GitOps in OpenShift with ArgoCD and Helm

Transcript

1. Christian Hernandez Senior Principal Technical Marketing Manager, Red Hat GitOps

   in OpenShift with ArgoCD and Helm Andrew Block Distinguished Architect, Red Hat

2. 2 GitOps is when the infrastructure and/or application state is

   fully represented by the contents of a git repository. Any changes to the git repository are reflected in the corresponding state of the associated infrastructure and applications through automation. It is a natural evolution of Agile and DevOps methodologies “GitOps is the ‘Holy Grail’ of DevOps” — Chris Short (OpenShift.TV host) What is GitOps?

3. 3 Why GitOps? It takes weeks (or months!) to provision

   an environment The application behaves different in production than it did in test Environments are all manually configured (“pets vs. cattle”) Production deployments have a very low success rate I have no visibility or record of configuration changes in environments I can’t easily rollback changes to a specific version I can’t audit configuration changes

4. 4 ▸ All changes are auditable ▸ Standard roll-forward or

   backwards in the event of failure ▸ Disaster recovery is “reapply the current state of the manifests” ▸ Experience is “pushes and pull-requests” GitOps Benefits

5. 5 GitOps is for Everyone Developers Operations

6. OpenShift and GitOps - A Perfect Match • OpenShift is

   a declarative environment ◦ Cluster configuration is declared and Operators make it happen ◦ Application deployments are declared and Kubernetes scheduler makes it happen • GitOps in traditional environments requires automation/scripting, declarative environment minimizes or eliminates this need • Declarations are yaml files which are easily stored and managed in git

7. OpenShift GitOps Principles • Separate application source code (Java/.Net/etc) from

   manifests (yaml) • Deployment manifests are standard k8s manifests • Avoid duplication of yaml across environments • Manifests should be applied with standard Openshift and k8s tooling

8. Day 2 operations : All changes triggered from Git

9. Tool For Syncing Syncing tool will expedite drift detection and

   correction. • Built on Kubernetes native CRD and CRs • Automatically detect drift and correction • Popular GitOps “tools” for syncing ◦ ArgoCD ◦ RHACM ◦ Ansible ◦ FluxCD • Example on the right shows ArgoCD

10. Declarative representation of the entire stack apiVersion: argoproj.io/v1alpha1 kind: Application

    metadata: name: product-catalog-dev namespace: argocd spec: destination: namespace: argocd server: https://kubernetes.default.svc project: product-catalog source: path: manifests/app/overlays/dev-quay repoURL: https://github.com/gnunn-gitops/product-catalog.git targetRevision: master syncPolicy: automated: prune: false selfHeal: false • Whichever sync tool is used needs to consume manifest from Git repo. • The entire application stack and the infrastructure components are in git: ◦ All namespaces ◦ All Deployments ◦ All Ingress Definitions ◦ All Secrets ◦ MachineSets/Operator manifests • Usually the sync tool has a way of defining what gets loaded into your cluster

11. Synchronizing - Basic Workflow Change in git Sync Tool monitors

    changes via polling or a push event. Check Sync Status Synchronize

12. Avoiding YAML Duplication GitOps enables deployment across multiple clusters, awesome!

    Wait, how do we manage configuration without copying and pasting yaml everywhere?

13. 13 ▸ Various templating tools exist to help avoid YAML

    duplication ▸ Templating tools work off of a “core” YAML file. ▸ Popular templating tools in GitOps ➤ Kustomize ➤ Helm Templating Tools

14. 14 Helm is a package manager for Kubernetes applications define,

    install and update applications

15. 15 a package consisting of related Kubernetes YAML files a

    place where Charts can be stored, shared and distributed a specific instance of a Chart deployed on Kubernetes Chart Repository Release

16. 16 How does Helm work? OPENSHIFT NAMESPACE Image Repository Releases

    Helm Chart (templates) Values (configs) Helm CLI

17. Helm Templates apiVersion: build.openshift.io/v1 kind: BuildConfig . . . spec:

    . . . source: type: Git git: uri: {{ .Values.build.uri }} contextDir: {{ .Values.build.contextDir }} {{- if and .Values.build.native.useDefaultDockerfile (eq .Values.build.mode “native”) }} dockerfile: |- FROM registry.redhat.com/quarkus/mandrel-20-rhel8 AS builder . . . {{- end }} strategy: {{- if eq .Values.build.mode “jvm” }} type: Source sourceStrategy: . . . apiVersion: apps/v1 kind: Deployment metadata: . . . spec: replicas: {{ .Values.deploy.replicas }} . . . template: spec: containers: - name: web image: {{ .Release.Name }}:{{ .Values.image.tag }} {{- if .Values.deploy.resources }} resources: {{- toYaml .Values.deploy.resources | nindent 12 }} {{- end }} . . .

18. Configuration using “Values” build: uri: https://github.com/deweya/quarkus-quickstarts contextDir: getting-started mode: jvm

    deploy: resources: limits: cpu: 500m memory: 2Gi Create a values.yaml file $ helm install quarkus-app redhat-charts/quarkus --values values.yaml Install the Helm chart BuildConfig ImageStream

19. Helm Integration with ArgoCD • Charts can be sourced from:

    ◦ Git Repositories ◦ Helm Repositories • Override Chart Values ◦ Separate Values files ◦ Individual parameters • Managed via UI or CLI

20. Demo Time! + ▸ GitOps Approach for Managing Applications as

    Helm charts ▸ Leverage Quarkus Red Hat Helm Chart (Alpha) ･ https://github.com/redhat-developer/re dhat-helm-charts ▸ Demonstrate integration with ArgoCD

21. GitOps and ArgoCD Resources Kubernetes Slack https://slack.kubernetes.io/ (#gitops) GitOps on

    the OpenShift Blog https://www.openshift.com/blog/tag/gitops GitOps Happy Hour on OpenShift.TV https://www.youtube.com/playlist?list=PLaR6Rq6 Z4IqfGCkI28cUMbNhPhsnj4nq3 ArgoCD GitHub Repository https://github.com/argoproj/argo-cd/ Interactive Lab https://learn.openshift.com/cicd-application-delivery/

22. Helm Resources Helm Documentation https://helm.sh/docs/ Helm Project Repository https://github.com/helm/helm Kubernetes

    Slack https://slack.kubernetes.io/ (#helm) Interactive Lab https://learn.openshift.com/developing-on-openshift/helm/ Learn Helm https://www.packtpub.com/cloud-networking/learn-helm Contact the Red Hat Helm Team [email protected]

23. linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHat 23 Red Hat is the world’s

    leading provider of enterprise open source software solutions. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. Thank you