Cluster Bootstrapping for Kubernetes with ArgoCD — Cong Nguyen linkedin.com/in/cong-ng

SocioProphet Open Collaborative Socio-Dat-Analytics 2 IBM Garage / © 2021 IBM Corporation Socios OS Albert, OpenSemanticSearch, cKnowledge, Rasa Collaborative Tools Socioprophet Platform Lots of Kubernetes I spent most of my time here Knowledge Platform

3 IBM Garage / © 2021 IBM Corporation

Hierarchical Namespaces Allows a team to own a parent namespace, and able to create children namespaces that inherits the parent namespace’s policies. Built into Anthos Config Management 4 IBM Garage / © 2021 IBM Corporation Source: Multi-tenant Clusters with Hierarchical Namespaces - Adrian Ludwin, Google (YouTube)

However, like travelling, there were also things I missed about OpenShift. 5

OpenShift Routes with pre-configured DNS names 6 Pre-installed OperatorHub with GUI Security Policies ~20 on worker nodes to enforce namespace isolations and other security context constraints for running pods. Source: OpenShift 4 Hardening Guide (get it from your local Red Hatter)

7

SocioProphet Open Collaborative Socio-Dat-Analytics 8 IBM Garage / © 2021 IBM Corporation Socios OS Albert, OpenSemanticSearch, cKnowledge, Rasa Collaborative Tools Socioprophet Platform Lots of Kubernetes Spin up lots of clusters and install tools based on usage tier, region and user Knowledge Platform

Terraform • Open-source IaaS using Hashicorp Configuration Language • Used extensively in IBM Cloud-Native Toolkit to install CI/CD tools onto Kubernetes and OpenShift clusters on IBM Cloud. • https://github.com/ibm-garage-cloud/ibm- garage-iteration-zero 9

Ansible • Beloved by Red Hat Labs to set up OpenShift labs. • https://github.com/redhat-cop/agnosticd • https://github.com/openshift-labs/starter- guides • Used to create installer operators for IBM Cloud Paks. 10

Razee • Open-source, includes a web GUI to track deployments • Used by IBM Cloud to deploy admin tools onto IBM Cloud Kubernetes clusters • https://razee.io/ • Deployment at Scale (LaunchDarkly & IBM talk) • Used in IBM Cloud Satellite Config 11 Razee

ArgoCD • Commonly used as a CD tool in a CI/CD pipeline • Enterprise supported by Red Hat from OpenShift 4.7 onwards • Used by Red Hat Labs to set up new OpenShift clusters for clients with app of apps pattern. • https://github.com/rht-labs/ubiquitous- journey 12

Application CRD • source references the desired state in Git (repository, path, environment, revision) • destination references the target cluster and namespace • The example to the right contains an Application that uses a Helm chart with many more Application CRDs to deploy many more apps to the Kubernetes cluster. 13 apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: bootstrap-cluster namespace: argocd spec: destination: namespace: tools # install to the same cluster server: https://kubernetes.default.svc # ArgoCD project project: default source: helm: valueFiles: - values.yaml path: repoURL: targetRevision: HEAD syncPolicy: automated: {}

Let’s look at how Red Hat Lab’s Ubiquitous Journey is organised 14

ArgoCD Pros and Cons Pros • Same tool used in CI pipeline and for bootstrapping • No external dependencies (aside from Git) • Enterprise supported by Red Hat from OpenShift 4.7 onwards Cons • Has to wait for resources to be deployed • No notifications like Ansible or Terraform 15