openshift-cluster-bootstrap
This repository demonstrate the usage of OpenShift-GitOps and a secrets manager like Sealed Secrets or Hashicorp Vault. The focus lies on main cluster configuration.
This repository is never to be considered as finished ever, since new cluster configuration may happen at any time.
Initialize
Before gitops can be used some basic setup must be done. A shell script has been prepared to do that for you:
- Deploy the OpenShift GitOps operator:
./init_GitOps.sh -o enable-cluster-admin
This will deploy the Redhat Gitops operator, the Application of Applications and optionally Sealed Secrets and/or Hashicorp Vault.
NOTE: Hashicorp Vault is as of today installed only. Nothing else is done yet.
- Download the Sealed Secret certificate for this specific cluster.
The following script will store the certificate into ~/.bitname/
./scripts/sealed_secrets/get-sealed-secret-key.sh
Repository structure
Currently, the following directory structure is used:
.
├── init_GitOps.sh
├── README.md
├── bootstrap <1>
│ ├── ...
├── clusters <2>
│ ├── all <3>
│ │ └── clusterconfig
│ │ ├── ...
│ ├── argocd-object-manager <4>
│ │ ├── Chart.yaml
│ │ ├── templates
│ │ │ ├── ...
│ │ └── values.yaml
│ ├── management-cluster <5>
│ │ └── ...
│ └── production-cluster <6>
│ └── ...
├── components <7>
│ ├── apps <8>
│ │ ├── ...
│ └── operators <9>
│ │ └── ...
├── tenants
└── scripts <10>
├── etcd-encryption
└── sealed_secrets
<1> bootstrap is used by the 2 initializations scripts only.
<2> clusters holds the definition per cluster. Since every cluster might have a different configuration, each cluster will get its own directory.
<3> all Configuration which is valid for all clusters goes in here.
<4> argocd-object-manager contains Applicationset and Application with their configuration. This folder is monitored by the App of Apps.
<5> management-cluster Example cluster ... typically this is the cluster where ArgoCD is installed\
<6> production-cluster 2nc Example cluster
<7> components basic components for the configuration. <3> and <4> are using the entities in this folder and are patching as required.
<8> app This folder defines additional applications which shall be installed.
<9> operators Operators which might be installed are stored here.
<10> scripts helper scripts to get sealed secret certificate or verify etcd encryption status\