Andrew Beekhof - August 2021
helm chart
ArgoCD app
manifest
pattern
openshift gitops
secrets
Contents never stored in Git
helm chart
ArgoCD app
manifest
pattern
openshift gitops
secrets
ArgoCD subscription
helm chart
datacenter
ArgoCD app
manifest
pattern
openshift gitops
secrets
ArgoCD applications
helm chart
ArgoCD app
manifest
pattern
Smallest possible seed
datacenter
openshift gitops
secrets
helm chart
ArgoCD app
manifest
pattern
local values
Customization
datacenter
openshift gitops
secrets
helm chart
ArgoCD app
manifest
pattern
local values
Initial Helm chart and values file are disposable
datacenter
openshift gitops
secrets
helm chart
ArgoCD app
manifest
App manifest becomes the ultimate source of truth for all datacenter parameters
Flows through to all child manifests
datacenter
openshift gitops
secrets
helm chart
datacenter
ArgoCD app
manifest
Values from initial deployment baked in
datacenter
subscription
subscription
subscription
subscription
namespace
subscription
subscription
subscription
subscription
subscription
subscription
subscription
application
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
namespaced ArgoCD
helm chart
datacenter
ArgoCD app
manifest
Combines to ensure the chart is rendered with the correct inputs
datacenter
subscription
subscription
subscription
subscription
namespace
subscription
subscription
subscription
subscription
subscription
subscription
subscription
application
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
namespaced ArgoCD
helm chart
datacenter
ArgoCD app
manifest
The full list of namespaces and subscriptions is centrally defined for the site and deployed in advance
datacenter
subscription
subscription
subscription
subscription
namespace
subscription
subscription
subscription
subscription
subscription
subscription
subscription
application
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
namespaced ArgoCD
helm chart
datacenter
ArgoCD app
manifest
Contains ArgoCD applications, not sub-charts, to contain blast radius
datacenter
subscription
subscription
subscription
subscription
namespace
subscription
subscription
subscription
subscription
subscription
subscription
subscription
application
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
namespaced ArgoCD
helm chart
datacenter
ArgoCD app
manifest
Applications are managed by an unprivileged ArgoCD instance
datacenter
subscription
subscription
subscription
subscription
namespace
subscription
subscription
subscription
subscription
subscription
subscription
subscription
application
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
namespaced ArgoCD
helm chart
datacenter
ArgoCD app
manifest
datacenter
subscription
subscription
subscription
subscription
namespace
subscription
subscription
subscription
subscription
subscription
subscription
subscription
application
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
namespaced ArgoCD
helm chart
ArgoCD app
manifest
acm
pipelines
opendatahub
datalake
helm chart
ArgoCD app
manifest
Values from initial deployment baked in and passed to the Helm chart
pipelines
pipelines
configmap
pods
...
helm chart
ArgoCD app
manifest
Namespace and operators already deployed, CRDs already defined - simplifying the chart
pipelines
pipelines
configmap
pods
...
helm chart
ArgoCD app
manifest
helm chart
datacenter
ArgoCD app
manifest
datacenter
subscription
subscription
subscription
subscription
namespace
subscription
subscription
subscription
subscription
subscription
subscription
subscription
application
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
namespaced ArgoCD
Edge is driven from the datacenter
helm chart
ArgoCD app
manifest
acm
pipelines
opendatahub
datalake
Bootstrapped by ACM
helm chart
ArgoCD app
manifest
Values from initial deployment baked in and passed to the Helm chart
acm
acm
managed clusters
policies
...
ACM Policy
helm chart
ArgoCD app
manifest
Policies used to deploy OpenShift GitOps and {site} applications to specific edge clusters
acm
acm
managed clusters
policies
...
ACM Policy
helm chart
ArgoCD app
manifest
ACM Policy
policies
helm chart
ArgoCD app
manifest
edge
namespace
openshift gitops
ACM Policy
helm chart
ArgoCD app
manifest
edge
namespace
openshift gitops
edge
namespace
openshift gitops
edge
ACM Policy
helm chart
ArgoCD app
manifest
edge
namespace
openshift gitops
edge
namespace
openshift gitops
edge
Defined on the datacenter
ACM Policy
helm chart
ArgoCD app
manifest
Created from the policy, pushed by ACM to matching edge clusters once they register
edge
namespace
openshift gitops
edge
namespace
openshift gitops
edge
ACM Policy
helm chart
ArgoCD app
manifest
Original Helm chart parameters baked in
edge
namespace
openshift gitops
edge
namespace
openshift gitops
edge
ACM Policy
helm chart
ArgoCD app
manifest
Ensures edge charts are ultimately rendered with the correct values
edge
namespace
openshift gitops
edge
namespace
openshift gitops
edge
ACM Policy
helm chart
edge
ArgoCD app
manifest
edge
subscription
subscription
subscription
subscription
namespace
subscription
subscription
subscription
subscription
subscription
subscription
subscription
application
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
subscription
namespaced ArgoCD
Same {site} pattern we see for the datacenter
helm chart
ArgoCD app
manifest
pattern defaults
datacenter
openshift gitops
secrets
global:
git:
provider: github.com
account: PLAINTEXT
target: HEAD
datacenter:
clustername: manuela-hub
domain: CLUSTER-DOMAINNAME
# NEVER COMMIT THESE VALUES TO GIT
secrets:
git:
# Go to: https://github.com/settings/tokens
# Then: echo -n 'your string value' | base64
authToken: BASE64STRING
accountToken: BASE64STRINGhelm chart
ArgoCD app
manifest
pattern defaults
local values
datacenter
openshift gitops
secrets
global:
git:
provider: github.com
account: PLAINTEXT
target: HEAD
datacenter:
clustername: manuela-hub
domain: CLUSTER-DOMAINNAME
# NEVER COMMIT THESE VALUES TO GIT
secrets:
git:
# Go to: https://github.com/settings/tokens
# Then: echo -n 'your string value' | base64
authToken: BASE64STRING
accountToken: BASE64STRINGglobal:
git:
account: cloud9-admin
target: main
datacenter:
domain: cloud9.com
secrets:
git:
accountToken: VGVhbSBHZXQgU2hpdCBEb25lCg==
authToken: UHV0IG9mZiBwcm9jcmFzdGluYXRpbmcgdW50aWwgbmV4dCB3ZWVrCgo=helm chart
ArgoCD app
manifest
pattern defaults
local values
datacenter
openshift gitops
secrets
global:
global:
git:
account: cloud9-admin
target: main
options:
syncPolicy: Manual
datacenter:
domain: cloud9.com
secrets:
git:
accountToken: VGVhbSBHZXQgU2hpdCBEb25lCg==
authToken: UHV0IG9mZiBwcm9jcmFzdGluYXRpbmcgdW50aWwgbmV4dCB3ZWVrCgo=helm:
global:
git:
provider: github.com
account: dagger-refuse-cool
target: HEAD
options:
useCSV: False
syncPolicy: Automatic
installPlanApproval: Automaticargo defaults
global:
git:
provider: github.com
account: PLAINTEXT
target: HEAD
datacenter:
clustername: manuela-hub
domain: CLUSTER-DOMAINNAME
# NEVER COMMIT THESE VALUES TO GIT
secrets:
git:
# Go to: https://github.com/settings/tokens
# Then: echo -n 'your string value' | base64
authToken: BASE64STRING
accountToken: BASE64STRINGhelm chart
ArgoCD app
manifest
pattern defaults
local values
datacenter
openshift gitops
secrets
kind: Secret
apiVersion: v1
metadata:
name: github
namespace: manuela-ci
type: Opaque
data:
# Go to: https://github.com/settings/tokens
# Then: echo -n 'your string value' | base64
token: {{ .Values.secrets.git.authToken }}
user: {{ .Values.secrets.git.accountToken }}argo defaults
helm chart
ArgoCD app
manifest
pattern defaults
local values
datacenter
openshift gitops
secrets
kind: Secret
apiVersion: v1
metadata:
name: github
namespace: manuela-ci
type: Opaque
data:
# Go to: https://github.com/settings/tokens
# Then: echo -n 'your string value' | base64
token: {{ .Values.secrets.git.authToken }}
user: {{ .Values.secrets.git.accountToken }}argo defaults
kind: Secret
apiVersion: v1
metadata:
name: github
namespace: manuela-ci
type: Opaque
data:
# Go to: https://github.com/settings/tokens
# Then: echo -n 'your string value' | base64
token: VGVhbSBHZXQgU2hpdCBEb25lCg==
user: UHV0IG9mZiBwcm9jcmFzdGluYXRpbmcgdW50aWwgbmV4dCB3ZWVrCgo=
helm chart
ArgoCD app
manifest
pattern defaults
local values
datacenter
openshift gitops
secrets
{{- $valuesDirectoryURL := cat .Values.main.git.repoURL "/raw/" .Values.main.git.revision -}}
{{- $valuesDirectoryURLFixed := $valuesDirectoryURL | replace " " "" | replace ".git" "" }}
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: {{ .Release.Name }}-{{ .Values.main.siteName }}
namespace: openshift-gitops
spec:
destination:
name: in-cluster
namespace: {{ .Values.main.siteName }}-gitops
project: default
source:
repoURL: {{ .Values.main.git.repoURL }}
targetRevision: {{ .Values.main.git.revision }}
path: common/site
helm:
valueFiles:
- "{{ coalesce .Values.main.git.valuesDirectoryURL $valuesDirectoryURLFixed }}/values-global.yaml"
- "{{ coalesce .Values.main.git.valuesDirectoryURL $valuesDirectoryURLFixed }}/values-{{ .Values.main.siteName }}.yaml"
# Track the progress of https://github.com/argoproj/argo-cd/pull/6280
parameters:
- name: global.repoURL
value: $ARGOCD_APP_SOURCE_REPO_URL
- name: global.targetRevision
value: $ARGOCD_APP_SOURCE_TARGET_REVISION
- name: global.namespace
value: $ARGOCD_APP_NAMESPACE
- name: global.valuesDirectoryURL
value: {{ coalesce .Values.main.git.valuesDirectoryURL $valuesDirectoryURLFixed }}
- name: global.pattern
value: {{ .Release.Name }}
{{- if eq .Values.main.options.syncPolicy "Automatic" }}
syncPolicy:
automated: {}
{{- end }}argo defaults
helm chart
ArgoCD app
manifest
pattern defaults
local values
datacenter
openshift gitops
secrets
{{- $valuesDirectoryURL := cat .Values.main.git.repoURL "/raw/" .Values.main.git.revision -}}
{{- $valuesDirectoryURLFixed := $valuesDirectoryURL | replace " " "" | replace ".git" "" }}
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: {{ .Release.Name }}-{{ .Values.main.siteName }}
namespace: openshift-gitops
spec:
destination:
name: in-cluster
namespace: {{ .Values.main.siteName }}-gitops
project: default
source:
repoURL: {{ .Values.main.git.repoURL }}
targetRevision: {{ .Values.main.git.revision }}
path: common/site
helm:
valueFiles:
- "{{ coalesce .Values.main.git.valuesDirectoryURL $valuesDirectoryURLFixed }}/values-global.yaml"
- "{{ coalesce .Values.main.git.valuesDirectoryURL $valuesDirectoryURLFixed }}/values-{{ .Values.main.siteName }}.yaml"
# Track the progress of https://github.com/argoproj/argo-cd/pull/6280
parameters:
- name: global.repoURL
value: $ARGOCD_APP_SOURCE_REPO_URL
- name: global.targetRevision
value: $ARGOCD_APP_SOURCE_TARGET_REVISION
- name: global.namespace
value: $ARGOCD_APP_NAMESPACE
- name: global.valuesDirectoryURL
value: {{ coalesce .Values.main.git.valuesDirectoryURL $valuesDirectoryURLFixed }}
- name: global.pattern
value: {{ .Release.Name }}
{{- if eq .Values.main.options.syncPolicy "Automatic" }}
syncPolicy:
automated: {}
{{- end }}argo defaults
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: manufacturing-edge-ai-ml-datacenter
namespace: openshift-gitops
spec:
destination:
name: in-cluster
namespace: datacenter-gitops
project: default
source:
repoURL: https://github.com/cloud9-admin/manufacturing-edge-ai-ml.git
targetRevision: main
path: common/site
helm:
valueFiles:
- "https://github.com/cloud9-admin/manufacturing-edge-ai-ml/raw/main/values-global.yaml"
- "https://github.com/cloud9-admin/manufacturing-edge-ai-ml/raw/main/values-datacenter.yaml"
parameters:
- name: global.repoURL
value: $ARGOCD_APP_SOURCE_REPO_URL
- name: global.targetRevision
value: $ARGOCD_APP_SOURCE_TARGET_REVISION
- name: global.namespace
value: $ARGOCD_APP_NAMESPACE
- name: global.valuesDirectoryURL
value: https://github.com/cloud9-admin/manufacturing-edge-ai-ml/raw/main/
- name: global.pattern
value: manufacturing-edge-ai-ml
helm chart
ArgoCD app
manifest
pattern defaults
local values
datacenter
openshift gitops
secrets
{{- $valuesDirectoryURL := cat .Values.main.git.repoURL "/raw/" .Values.main.git.revision -}}
{{- $valuesDirectoryURLFixed := $valuesDirectoryURL | replace " " "" | replace ".git" "" }}
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: {{ .Release.Name }}-{{ .Values.main.siteName }}
namespace: openshift-gitops
spec:
destination:
name: in-cluster
namespace: {{ .Values.main.siteName }}-gitops
project: default
source:
repoURL: {{ .Values.main.git.repoURL }}
targetRevision: {{ .Values.main.git.revision }}
path: common/site
helm:
valueFiles:
- "{{ coalesce .Values.main.git.valuesDirectoryURL $valuesDirectoryURLFixed }}/values-global.yaml"
- "{{ coalesce .Values.main.git.valuesDirectoryURL $valuesDirectoryURLFixed }}/values-{{ .Values.main.siteName }}.yaml"
# Track the progress of https://github.com/argoproj/argo-cd/pull/6280
parameters:
- name: global.repoURL
value: $ARGOCD_APP_SOURCE_REPO_URL
- name: global.targetRevision
value: $ARGOCD_APP_SOURCE_TARGET_REVISION
- name: global.namespace
value: $ARGOCD_APP_NAMESPACE
- name: global.valuesDirectoryURL
value: {{ coalesce .Values.main.git.valuesDirectoryURL $valuesDirectoryURLFixed }}
- name: global.pattern
value: {{ .Release.Name }}
{{- if eq .Values.main.options.syncPolicy "Automatic" }}
syncPolicy:
automated: {}
{{- end }}argo defaults
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: manufacturing-edge-ai-ml-datacenter
namespace: openshift-gitops
spec:
destination:
name: in-cluster
namespace: datacenter-gitops
project: default
source:
repoURL: https://github.com/cloud9-admin/manufacturing-edge-ai-ml.git
targetRevision: main
path: common/site
helm:
valueFiles:
- "https://github.com/cloud9-admin/manufacturing-edge-ai-ml/raw/main/values-global.yaml"
- "https://github.com/cloud9-admin/manufacturing-edge-ai-ml/raw/main/values-datacenter.yaml"
parameters:
- name: global.repoURL
value: $ARGOCD_APP_SOURCE_REPO_URL
- name: global.targetRevision
value: $ARGOCD_APP_SOURCE_TARGET_REVISION
- name: global.namespace
value: $ARGOCD_APP_NAMESPACE
- name: global.valuesDirectoryURL
value: https://github.com/cloud9-admin/manufacturing-edge-ai-ml/raw/main/
- name: global.pattern
value: manufacturing-edge-ai-ml
helm chart
ArgoCD app
manifest
argo defaults
A collection of yaml files at the root of the Git Repo
helm chart
ArgoCD app
manifest
argo defaults
values-global.yaml
values-datacenter.yaml
values-factory.yaml
helm chart
ArgoCD app
manifest
values-global.yaml
values-datacenter.yaml
values-factory.yaml
Values common to the entire deployment
helm chart
ArgoCD app
manifest
values-global.yaml
values-datacenter.yaml
values-factory.yaml
Site specific configuration (namespaces, subscriptions, applications)
helm chart
ArgoCD app
manifest
values-global.yaml
values-datacenter.yaml
values-factory.yaml
global:
valuesDirectoryURL: https://github.com/beekhof/patterns/raw/main/
options:
useCSV: False
syncPolicy: Automatic
installPlanApproval: Automatic
git:
provider: github.com
account: beekhof
username: beekhof
email: abeekhof@redhat.com
dev_revision: main
quay:
provider: quay.io
account: abeekhof
datacenter:
domain: blueprints.rhecoeng.com
clustername: beekhof-gitopshelm chart
ArgoCD app
manifest
values-global.yaml
values-datacenter.yaml
values-factory.yaml
site:
name: datacenter
namespaces:
- open-cluster-management
- manuela-ml-workspace
- manuela-tst-all
- manuela-ci
- manuela-data-lake-central-s3-store
- manuela-data-lake-central-kafka-cluster
- staging
operatorgroupExcludes:
- manuela-ml-workspacehelm chart
ArgoCD app
manifest
values-global.yaml
values-datacenter.yaml
values-factory.yaml
site:
name: datacenter
...
subscriptions:
- name: advanced-cluster-management
namespace: open-cluster-management
channel: release-2.3
csv: advanced-cluster-management.v2.3.2
- name: seldon-operator
namespace: manuela-ml-workspace
source: community-operators
csv: seldon-operator.v1.7.0
- name: opendatahub-operator
source: community-operators
csv: opendatahub-operator.v1.1.0
- name: amq-streams
namespaces:
- manuela-data-lake-central-kafka-cluster
- manuela-tst-all
channel: amq-streams-1.7.x
csv: amqstreams.v1.7.1helm chart
ArgoCD app
manifest
values-global.yaml
values-datacenter.yaml
values-factory.yaml
site:
name: datacenter
...
applications:
- name: acm
namespace: open-cluster-management
project: datacenter
path: common/acm
- name: pipelines
namespace: manuela-ci
# repoURL: https://github.com/you/yourfork.git
project: datacenter
path: charts/datacenter/pipelines
- name: central-s3
namespace: manuela-data-lake-central-s3-store
project: datalake
path: charts/datacenter/central-s3-store
kustomize: True
- name: manuela-test
namespace: manuela-tst-all
project: datacenter
path: charts/datacenter/manuela-tst
plugin:
name: helm-with-kustomizehelm chart
ArgoCD app
manifest
values-global.yaml
values-datacenter.yaml
values-factory.yaml
site:
name: datacenter
...
managedSites:
- name: factory
helmOverrides:
clusterSelector:
# matchLabels:
# site: factory
matchExpressions:
- key: vendor
operator: In
values:
- OpenShifthelm chart
ArgoCD app
manifest
values-global.yaml
values-datacenter.yaml
values-factory.yaml
site:
name: factory
namespaces:
- manuela-stormshift-line-dashboard
- ...
subscriptions:
- name: opendatahub-operator
source: community-operators
csv: opendatahub-operator.v1.1.0
- ...
applications:
- name: datalake
project: factory
path: charts/factory/manuela-data-lake
- ...