├── manifests ├── efk │ ├── install │ │ ├── clo-instance.yaml │ │ └── kustomization.yaml │ └── base │ │ ├── es-operatorgroup.yaml │ │ ├── clo-namespace.yaml │ │ ├── oor-namespace.yaml │ │ ├── clo-operatorgroup.yaml │ │ ├── clo-sub.yaml │ │ ├── kustomization.yaml │ │ ├── es-sub.yaml │ │ ├── clo-job-sa-rbac.yaml │ │ └── clo-instance.yaml └── rbac │ └── base │ ├── kustomization.yaml │ └── project-role-binding-bgd.yaml ├── cluster-config ├── projects │ └── base │ │ ├── kustomization.yaml │ │ └── bgdk-project.yaml ├── applications │ └── base │ │ ├── kustomization.yaml │ │ ├── bgdk-green-app.yaml │ │ ├── rbac.yaml │ │ └── efk.yaml └── config │ └── overlays │ └── default │ └── kustomization.yaml └── README.md /manifests/efk/install/clo-instance.yaml: -------------------------------------------------------------------------------- 1 | - op: replace 2 | path: /spec/logStore/elasticsearch/storage/storageClassName 3 | value: "gp2" 4 | -------------------------------------------------------------------------------- /cluster-config/projects/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - bgdk-project.yaml 6 | -------------------------------------------------------------------------------- /manifests/rbac/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - project-role-binding-bgd.yaml 6 | -------------------------------------------------------------------------------- /cluster-config/applications/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - efk.yaml 6 | - bgdk-green-app.yaml 7 | - rbac.yaml 8 | -------------------------------------------------------------------------------- /manifests/efk/base/es-operatorgroup.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | annotations: 5 | argocd.argoproj.io/sync-wave: "2" 6 | name: openshift-operators-redhat 7 | namespace: openshift-operators-redhat 8 | spec: {} 9 | -------------------------------------------------------------------------------- /manifests/efk/base/clo-namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-logging 5 | annotations: 6 | argocd.argoproj.io/sync-wave: "1" 7 | openshift.io/node-selector: "" 8 | labels: 9 | openshift.io/cluster-monitoring: "true" 10 | -------------------------------------------------------------------------------- /manifests/efk/base/oor-namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openshift-operators-redhat 5 | annotations: 6 | argocd.argoproj.io/sync-wave: "0" 7 | openshift.io/node-selector: "" 8 | labels: 9 | openshift.io/cluster-monitoring: "true" 10 | -------------------------------------------------------------------------------- /manifests/efk/install/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../base 3 | patchesJson6902: 4 | - target: 5 | version: v1 6 | group: logging.openshift.io 7 | kind: ClusterLogging 8 | namespace: openshift-logging 9 | name: instance 10 | path: clo-instance.yaml 11 | -------------------------------------------------------------------------------- /manifests/efk/base/clo-operatorgroup.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | annotations: 5 | argocd.argoproj.io/sync-wave: "4" 6 | name: cluster-logging 7 | namespace: openshift-logging 8 | spec: 9 | targetNamespaces: 10 | - openshift-logging 11 | -------------------------------------------------------------------------------- /cluster-config/config/overlays/default/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | namespace: openshift-gitops 5 | 6 | bases: 7 | - github.com/christianh814/openshift-cluster-config/cluster-config/config/overlays/default 8 | - ../../../applications/base 9 | - ../../../projects/base 10 | -------------------------------------------------------------------------------- /manifests/efk/base/clo-sub.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: Subscription 3 | metadata: 4 | annotations: 5 | argocd.argoproj.io/sync-wave: "5" 6 | name: cluster-logging 7 | namespace: openshift-logging 8 | spec: 9 | channel: "5.0" 10 | name: cluster-logging 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | -------------------------------------------------------------------------------- /manifests/rbac/base/project-role-binding-bgd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | creationTimestamp: null 5 | name: edit 6 | namespace: bgd 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: ClusterRole 10 | name: edit 11 | subjects: 12 | - apiGroup: rbac.authorization.k8s.io 13 | kind: Group 14 | name: marketing 15 | -------------------------------------------------------------------------------- /manifests/efk/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | commonAnnotations: 4 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 5 | resources: 6 | - clo-instance.yaml 7 | - clo-job-sa-rbac.yaml 8 | - clo-namespace.yaml 9 | - clo-operatorgroup.yaml 10 | - clo-sub.yaml 11 | - es-operatorgroup.yaml 12 | - es-sub.yaml 13 | - oor-namespace.yaml 14 | -------------------------------------------------------------------------------- /manifests/efk/base/es-sub.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: Subscription 3 | metadata: 4 | annotations: 5 | argocd.argoproj.io/sync-wave: "3" 6 | name: "elasticsearch-operator" 7 | namespace: "openshift-operators-redhat" 8 | spec: 9 | channel: "5.0" 10 | installPlanApproval: "Automatic" 11 | source: "redhat-operators" 12 | sourceNamespace: "openshift-marketplace" 13 | name: "elasticsearch-operator" 14 | -------------------------------------------------------------------------------- /cluster-config/applications/base/bgdk-green-app.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: bgdk-green-app 5 | spec: 6 | destination: 7 | namespace: bgd 8 | server: https://kubernetes.default.svc 9 | project: bgdk 10 | source: 11 | path: bgdk/overlays/cluster2 12 | repoURL: https://github.com/christianh814/gitops-examples 13 | targetRevision: master 14 | syncPolicy: 15 | automated: 16 | prune: true 17 | selfHeal: true 18 | -------------------------------------------------------------------------------- /cluster-config/applications/base/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: config-rbac-expand 5 | spec: 6 | destination: 7 | namespace: openshift-gitops 8 | server: https://kubernetes.default.svc 9 | project: cluster-config 10 | source: 11 | path: manifests/rbac/base 12 | repoURL: https://github.com/christianh814/openshift-cluster-config-expand 13 | targetRevision: master 14 | syncPolicy: 15 | automated: 16 | prune: true 17 | selfHeal: true 18 | -------------------------------------------------------------------------------- /cluster-config/projects/base/bgdk-project.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: AppProject 3 | metadata: 4 | name: bgdk 5 | spec: 6 | clusterResourceWhitelist: 7 | - group: '*' 8 | kind: '*' 9 | destinations: 10 | - namespace: '*' 11 | server: '*' 12 | sourceRepos: 13 | - '*' 14 | roles: 15 | - description: Marketing get view and sync 16 | name: marketing 17 | policies: 18 | - p, role:marketing, applications, get, bgdk/*, allow 19 | - p, role:marketing, applications, sync, bgdk/*, allow 20 | - p, role:marketing, projects, get, bgdk, allow 21 | -------------------------------------------------------------------------------- /manifests/efk/base/clo-job-sa-rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | annotations: 5 | argocd.argoproj.io/sync-wave: "1" 6 | name: cli-job-sa-role 7 | rules: 8 | - apiGroups: 9 | - logging.openshift.io 10 | - apiextensions.k8s.io 11 | resources: 12 | - clusterloggings 13 | - customresourcedefinitions 14 | verbs: 15 | - get 16 | - list 17 | --- 18 | apiVersion: rbac.authorization.k8s.io/v1 19 | kind: ClusterRoleBinding 20 | metadata: 21 | name: cli-job-sa-rolebinding 22 | annotations: 23 | argocd.argoproj.io/sync-wave: "1" 24 | roleRef: 25 | apiGroup: rbac.authorization.k8s.io 26 | kind: ClusterRole 27 | name: cli-job-sa-role 28 | subjects: 29 | - kind: ServiceAccount 30 | name: cli-job-sa 31 | namespace: openshift-logging 32 | -------------------------------------------------------------------------------- /cluster-config/applications/base/efk.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: config-efk 5 | spec: 6 | destination: 7 | namespace: openshift-gitops 8 | server: https://kubernetes.default.svc 9 | project: cluster-config 10 | source: 11 | path: manifests/efk/install 12 | repoURL: https://github.com/christianh814/openshift-cluster-config-expand 13 | targetRevision: master 14 | syncPolicy: 15 | automated: 16 | prune: true 17 | selfHeal: true 18 | retry: 19 | limit: 15 # number of failed sync attempt retries; unlimited number of attempts if less than 0 20 | backoff: 21 | duration: 15s # the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h") 22 | factor: 2 # a factor to multiply the base duration after each failed retry 23 | maxDuration: 5m # the maximum amount of time allowed for the backoff strategy 24 | -------------------------------------------------------------------------------- /manifests/efk/base/clo-instance.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "logging.openshift.io/v1" 2 | kind: "ClusterLogging" 3 | metadata: 4 | annotations: 5 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 6 | argocd.argoproj.io/sync-wave: "7" 7 | name: "instance" 8 | namespace: "openshift-logging" 9 | spec: 10 | managementState: "Managed" 11 | logStore: 12 | type: "elasticsearch" 13 | retentionPolicy: 14 | application: 15 | maxAge: 2d 16 | infra: 17 | maxAge: 7d 18 | audit: 19 | maxAge: 7d 20 | elasticsearch: 21 | nodeCount: 3 22 | storage: 23 | storageClassName: "PATCH_ME" 24 | size: 200G 25 | redundancyPolicy: "SingleRedundancy" 26 | resources: {} 27 | visualization: 28 | type: "kibana" 29 | kibana: 30 | replicas: 1 31 | curation: 32 | type: "curator" 33 | curator: 34 | schedule: "30 3 * * *" 35 | collection: 36 | logs: 37 | type: "fluentd" 38 | fluentd: {} 39 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Openshift Cluster Config Expanded 2 | Setting up an OpenShift cluster using Kustomize and ArgoCD by using [openshift-cluster-config](https://github.com/christianh814/openshift-cluster-config) as a base 3 | 4 | This is to show you can load in core components from one repo and use `kustomize` to modify it/add to it for your specifc cluster with anotherin a GitOps method of managing clusters. 5 | 6 | This repo sets up OpenShift with Day 2 thingys via Argo CD. It also uses Dex for Authentication with OpenShift. 7 | 8 | ## Installing ArgoCD 9 | 10 | Install Argo CD via the Operator Hub as described in the [cluster config repo](https://github.com/christianh814/openshift-cluster-config#installing-argocd) 11 | 12 | ## Deploying this Repo 13 | 14 | To configure your cluster to this repo run 15 | 16 | ``` 17 | oc apply -k https://github.com/christianh814/openshift-cluster-config-expand/cluster-config/config/overlays/default 18 | ``` 19 | 20 | This will configure your server with the following. 21 | 22 | Everything Mentioned in the [OpenShift Cluster Config repo](https://github.com/christianh814/openshift-cluster-config#deploying-this-repo) is [included in this repo](cluster-config/config/overlays/default/kustomization.yaml#L7) (as to not duplicate YAML). 23 | 24 | This repo adds the additional settings/configs/apps... 25 | 26 | * Deploying the EFK stack via OLM 27 | * Assumes you have [big enough](https://docs.openshift.com/container-platform/latest/logging/cluster-logging-deploying.html#cluster-logging-deploy-console_cluster-logging-deploying) workers 28 | * Assumes you're on AWS using [`gp2`](manifests/efk/install/clo-instance.yaml#L3) as your `storageClass` 29 | * Deploys an app called BGD into the `bgd` namespace 30 | * The `marketing` group has `edit` access to this namespace 31 | * ArgoCD 32 | * The `marketing` group can sync the `bgdk-green-app` application in the `bgdk` project. 33 | 34 | ## Making Changes 35 | 36 | Either a PR to this repo or the [OpenShift Cluster Config repo](https://github.com/christianh814/openshift-cluster-config)...it's GitOps! 37 | --------------------------------------------------------------------------------