Slide 1

Slide 1 text

Christian Hernandez Senior Principal Technical Marketing Manager, Red Hat GitOps in OpenShift with ArgoCD and Helm Andrew Block Distinguished Architect, Red Hat

Slide 2

Slide 2 text

2 GitOps is when the infrastructure and/or application state is fully represented by the contents of a git repository. Any changes to the git repository are reflected in the corresponding state of the associated infrastructure and applications through automation. It is a natural evolution of Agile and DevOps methodologies “GitOps is the ‘Holy Grail’ of DevOps” — Chris Short (OpenShift.TV host) What is GitOps?

Slide 3

Slide 3 text

3 Why GitOps? It takes weeks (or months!) to provision an environment The application behaves different in production than it did in test Environments are all manually configured (“pets vs. cattle”) Production deployments have a very low success rate I have no visibility or record of configuration changes in environments I can’t easily rollback changes to a specific version I can’t audit configuration changes

Slide 4

Slide 4 text

4 ▸ All changes are auditable ▸ Standard roll-forward or backwards in the event of failure ▸ Disaster recovery is “reapply the current state of the manifests” ▸ Experience is “pushes and pull-requests” GitOps Benefits

Slide 5

Slide 5 text

5 GitOps is for Everyone Developers Operations

Slide 6

Slide 6 text

OpenShift and GitOps - A Perfect Match ● OpenShift is a declarative environment ○ Cluster configuration is declared and Operators make it happen ○ Application deployments are declared and Kubernetes scheduler makes it happen ● GitOps in traditional environments requires automation/scripting, declarative environment minimizes or eliminates this need ● Declarations are yaml files which are easily stored and managed in git

Slide 7

Slide 7 text

OpenShift GitOps Principles ● Separate application source code (Java/.Net/etc) from manifests (yaml) ● Deployment manifests are standard k8s manifests ● Avoid duplication of yaml across environments ● Manifests should be applied with standard Openshift and k8s tooling

Slide 8

Slide 8 text

Day 2 operations : All changes triggered from Git

Slide 9

Slide 9 text

Tool For Syncing Syncing tool will expedite drift detection and correction. ● Built on Kubernetes native CRD and CRs ● Automatically detect drift and correction ● Popular GitOps “tools” for syncing ○ ArgoCD ○ RHACM ○ Ansible ○ FluxCD ● Example on the right shows ArgoCD

Slide 10

Slide 10 text

Declarative representation of the entire stack apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: product-catalog-dev namespace: argocd spec: destination: namespace: argocd server: https://kubernetes.default.svc project: product-catalog source: path: manifests/app/overlays/dev-quay repoURL: https://github.com/gnunn-gitops/product-catalog.git targetRevision: master syncPolicy: automated: prune: false selfHeal: false ● Whichever sync tool is used needs to consume manifest from Git repo. ● The entire application stack and the infrastructure components are in git: ○ All namespaces ○ All Deployments ○ All Ingress Definitions ○ All Secrets ○ MachineSets/Operator manifests ● Usually the sync tool has a way of defining what gets loaded into your cluster

Slide 11

Slide 11 text

Synchronizing - Basic Workflow Change in git Sync Tool monitors changes via polling or a push event. Check Sync Status Synchronize

Slide 12

Slide 12 text

Avoiding YAML Duplication GitOps enables deployment across multiple clusters, awesome! Wait, how do we manage configuration without copying and pasting yaml everywhere?

Slide 13

Slide 13 text

13 ▸ Various templating tools exist to help avoid YAML duplication ▸ Templating tools work off of a “core” YAML file. ▸ Popular templating tools in GitOps ➤ Kustomize ➤ Helm Templating Tools

Slide 14

Slide 14 text

14 Helm is a package manager for Kubernetes applications define, install and update applications

Slide 15

Slide 15 text

15 a package consisting of related Kubernetes YAML files a place where Charts can be stored, shared and distributed a specific instance of a Chart deployed on Kubernetes Chart Repository Release

Slide 16

Slide 16 text

16 How does Helm work? OPENSHIFT NAMESPACE Image Repository Releases Helm Chart (templates) Values (configs) Helm CLI

Slide 17

Slide 17 text

Helm Templates apiVersion: build.openshift.io/v1 kind: BuildConfig . . . spec: . . . source: type: Git git: uri: {{ .Values.build.uri }} contextDir: {{ .Values.build.contextDir }} {{- if and .Values.build.native.useDefaultDockerfile (eq .Values.build.mode “native”) }} dockerfile: |- FROM registry.redhat.com/quarkus/mandrel-20-rhel8 AS builder . . . {{- end }} strategy: {{- if eq .Values.build.mode “jvm” }} type: Source sourceStrategy: . . . apiVersion: apps/v1 kind: Deployment metadata: . . . spec: replicas: {{ .Values.deploy.replicas }} . . . template: spec: containers: - name: web image: {{ .Release.Name }}:{{ .Values.image.tag }} {{- if .Values.deploy.resources }} resources: {{- toYaml .Values.deploy.resources | nindent 12 }} {{- end }} . . .

Slide 18

Slide 18 text

Configuration using “Values” build: uri: https://github.com/deweya/quarkus-quickstarts contextDir: getting-started mode: jvm deploy: resources: limits: cpu: 500m memory: 2Gi Create a values.yaml file $ helm install quarkus-app redhat-charts/quarkus --values values.yaml Install the Helm chart BuildConfig ImageStream

Slide 19

Slide 19 text

Helm Integration with ArgoCD ● Charts can be sourced from: ○ Git Repositories ○ Helm Repositories ● Override Chart Values ○ Separate Values files ○ Individual parameters ● Managed via UI or CLI

Slide 20

Slide 20 text

Demo Time! + ▸ GitOps Approach for Managing Applications as Helm charts ▸ Leverage Quarkus Red Hat Helm Chart (Alpha) ・ https://github.com/redhat-developer/re dhat-helm-charts ▸ Demonstrate integration with ArgoCD

Slide 21

Slide 21 text

GitOps and ArgoCD Resources Kubernetes Slack https://slack.kubernetes.io/ (#gitops) GitOps on the OpenShift Blog https://www.openshift.com/blog/tag/gitops GitOps Happy Hour on OpenShift.TV https://www.youtube.com/playlist?list=PLaR6Rq6 Z4IqfGCkI28cUMbNhPhsnj4nq3 ArgoCD GitHub Repository https://github.com/argoproj/argo-cd/ Interactive Lab https://learn.openshift.com/cicd-application-delivery/

Slide 22

Slide 22 text

Helm Resources Helm Documentation https://helm.sh/docs/ Helm Project Repository https://github.com/helm/helm Kubernetes Slack https://slack.kubernetes.io/ (#helm) Interactive Lab https://learn.openshift.com/developing-on-openshift/helm/ Learn Helm https://www.packtpub.com/cloud-networking/learn-helm Contact the Red Hat Helm Team [email protected]

Slide 23

Slide 23 text

linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHat 23 Red Hat is the world’s leading provider of enterprise open source software solutions. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. Thank you