml) ● Deployment manifests are standard k8s manifests ● Avoid duplication of yaml across environments ● Manifests should be applied with standard Openshift and k8s tooling

Day 2 operations : All changes triggered from Git

Tool For Syncing Syncing tool will expedite drift detection and correction. ● Built on Kubernetes native CRD and CRs ● Automatically detect drift and correction ● Popular GitOps “tools” for syncing ○ ArgoCD ○ RHACM ○ Ansible ○ FluxCD ● Example on the right shows ArgoCD

Declarative representation of the entire stack apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: product-catalog-dev namespace: argocd spec: destination: namespace: argocd server: https://kubernetes.default.svc project: product-catalog source: path: manifests/app/overlays/dev-quay repoURL: https://github.com/gnunn-gitops/product-catalog.git targetRevision: master syncPolicy: automated: prune: false selfHeal: false ● Whichever sync tool is used needs to consume manifest from Git repo. ● The entire application stack and the infrastructure components are in git: ○ All namespaces ○ All Deployments ○ All Ingress Definitions ○ All Secrets ○ MachineSets/Operator manifests ● Usually the sync tool has a way of defining what gets loaded into your cluster

Synchronizing - Basic Workflow Change in git Sync Tool monitors changes via polling or a push event. Check Sync Status Synchronize

Avoiding YAML Duplication GitOps enables deployment across multiple clusters, awesome! Wait, how do we manage configuration without copying and pasting yaml everywhere?

13 ▸ Various templating tools exist to help avoid YAML duplication ▸ Templating tools work off of a “core” YAML file. ▸ Popular templating tools in GitOps ➤ Kustomize ➤ Helm Templating Tools

14 Helm is a package manager for Kubernetes applications define, install and update applications

15 a package consisting of related Kubernetes YAML files a place where Charts can be stored, shared and distributed a specific instance of a Chart deployed on Kubernetes Chart Repository Release

16 How does Helm work? OPENSHIFT NAMESPACE Image Repository Releases Helm Chart (templates) Values (configs) Helm CLI

Helm Templates apiVersion: build.openshift.io/v1 kind: BuildConfig . . . spec: . . . source: type: Git git: uri: {{ .Values.build.uri }} contextDir: {{ .Values.build.contextDir }} {{- if and .Values.build.native.useDefaultDockerfile (eq .Values.build.mode “native”) }} dockerfile: |- FROM registry.redhat.com/quarkus/mandrel-20-rhel8 AS builder . . . {{- end }} strategy: {{- if eq .Values.build.mode “jvm” }} type: Source sourceStrategy: . . . apiVersion: apps/v1 kind: Deployment metadata: . . . spec: replicas: {{ .Values.deploy.replicas }} . . . template: spec: containers: - name: web image: {{ .Release.Name }}:{{ .Values.image.tag }} {{- if .Values.deploy.resources }} resources: {{- toYaml .Values.deploy.resources | nindent 12 }} {{- end }} . . .

Configuration using “Values” build: uri: https://github.com/deweya/quarkus-quickstarts contextDir: getting-started mode: jvm deploy: resources: limits: cpu: 500m memory: 2Gi Create a values.yaml file $ helm install quarkus-app redhat-charts/quarkus --values values.yaml Install the Helm chart BuildConfig ImageStream

Helm Integration with ArgoCD ● Charts can be sourced from: ○ Git Repositories ○ Helm Repositories ● Override Chart Values ○ Separate Values files ○ Individual parameters ● Managed via UI or CLI

Demo Time! + ▸ GitOps Approach for Managing Applications as Helm charts ▸ Leverage Quarkus Red Hat Helm Chart (Alpha) ･ https://github.com/redhat-developer/re dhat-helm-charts ▸ Demonstrate integration with ArgoCD

GitOps and ArgoCD Resources Kubernetes Slack https://slack.kubernetes.io/ (#gitops) GitOps on the OpenShift Blog https://www.openshift.com/blog/tag/gitops GitOps Happy Hour on OpenShift.TV https://www.youtube.com/playlist?list=PLaR6Rq6 Z4IqfGCkI28cUMbNhPhsnj4nq3 ArgoCD GitHub Repository https://github.com/argoproj/argo-cd/ Interactive Lab https://learn.openshift.com/cicd-application-delivery/

Helm Resources Helm Documentation https://helm.sh/docs/ Helm Project Repository https://github.com/helm/helm Kubernetes Slack https://slack.kubernetes.io/ (#helm) Interactive Lab https://learn.openshift.com/developing-on-openshift/helm/ Learn Helm https://www.packtpub.com/cloud-networking/learn-helm Contact the Red Hat Helm Team helm@redhat.com

linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHat 23 Red Hat is the world’s leading provider of enterprise open source software solutions. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. Thank you