pflaeging-net-public/devops-argocd
4
0
Fork 0
Code Issues Pull requests Projects Packages Wiki Activity
A project for GitOps management of ArgoCD resources
5 commits 1 branch 0 tags 33 KiB
Find a file
Exact
Peter Pflaeging 067fbc787a Add remarks
2023-01-04 14:16:28 +01:00
groups missing variables in group 2023-01-04 13:57:29 +01:00
projects refactor to plain from kustomize 2023-01-04 13:48:52 +01:00
templates missing variables in group 2023-01-04 13:57:29 +01:00
Configure.md Initial commit 2023-01-04 13:42:20 +01:00
example-argocd-projects-application.yaml add examples for ArgoCD Apps 2023-01-04 14:11:10 +01:00
example-groups-application.yaml add examples for ArgoCD Apps 2023-01-04 14:11:10 +01:00
Readme.md Add remarks 2023-01-04 14:16:28 +01:00

Readme.md

Use Argo CD as tool for continous deployment

Try the automated install based on

Comments:

  • Install the operator like mentioned in the explanation
  • OpenShift GitOps Operator: This will enable a GitOps instance in the namespace: openshift-gitops with the name default. This is for GitOps operations in your local cluster, but don't use it for normal DevOps work!
  • For both: After this you can enable an ArgoCD instance for GitOps works in the namespace infra-argocd.

Then you should consult Configure.md

Create AppProjects and Groups

Groups

For each ArgoCD project, three groups are created which are linked to the respective roles in the project.

  • gitops-{project-name}-admin
  • gitops-{project-name}-edit
  • gitops-{project-name}-view

These are normal OpenShift Group elements. Access rights on ArgoCD are based on Groups in OpenShift.

The Groups Resides in: ./groups Folder as plane yaml files (template is in templates/group.yaml). It's a good idea to let these groups be enabled automaticly via ArgoCD on each of your clusters (look at ./example-groups-application.yaml).

Sync these groups manual with oc apply -f ./groups or better with ArgoCD Application argo-groups

Attention: There's a special group "argo-admins". These are the ArgoCD Administrators

Projects

If you want to create a new project in ArgoCD the mechanism is easy:

  1. Create a new YAML object in ./projects (you can use templates/appproject.yaml as a base). Filename == Projectname
  2. Replace the Variabels ({project-name}, {project-description}, {requester},{namespaces/cluster list}) in the project file
  3. Sync settings with: oc apply -f ./projects or use an ArgoCD sync App (look at ./example-argocd-projects-application.yaml).

Remarks:

  • you can add multiple namespaeces and clusters in an AppProject
  • you can change the RBAC rules or add more roles, but this base set is an equivalent to the OpenShift / OKD roles
  • the best idea is to have the group rights in OpenShift / OKD in sync with the ArgoCD rights (use the same groups). But we've seen it sometimes make much sense to handle it differently liek here ;-)

Peter Pfläging peter@pflaeging.net