GitOps in OpenShift with ArgoCD and Helm

Transcript

1. Christian Hernandez
   Senior Principal Technical Marketing Manager, Red Hat
   GitOps in OpenShift
   with ArgoCD and Helm
   Andrew Block
   Distinguished Architect, Red Hat
   

   View Slide

2. 2
   GitOps is when the infrastructure and/or application state is fully
   represented by the contents of a git repository. Any changes to the git
   repository are reflected in the corresponding state of the associated
   infrastructure and applications through automation.
   It is a natural evolution of Agile and DevOps methodologies
   “GitOps is the ‘Holy Grail’ of DevOps”
   — Chris Short (OpenShift.TV host)
   What is GitOps?
   

   View Slide

3. 3
   Why GitOps?
   It takes weeks
   (or months!) to
   provision an
   environment
   The application
   behaves different
   in production than
   it did in test
   Environments are
   all manually
   configured
   (“pets vs. cattle”)
   Production
   deployments
   have a very low
   success rate
   I have no visibility
   or record of
   configuration
   changes in
   environments
   I can’t easily
   rollback changes
   to a specific
   version
   I can’t audit
   configuration
   changes
   

   View Slide

4. 4
   ▸ All changes are auditable
   ▸ Standard roll-forward or backwards in the event of failure
   ▸ Disaster recovery is “reapply the current state of the manifests”
   ▸ Experience is “pushes and pull-requests”
   GitOps Benefits
   

   View Slide

5. 5
   GitOps is for Everyone
   Developers Operations
   

   View Slide

6. OpenShift and GitOps - A Perfect Match
   ● OpenShift is a declarative environment
   ○ Cluster configuration is declared and Operators
   make it happen
   ○ Application deployments are declared and
   Kubernetes scheduler makes it happen
   ● GitOps in traditional environments requires
   automation/scripting, declarative environment
   minimizes or eliminates this need
   ● Declarations are yaml files which are easily stored and
   managed in git
   

   View Slide

7. OpenShift GitOps Principles
   ● Separate application source code (Java/.Net/etc) from manifests
   (yaml)
   ● Deployment manifests are standard k8s manifests
   ● Avoid duplication of yaml across environments
   ● Manifests should be applied with standard Openshift and k8s tooling
   

   View Slide

8. Day 2 operations : All changes triggered from Git
   

   View Slide

9. Tool For Syncing
   Syncing tool will expedite drift detection
   and correction.
   ● Built on Kubernetes native CRD and
   CRs
   ● Automatically detect drift and
   correction
   ● Popular GitOps “tools” for syncing
   ○ ArgoCD
   ○ RHACM
   ○ Ansible
   ○ FluxCD
   ● Example on the right shows
   ArgoCD
   

   View Slide

10. Declarative representation of the entire stack
    apiVersion: argoproj.io/v1alpha1
    kind: Application
    metadata:
    name: product-catalog-dev
    namespace: argocd
    spec:
    destination:
    namespace: argocd
    server: https://kubernetes.default.svc
    project: product-catalog
    source:
    path: manifests/app/overlays/dev-quay
    repoURL: https://github.com/gnunn-gitops/product-catalog.git
    targetRevision: master
    syncPolicy:
    automated:
    prune: false
    selfHeal: false
    ● Whichever sync tool is used needs to
    consume manifest from Git repo.
    ● The entire application stack and the
    infrastructure components are in git:
    ○ All namespaces
    ○ All Deployments
    ○ All Ingress Definitions
    ○ All Secrets
    ○ MachineSets/Operator
    manifests
    ● Usually the sync tool has a way of
    defining what gets loaded into your
    cluster
    

    View Slide

11. Synchronizing - Basic Workflow
    Change in git Sync Tool monitors
    changes via polling
    or a push event.
    Check
    Sync Status
    Synchronize
    

    View Slide

12. Avoiding YAML Duplication
    GitOps enables deployment across multiple clusters, awesome!
    Wait, how do we manage configuration without copying and pasting yaml
    everywhere?
    

    View Slide

13. 13
    ▸ Various templating tools exist to help avoid YAML duplication
    ▸ Templating tools work off of a “core” YAML file.
    ▸ Popular templating tools in GitOps
    ➤ Kustomize
    ➤ Helm
    Templating Tools
    

    View Slide

14. 14
    Helm is a package manager for Kubernetes
    applications
    define, install and update applications
    

    View Slide

15. 15
    a package consisting of
    related Kubernetes YAML
    files
    a place where Charts can be
    stored, shared and distributed
    a specific instance of a Chart
    deployed on Kubernetes
    Chart Repository Release
    

    View Slide

16. 16
    How does Helm work?
    OPENSHIFT
    NAMESPACE
    Image
    Repository
    Releases
    Helm Chart
    (templates)
    Values
    (configs)
    Helm CLI
    

    View Slide

17. Helm Templates
    apiVersion: build.openshift.io/v1
    kind: BuildConfig
    . . .
    spec:
    . . .
    source:
    type: Git
    git:
    uri: {{ .Values.build.uri }}
    contextDir: {{ .Values.build.contextDir }}
    {{- if and .Values.build.native.useDefaultDockerfile (eq
    .Values.build.mode “native”) }}
    dockerfile: |-
    FROM
    registry.redhat.com/quarkus/mandrel-20-rhel8 AS
    builder
    . . .
    {{- end }}
    strategy:
    {{- if eq .Values.build.mode “jvm” }}
    type: Source
    sourceStrategy:
    . . .
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    . . .
    spec:
    replicas: {{ .Values.deploy.replicas }}
    . . .
    template:
    spec:
    containers:
    - name: web
    image: {{ .Release.Name }}:{{ .Values.image.tag }}
    {{- if .Values.deploy.resources }}
    resources:
    {{- toYaml .Values.deploy.resources | nindent 12 }}
    {{- end }}
    . . .
    

    View Slide

18. Configuration using “Values”
    build:
    uri:
    https://github.com/deweya/quarkus-quickstarts
    contextDir: getting-started
    mode: jvm
    deploy:
    resources:
    limits:
    cpu: 500m
    memory: 2Gi
    Create a values.yaml file
    $ helm install quarkus-app
    redhat-charts/quarkus --values
    values.yaml
    Install the Helm chart
    BuildConfig
    ImageStream
    

    View Slide

19. Helm Integration with ArgoCD
    ● Charts can be sourced from:
    ○ Git Repositories
    ○ Helm Repositories
    ● Override Chart Values
    ○ Separate Values files
    ○ Individual parameters
    ● Managed via UI or CLI
    

    View Slide

20. Demo Time!
    +
    ▸ GitOps Approach for Managing Applications as
    Helm charts
    ▸ Leverage Quarkus Red Hat Helm Chart (Alpha)
    ･ https://github.com/redhat-developer/re
    dhat-helm-charts
    ▸ Demonstrate integration with ArgoCD
    

    View Slide

21. GitOps and ArgoCD Resources
    Kubernetes Slack
    https://slack.kubernetes.io/ (#gitops)
    GitOps on the OpenShift Blog
    https://www.openshift.com/blog/tag/gitops
    GitOps Happy Hour on OpenShift.TV
    https://www.youtube.com/playlist?list=PLaR6Rq6
    Z4IqfGCkI28cUMbNhPhsnj4nq3
    ArgoCD GitHub Repository
    https://github.com/argoproj/argo-cd/
    Interactive Lab
    https://learn.openshift.com/cicd-application-delivery/
    

    View Slide

22. Helm Resources
    Helm Documentation
    https://helm.sh/docs/
    Helm Project Repository
    https://github.com/helm/helm
    Kubernetes Slack
    https://slack.kubernetes.io/ (#helm)
    Interactive Lab
    https://learn.openshift.com/developing-on-openshift/helm/
    Learn Helm
    https://www.packtpub.com/cloud-networking/learn-helm
    Contact the Red Hat Helm Team
    [email protected]
    

    View Slide

23. linkedin.com/company/red-hat
    youtube.com/user/RedHatVideos
    facebook.com/redhatinc
    twitter.com/RedHat
    23
    Red Hat is the world’s leading provider of
    enterprise open source software solutions.
    Award-winning support, training, and consulting
    services make
    Red Hat a trusted adviser to the Fortune 500.
    Thank you
    

    View Slide