├── .gitignore
├── doc
├── images
│ ├── ztp.png
│ ├── oc-cli.png
│ ├── 15n-repos.gif
│ ├── monorepo.png
│ ├── otp-logo.png
│ ├── polyrepo.png
│ ├── hubandspoke.png
│ ├── github-webhook.png
│ ├── polyrepo-hubspoke.png
│ ├── github-token-scope.png
│ ├── polyrepo-manytomany.png
│ ├── automate-the-plumbing.png
│ ├── automation-deployment.png
│ ├── importclustersexample.png
│ ├── git-repo-template-button.png
│ └── importedclusterfinished.png
├── ibm-infra-automation.md
├── oas.md
├── usage.md
├── ipi-options.md
├── auto-discovery-and-import.md
├── hibernating-clusters.md
├── hubandspoke-concepts.md
└── upi-options.md
├── setup
├── hashicorp-vault-chart
│ ├── namespace.yaml
│ └── kustomization.yaml
├── CHANGELOG.md
├── external-secrets-operator
│ ├── kustomization.yaml
│ ├── base
│ │ ├── kustomization.yaml
│ │ └── subscription.yaml
│ └── overlays
│ │ ├── alpha
│ │ └── kustomization.yaml
│ │ └── stable
│ │ └── kustomization.yaml
├── external-secrets-instance
│ ├── kustomization.yaml
│ ├── base
│ │ ├── kustomization.yaml
│ │ └── operator-config.yaml
│ └── overlays
│ │ └── default
│ │ ├── kustomization.yaml
│ │ └── cluster-secret-store.yaml
├── argocd-operator
│ ├── namespace.yaml
│ ├── kustomization.yaml
│ ├── subscription.yaml
│ └── clusterrolebinding.yaml
└── argocd-instance
│ ├── resource-customizations
│ ├── ocs.yaml
│ ├── rhacs.yaml
│ ├── argocd.yaml
│ ├── ansible-automation-platform.yaml
│ ├── external-secrets.yaml
│ ├── operators.yaml
│ ├── kubevirt.yaml
│ ├── openshift.yaml
│ └── k8s.yaml
│ ├── kustomization.yaml
│ └── argocd-cm.yaml
├── scripts
├── git-add-commit-push.sh
└── patch-argocd-tls.sh
└── 0-bootstrap
├── hub
├── 1-infra
│ └── argocd
│ │ ├── namespaces
│ │ ├── namespace-ibm-cp4mcm.yaml
│ │ ├── namespace-sso.yaml
│ │ ├── namespace-openshift-acs.yaml
│ │ ├── namespace-tools.yaml
│ │ ├── namespace-cloudpak.yaml
│ │ ├── namespace-openldap.yaml
│ │ ├── namespace-turbonomic.yaml
│ │ ├── namespace-istio-system.yaml
│ │ ├── namespace-cert-manager.yaml
│ │ ├── namespace-instana-agent.yaml
│ │ ├── namespace-quay-registry.yaml
│ │ ├── namespace-openshift-operators-redhat.yaml
│ │ ├── namespace-rhacm-policies.yaml
│ │ ├── namespace-sealed-secrets.yaml
│ │ ├── namespace-external-secrets.yaml
│ │ ├── namespace-sso-integration.yaml
│ │ ├── namespace-openshift-storage.yaml
│ │ ├── namespace-rhacm-clusterpools.yaml
│ │ ├── namespace-ibm-common-services.yaml
│ │ ├── namespace-rhacm-clusterclaims.yaml
│ │ ├── namespace-ibm-infra-automation.yaml
│ │ ├── namespace-openshift-local-storage.yaml
│ │ ├── namespace-openshift-virtualization.yaml
│ │ ├── namespace-openshift-acm.yaml
│ │ ├── namespace-metal-provisioner.yaml
│ │ ├── namespace-rhacm-credentials.yaml
│ │ ├── namespace-ansible-automation-platform.yaml
│ │ ├── namespace-openshift-virtualization-os-images.yaml
│ │ ├── namespace-openshift-acm-observability.yaml
│ │ └── namespace-openshift-virtualization-virtual-machines.yaml
│ │ ├── rbac
│ │ ├── rbac-rhacm.yaml
│ │ ├── rbac-external-secrets.yaml
│ │ └── rbac-openshift-virtualization.yaml
│ │ ├── consolelink.yaml
│ │ ├── machine-configs
│ │ ├── machine-configs-workers.yaml
│ │ └── machine-configs-control-planes.yaml
│ │ ├── storage-odf.yaml
│ │ ├── storage-local-odf.yaml
│ │ ├── machinepools.yaml
│ │ ├── machinesets.yaml
│ │ ├── consolenotification.yaml
│ │ └── infraconfig.yaml
├── 2-services
│ └── argocd
│ │ ├── instances
│ │ ├── cert-manager.yaml
│ │ ├── grafana-instance.yaml
│ │ ├── hashicorp-vault.yaml
│ │ ├── ibm-cp4mcm-instance.yaml
│ │ ├── openshift-acs-instance.yaml
│ │ ├── external-secrets.yaml
│ │ ├── rhsso-integration-argocd-instance.yaml
│ │ ├── openshift-service-mesh-instance.yaml
│ │ ├── rhsso-instance.yaml
│ │ ├── ibm-infra-automation-instance.yaml
│ │ ├── openshift-virtualization-instance.yaml
│ │ ├── rhsso-integration-preprocessing-instance.yaml
│ │ ├── ibm-common-services-mcm-instance.yaml
│ │ ├── openshift-acm-cim.yaml
│ │ ├── rhsso-integration-hub-instance.yaml
│ │ ├── ansible-automation-platform-hub-instance.yaml
│ │ ├── quay-registry-instance.yaml
│ │ ├── ansible-automation-platform-controller-instance.yaml
│ │ ├── openshift-acm-instance.yaml
│ │ ├── openshift-gitopscluster-instance.yaml
│ │ ├── openshift-acm-discovery-service.yaml
│ │ ├── openshift-acm-observability-instance.yaml
│ │ ├── ibm-foundational-services-instance.yaml
│ │ ├── rhsso-integration-managed-clusters.yaml
│ │ └── sealed-secrets.yaml
│ │ └── operators
│ │ ├── ironic.yaml
│ │ ├── rhsso-operator.yaml
│ │ ├── turbonomic.yaml
│ │ ├── cert-manager.yaml
│ │ ├── quay-registry.yaml
│ │ ├── kiali.yaml
│ │ ├── baremetal-operator.yaml
│ │ ├── jaeger.yaml
│ │ ├── openshift-acm.yaml
│ │ ├── openshift-acs-operator.yaml
│ │ ├── openshift-gitops.yaml
│ │ ├── quay-bridge-operator.yaml
│ │ ├── external-secrets.yaml
│ │ ├── openshift-pipelines.yaml
│ │ ├── ibm-cp4mcm-operator.yaml
│ │ ├── elasticsearch.yaml
│ │ ├── quay-container-security.yaml
│ │ ├── openshift-service-mesh.yaml
│ │ ├── openshift-virtualization.yaml
│ │ ├── ibm-common-services-mcm.yaml
│ │ ├── ibm-infra-automation-operator.yaml
│ │ ├── ansible-automation-platform-operator.yaml
│ │ ├── grafana-operator.yaml
│ │ ├── ibm-foundations.yaml
│ │ ├── ibm-automation-foundation-core-operator.yaml
│ │ └── ibm-automation-foundation-operator.yaml
├── 4-clusters
│ ├── argocd
│ │ ├── machinepools
│ │ │ └── machinepools.yaml
│ │ ├── infra
│ │ │ └── providers
│ │ │ │ └── rhacm
│ │ │ │ ├── aws
│ │ │ │ ├── sealed-secrets
│ │ │ │ │ └── aws.yaml
│ │ │ │ └── external-secrets
│ │ │ │ │ └── aws.yaml
│ │ │ │ ├── azure
│ │ │ │ ├── sealed-secrets
│ │ │ │ │ └── azure.yaml
│ │ │ │ └── external-secrets
│ │ │ │ │ └── azure.yaml
│ │ │ │ ├── rhocm
│ │ │ │ └── sealed-secrets
│ │ │ │ │ └── rhocm.yaml
│ │ │ │ └── vsphere
│ │ │ │ └── sealed-secrets
│ │ │ │ └── vsphere.yaml
│ │ ├── clusters
│ │ │ ├── prod
│ │ │ │ ├── vsphere
│ │ │ │ │ └── vsphere-prod.yaml
│ │ │ │ ├── aws
│ │ │ │ │ └── aws-prod
│ │ │ │ │ │ └── aws-prod.yaml
│ │ │ │ └── azure
│ │ │ │ │ └── azure-prod
│ │ │ │ │ └── azure-prod.yaml
│ │ │ ├── test
│ │ │ │ └── vsphere
│ │ │ │ │ └── vsphere-test.yaml
│ │ │ ├── dev
│ │ │ │ ├── aws
│ │ │ │ │ └── aws-dev
│ │ │ │ │ │ └── aws-dev.yaml
│ │ │ │ └── hcp
│ │ │ │ │ └── hcp-dev
│ │ │ │ │ └── hcp-dev.yaml
│ │ │ └── cicd
│ │ │ │ ├── aws
│ │ │ │ └── aws-cicd
│ │ │ │ │ └── aws-cicd.yaml
│ │ │ │ └── azure
│ │ │ │ └── azure-cicd
│ │ │ │ └── azure-cicd.yaml
│ │ ├── storage
│ │ │ └── storage.yaml
│ │ ├── submariner
│ │ │ ├── configure-azure.yaml
│ │ │ ├── add-existing-clusters.yaml
│ │ │ └── deploy-submariner.yaml
│ │ ├── clusterclaims
│ │ │ ├── cicd
│ │ │ │ └── aws
│ │ │ │ │ └── project-cicd.yaml
│ │ │ ├── dev
│ │ │ │ └── aws
│ │ │ │ │ └── project-simple.yaml
│ │ │ ├── test
│ │ │ │ └── aws
│ │ │ │ │ └── project-easy.yaml
│ │ │ ├── prod
│ │ │ │ └── aws
│ │ │ │ │ └── project-simple.yaml
│ │ │ └── TEMPLATE
│ │ │ │ └── TEMPLATE-CLOUD
│ │ │ │ └── TEMPLATE-APP.yaml
│ │ └── clusterpools
│ │ │ ├── t-shirt-sizing
│ │ │ ├── medium.yaml
│ │ │ ├── large.yaml
│ │ │ └── small.yaml
│ │ │ ├── prod
│ │ │ └── aws
│ │ │ │ └── aws-prod-pool
│ │ │ │ └── aws-prod-pool.yaml
│ │ │ ├── dev
│ │ │ └── aws
│ │ │ │ └── aws-dev-pool
│ │ │ │ └── aws-dev-pool.yaml
│ │ │ ├── cicd
│ │ │ ├── aws
│ │ │ │ └── aws-cicd-pool
│ │ │ │ │ └── aws-cicd-pool.yaml
│ │ │ └── azure
│ │ │ │ └── azure-cicd-pool
│ │ │ │ └── azure-cicd-pool.yaml
│ │ │ └── test
│ │ │ └── aws
│ │ │ └── aws-test-pool
│ │ │ └── aws-test-pool.yaml
│ └── 4-clusters.yaml
├── 5-apps
│ ├── argocd
│ │ ├── cloudpaks
│ │ │ └── cp4i
│ │ │ │ └── cp4i.yaml
│ │ ├── vault
│ │ │ └── vault.yaml
│ │ ├── pipelines
│ │ │ ├── tekton-mcm-gitops.yaml
│ │ │ └── tekton-mcm-providers.yaml
│ │ ├── cluster-services
│ │ │ ├── cert-manager
│ │ │ │ └── cert-manager.yaml
│ │ │ └── amazon-cloudwatch
│ │ │ │ └── amazon-cloudwatch.yaml
│ │ └── virtual-machines
│ │ │ └── instana
│ │ │ └── instana-vm.yaml
│ ├── kustomization.yaml
│ └── 5-apps.yaml
├── 3-policies
│ ├── argocd
│ │ └── otp-policies
│ │ │ ├── deploy-lso
│ │ │ └── deploy-lso.yaml
│ │ │ ├── deploy-odf
│ │ │ └── deploy-odf.yaml
│ │ │ ├── deploy-placement-bindings
│ │ │ └── deploy-placement-bindings.yaml
│ │ │ ├── deploy-placement-rules
│ │ │ └── deploy-placement-rules.yaml
│ │ │ ├── deploy-openshift-gitops
│ │ │ └── deploy-openshift-gitops.yaml
│ │ │ ├── deploy-openshift-serverless
│ │ │ └── deploy-openshift-serverless.yaml
│ │ │ ├── deploy-aws-managed-cluster-infra-nodes
│ │ │ └── deploy-aws-managed-cluster-infra-nodes.yaml
│ │ │ └── deploy-aws-managed-cluster-storage-nodes
│ │ │ └── deploy-aws-managed-cluster-storage-nodes.yaml
│ ├── 3-policies.yaml
│ └── kustomization.yaml
└── bootstrap.yaml
└── spokeclusters
├── cicd
└── project-cicd
│ ├── 3-apps
│ ├── kustomization.yaml
│ ├── argocd
│ │ └── cloudpaks
│ │ │ └── cp4i
│ │ │ └── cp4i.yaml
│ └── 3-apps.yaml
│ ├── bootstrap.yaml
│ ├── 1-infra
│ ├── argocd
│ │ └── namespaces
│ │ │ ├── namespace-sealed-secrets.yaml
│ │ │ ├── namespace-openshift-storage.yaml
│ │ │ └── namespace-openshift-compliance.yaml
│ ├── kustomization.yaml
│ └── 1-infra.yaml
│ ├── 2-services
│ ├── argocd
│ │ └── operators
│ │ │ └── openshift-compliance-operator.yaml
│ ├── kustomization.yaml
│ └── 2-services.yaml
│ └── kustomization.yaml
├── dev
└── project-simple
│ ├── 3-apps
│ ├── kustomization.yaml
│ ├── argocd
│ │ └── cloudpaks
│ │ │ └── cp4i
│ │ │ └── cp4i.yaml
│ └── 3-apps.yaml
│ ├── bootstrap.yaml
│ ├── 1-infra
│ ├── argocd
│ │ └── namespaces
│ │ │ ├── namespace-sealed-secrets.yaml
│ │ │ ├── namespace-openshift-storage.yaml
│ │ │ └── namespace-openshift-compliance.yaml
│ ├── kustomization.yaml
│ └── 1-infra.yaml
│ ├── 2-services
│ ├── argocd
│ │ └── operators
│ │ │ └── openshift-compliance-operator.yaml
│ ├── kustomization.yaml
│ └── 2-services.yaml
│ └── kustomization.yaml
├── prod
└── project-simple
│ ├── 3-apps
│ ├── kustomization.yaml
│ ├── argocd
│ │ └── cloudpaks
│ │ │ └── cp4i
│ │ │ └── cp4i.yaml
│ └── 3-apps.yaml
│ ├── bootstrap.yaml
│ ├── 1-infra
│ ├── argocd
│ │ └── namespaces
│ │ │ ├── namespace-sealed-secrets.yaml
│ │ │ ├── namespace-openshift-storage.yaml
│ │ │ └── namespace-openshift-compliance.yaml
│ ├── kustomization.yaml
│ └── 1-infra.yaml
│ ├── 2-services
│ ├── argocd
│ │ ├── instances
│ │ │ └── sysflow.yaml
│ │ └── operators
│ │ │ └── openshift-compliance-operator.yaml
│ ├── kustomization.yaml
│ └── 2-services.yaml
│ └── kustomization.yaml
└── test
└── project-easy
├── 3-apps
├── kustomization.yaml
├── argocd
│ └── cloudpaks
│ │ └── cp4i
│ │ └── cp4i.yaml
└── 3-apps.yaml
├── bootstrap.yaml
├── 1-infra
├── argocd
│ └── namespaces
│ │ ├── namespace-sealed-secrets.yaml
│ │ ├── namespace-openshift-storage.yaml
│ │ └── namespace-openshift-compliance.yaml
├── kustomization.yaml
└── 1-infra.yaml
├── 2-services
├── argocd
│ └── operators
│ │ └── openshift-compliance-operator.yaml
├── kustomization.yaml
└── 2-services.yaml
└── kustomization.yaml
/.gitignore:
--------------------------------------------------------------------------------
1 | local/*
2 | .idea
3 | .vscode
4 | .DS_Store
5 | *.orig
--------------------------------------------------------------------------------
/doc/images/ztp.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/one-touch-provisioning/otp-gitops/HEAD/doc/images/ztp.png
--------------------------------------------------------------------------------
/doc/images/oc-cli.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/one-touch-provisioning/otp-gitops/HEAD/doc/images/oc-cli.png
--------------------------------------------------------------------------------
/doc/images/15n-repos.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/one-touch-provisioning/otp-gitops/HEAD/doc/images/15n-repos.gif
--------------------------------------------------------------------------------
/doc/images/monorepo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/one-touch-provisioning/otp-gitops/HEAD/doc/images/monorepo.png
--------------------------------------------------------------------------------
/doc/images/otp-logo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/one-touch-provisioning/otp-gitops/HEAD/doc/images/otp-logo.png
--------------------------------------------------------------------------------
/doc/images/polyrepo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/one-touch-provisioning/otp-gitops/HEAD/doc/images/polyrepo.png
--------------------------------------------------------------------------------
/setup/hashicorp-vault-chart/namespace.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: vault
--------------------------------------------------------------------------------
/doc/images/hubandspoke.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/one-touch-provisioning/otp-gitops/HEAD/doc/images/hubandspoke.png
--------------------------------------------------------------------------------
/setup/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | ## 0.0.2 (2022-05-04)
2 |
3 | ### Refactor
4 |
5 | - move cluster setup steps to its own folder
6 |
--------------------------------------------------------------------------------
/doc/images/github-webhook.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/one-touch-provisioning/otp-gitops/HEAD/doc/images/github-webhook.png
--------------------------------------------------------------------------------
/doc/images/polyrepo-hubspoke.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/one-touch-provisioning/otp-gitops/HEAD/doc/images/polyrepo-hubspoke.png
--------------------------------------------------------------------------------
/doc/images/github-token-scope.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/one-touch-provisioning/otp-gitops/HEAD/doc/images/github-token-scope.png
--------------------------------------------------------------------------------
/doc/images/polyrepo-manytomany.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/one-touch-provisioning/otp-gitops/HEAD/doc/images/polyrepo-manytomany.png
--------------------------------------------------------------------------------
/doc/images/automate-the-plumbing.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/one-touch-provisioning/otp-gitops/HEAD/doc/images/automate-the-plumbing.png
--------------------------------------------------------------------------------
/doc/images/automation-deployment.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/one-touch-provisioning/otp-gitops/HEAD/doc/images/automation-deployment.png
--------------------------------------------------------------------------------
/doc/images/importclustersexample.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/one-touch-provisioning/otp-gitops/HEAD/doc/images/importclustersexample.png
--------------------------------------------------------------------------------
/doc/images/git-repo-template-button.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/one-touch-provisioning/otp-gitops/HEAD/doc/images/git-repo-template-button.png
--------------------------------------------------------------------------------
/doc/images/importedclusterfinished.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/one-touch-provisioning/otp-gitops/HEAD/doc/images/importedclusterfinished.png
--------------------------------------------------------------------------------
/setup/external-secrets-operator/kustomization.yaml:
--------------------------------------------------------------------------------
1 | kind: Kustomization
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 |
4 | bases:
5 | - overlays/stable
--------------------------------------------------------------------------------
/setup/external-secrets-instance/kustomization.yaml:
--------------------------------------------------------------------------------
1 | kind: Kustomization
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 |
4 | bases:
5 | - overlays/default
6 |
--------------------------------------------------------------------------------
/setup/external-secrets-operator/base/kustomization.yaml:
--------------------------------------------------------------------------------
1 | kind: Kustomization
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 |
4 | resources:
5 | - subscription.yaml
--------------------------------------------------------------------------------
/setup/argocd-operator/namespace.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | labels:
5 | openshift.io/cluster-monitoring: "true"
6 | name: openshift-gitops
--------------------------------------------------------------------------------
/setup/hashicorp-vault-chart/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 |
4 | resources:
5 | - namespace.yaml
6 | - chart.yaml
--------------------------------------------------------------------------------
/setup/external-secrets-instance/base/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 |
4 | namespace: external-secrets
5 |
6 | resources:
7 | - operator-config.yaml
--------------------------------------------------------------------------------
/doc/ibm-infra-automation.md:
--------------------------------------------------------------------------------
1 | # Managing IaaS Providers within IBM Infrastructure Automation
2 |
3 | * Details to follow
4 |
5 | (back to main)
--------------------------------------------------------------------------------
/setup/argocd-operator/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 |
4 | resources:
5 | - namespace.yaml
6 | - subscription.yaml
7 | - clusterrole.yaml
8 | - clusterrolebinding.yaml
--------------------------------------------------------------------------------
/setup/external-secrets-instance/overlays/default/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 |
4 | namespace: external-secrets
5 |
6 | bases:
7 | - ../../base
8 |
9 | resources:
10 | - cluster-secret-store.yaml
--------------------------------------------------------------------------------
/doc/oas.md:
--------------------------------------------------------------------------------
1 | # OpenShift Assisted Services - Installation Options
2 |
3 | Using either the Red Hat Hybrid Cloud Console or run the OpenShift Assisted Service locally to deploy an OpenShift cluster.
4 |
5 | (back to main)
--------------------------------------------------------------------------------
/scripts/git-add-commit-push.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | set -euo pipefail
4 |
5 | SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
6 | ROOTDIR="$(cd ${SCRIPTDIR}/..; pwd )"
7 | [[ -n "${DEBUG:-}" ]] && set -x
8 |
9 | if ! [ -z ${GIT+x} ]; then
10 | git add .
11 | git commit -m "${GIT_MESSAGE}"
12 | git push
13 | fi
14 |
--------------------------------------------------------------------------------
/setup/external-secrets-instance/base/operator-config.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: operator.external-secrets.io/v1alpha1
2 | kind: OperatorConfig
3 | metadata:
4 | name: cluster
5 | spec:
6 | prometheus:
7 | enabled: true
8 | service:
9 | port: 8080
10 | resources:
11 | requests:
12 | cpu: 10m
13 | memory: 96Mi
14 | limits:
15 | cpu: 100m
16 | memory: 256Mi
--------------------------------------------------------------------------------
/setup/external-secrets-operator/base/subscription.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: operators.coreos.com/v1alpha1
2 | kind: Subscription
3 | metadata:
4 | name: external-secrets-operator
5 | namespace: openshift-operators
6 | spec:
7 | channel: patch-me-in-overlay
8 | installPlanApproval: Automatic
9 | name: external-secrets-operator
10 | source: community-operators
11 | sourceNamespace: openshift-marketplace
--------------------------------------------------------------------------------
/setup/external-secrets-operator/overlays/alpha/kustomization.yaml:
--------------------------------------------------------------------------------
1 | kind: Kustomization
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 |
4 | namespace: openshift-operators
5 |
6 | bases:
7 | - ../../base
8 |
9 | patches:
10 | - target:
11 | kind: Subscription
12 | name: external-secrets-operator
13 | patch: |-
14 | - op: replace
15 | path: /spec/channel
16 | value: 'alpha'
--------------------------------------------------------------------------------
/setup/external-secrets-operator/overlays/stable/kustomization.yaml:
--------------------------------------------------------------------------------
1 | kind: Kustomization
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 |
4 | namespace: openshift-operators
5 |
6 | bases:
7 | - ../../base
8 |
9 | patches:
10 | - target:
11 | kind: Subscription
12 | name: external-secrets-operator
13 | patch: |-
14 | - op: replace
15 | path: /spec/channel
16 | value: 'stable'
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/namespaces/namespace-ibm-cp4mcm.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: namespace-ibm-cp4mcm
5 | labels:
6 | gitops.tier.layer: infra
7 | annotations:
8 | argocd.argoproj.io/sync-wave: "100"
9 | spec:
10 | destination:
11 | namespace: ibm-cp4mcm
12 | server: https://kubernetes.default.svc
13 | project: infra
14 | source:
15 | path: namespaces/ibm-cp4mcm
16 | syncPolicy:
17 | automated:
18 | prune: true
19 | selfHeal: true
20 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/cicd/project-cicd/3-apps/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | ## Deploy Applications to Managed Clusters
3 | #- argocd/cloudpaks/cp4i/cp4i.yaml
4 |
5 | patches:
6 | - target:
7 | group: argoproj.io
8 | kind: Application
9 | labelSelector: "gitops.tier.layer=applications"
10 | patch: |-
11 | - op: add
12 | path: /spec/source/repoURL
13 | value: https://github.com/one-touch-provisioning/otp-gitops-apps.git
14 | - op: add
15 | path: /spec/source/targetRevision
16 | value: master
17 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/dev/project-simple/3-apps/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | ## Deploy Applications to Managed Clusters
3 | #- argocd/cloudpaks/cp4i/cp4i.yaml
4 |
5 | patches:
6 | - target:
7 | group: argoproj.io
8 | kind: Application
9 | labelSelector: "gitops.tier.layer=applications"
10 | patch: |-
11 | - op: add
12 | path: /spec/source/repoURL
13 | value: https://github.com/one-touch-provisioning/otp-gitops-apps.git
14 | - op: add
15 | path: /spec/source/targetRevision
16 | value: master
17 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/prod/project-simple/3-apps/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | ## Deploy Applications to Managed Clusters
3 | #- argocd/cloudpaks/cp4i/cp4i.yaml
4 |
5 | patches:
6 | - target:
7 | group: argoproj.io
8 | kind: Application
9 | labelSelector: "gitops.tier.layer=applications"
10 | patch: |-
11 | - op: add
12 | path: /spec/source/repoURL
13 | value: https://github.com/one-touch-provisioning/otp-gitops-apps.git
14 | - op: add
15 | path: /spec/source/targetRevision
16 | value: master
17 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/test/project-easy/3-apps/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | ## Deploy Applications to Managed Clusters
3 | #- argocd/cloudpaks/cp4i/cp4i.yaml
4 |
5 | patches:
6 | - target:
7 | group: argoproj.io
8 | kind: Application
9 | labelSelector: "gitops.tier.layer=applications"
10 | patch: |-
11 | - op: add
12 | path: /spec/source/repoURL
13 | value: https://github.com/one-touch-provisioning/otp-gitops-apps.git
14 | - op: add
15 | path: /spec/source/targetRevision
16 | value: master
17 |
--------------------------------------------------------------------------------
/setup/external-secrets-instance/overlays/default/cluster-secret-store.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: external-secrets.io/v1beta1
2 | kind: ClusterSecretStore
3 | metadata:
4 | name: cluster
5 | namespace: external-secrets
6 | spec:
7 | provider:
8 | ibm:
9 | auth:
10 | secretRef:
11 | secretApiKeySecretRef:
12 | name: ibm-secret
13 | namespace: kube-system
14 | key: apiKey
15 | serviceUrl: >-
16 | https://3f5f4d5b-6179-4d7c-a7a2-72dc28eb4a81.au-syd.secrets-manager.appdomain.cloud
17 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/namespaces/namespace-sso.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: namespace-sso
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: sso
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/rhsso
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/namespaces/namespace-openshift-acs.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: namespace-openshift-acs
5 | labels:
6 | gitops.tier.layer: infra
7 | annotations:
8 | argocd.argoproj.io/sync-wave: "100"
9 | spec:
10 | destination:
11 | namespace: rhacs-operator
12 | server: https://kubernetes.default.svc
13 | project: infra
14 | source:
15 | path: namespaces/openshift-acs
16 | syncPolicy:
17 | automated:
18 | prune: true
19 | selfHeal: true
20 |
--------------------------------------------------------------------------------
/setup/argocd-operator/subscription.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: operators.coreos.com/v1alpha1
2 | kind: Subscription
3 | metadata:
4 | name: openshift-gitops-operator
5 | namespace: openshift-operators # Deploy to openshift-operators to make OpenShift GitOps available cluster-wide
6 | spec:
7 | channel: latest
8 | installPlanApproval: Automatic
9 | name: openshift-gitops-operator
10 | source: redhat-operators
11 | sourceNamespace: openshift-marketplace
12 | config:
13 | env:
14 | - name: DISABLE_DEFAULT_ARGOCD_INSTANCE
15 | value: 'TRUE'
16 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/namespaces/namespace-tools.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: tools
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: openshift-gitops
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/tools
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/namespaces/namespace-cloudpak.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: namespace-cloudpak
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: cloudpak
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/cloudpak
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/namespaces/namespace-openldap.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: namespace-openldap
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: openldap
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/openldap
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/namespaces/namespace-turbonomic.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: namespace-turbonomic
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: turbonomic
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/turbonomic
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/namespaces/namespace-istio-system.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: namespace-openshift-servicemesh-instance
5 | labels:
6 | gitops.tier.layer: infra
7 | annotations:
8 | argocd.argoproj.io/sync-wave: "100"
9 | spec:
10 | destination:
11 | namespace: stackrox
12 | server: https://kubernetes.default.svc
13 | project: infra
14 | source:
15 | path: namespaces/openshift-istio-system
16 | syncPolicy:
17 | automated:
18 | prune: true
19 | selfHeal: true
20 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/instances/cert-manager.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: cert-manager-instance
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "250"
7 | labels:
8 | gitops.tier.group: otp
9 | gitops.tier.layer: services
10 | spec:
11 | destination:
12 | namespace: tools
13 | server: 'https://kubernetes.default.svc'
14 | project: services
15 | source:
16 | path: instances/cert-manager
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/instances/grafana-instance.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: grafana-instance
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "250"
7 | labels:
8 | gitops.tier.group: otp
9 | gitops.tier.layer: services
10 | spec:
11 | destination:
12 | namespace: tools
13 | server: https://kubernetes.default.svc
14 | project: services
15 | source:
16 | path: instances/influxdb-grafana
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/namespaces/namespace-cert-manager.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: namespace-cert-manager
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: cert-manager
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/cert-manager
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/namespaces/namespace-instana-agent.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: namespace-instana-agent
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: instana-agent
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/instana-agent
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/namespaces/namespace-quay-registry.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: quay-registry-namespace
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: quay-registry
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/quay-registry
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/instances/hashicorp-vault.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: hashicorp-vault-instance
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "250"
7 | labels:
8 | gitops.tier.group: otp
9 | gitops.tier.layer: services
10 | spec:
11 | destination:
12 | namespace: tools
13 | server: 'https://kubernetes.default.svc'
14 | project: services
15 | source:
16 | path: instances/hashicorp-vault-chart
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/namespaces/namespace-openshift-operators-redhat.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: namespace-ossm
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: sso
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/openshift-operators-redhat
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/namespaces/namespace-rhacm-policies.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: rhacm-policies-namespace
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: rhacm-policies
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/rhacm-policies
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/namespaces/namespace-sealed-secrets.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: namespace-sealed-secrets
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: sealed-secrets
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/sealed-secrets
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/namespaces/namespace-external-secrets.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: namespace-external-secrets
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: external-secrets
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/external-secrets
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/namespaces/namespace-sso-integration.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: namespace-sso-integration
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: sso-integration
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/rhsso-integration
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/instances/ibm-cp4mcm-instance.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: ibm-cp4mcm-instance
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "290"
7 | labels:
8 | gitops.tier.group: ibm-cloudpak
9 | gitops.tier.layer: services
10 | spec:
11 | syncPolicy:
12 | automated:
13 | prune: true
14 | selfHeal: true
15 | destination:
16 | namespace: ibm-cp4mcm
17 | server: https://kubernetes.default.svc
18 | project: services
19 | source:
20 | path: instances/ibm-cp4mcm-instance
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/instances/openshift-acs-instance.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: openshift-acs-instance
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "250"
7 | labels:
8 | gitops.tier.group: acs
9 | gitops.tier.layer: services
10 | spec:
11 | destination:
12 | namespace: stackrox
13 | server: https://kubernetes.default.svc
14 | project: services
15 | source:
16 | path: instances/openshift-acs-instance/
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/dev/project-simple/bootstrap.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: bootstrap-spokecluster-dev-project-simple
5 | namespace: openshift-gitops
6 | spec:
7 | destination:
8 | namespace: openshift-gitops
9 | server: https://kubernetes.default.svc
10 | project: default
11 | source:
12 | path: 0-bootstrap/spokeclusters/dev/project-simple
13 | repoURL: https://github.com/testing-gitops/otp-gitops.git
14 | targetRevision: master
15 | syncPolicy:
16 | automated:
17 | prune: true
18 | selfHeal: true
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/test/project-easy/bootstrap.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: bootstrap-spokecluster-test-project-easy
5 | namespace: openshift-gitops
6 | spec:
7 | destination:
8 | namespace: openshift-gitops
9 | server: https://kubernetes.default.svc
10 | project: default
11 | source:
12 | path: 0-bootstrap/spokeclusters/test/project-easy
13 | repoURL: https://github.com/testing-gitops/otp-gitops.git
14 | targetRevision: master
15 | syncPolicy:
16 | automated:
17 | prune: true
18 | selfHeal: true
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/namespaces/namespace-openshift-storage.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: openshift-storage-namespace
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: openshift-gitops
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/openshift-storage
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/instances/external-secrets.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: external-secrets-instance
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "250"
7 | labels:
8 | gitops.tier.group: otp
9 | gitops.tier.layer: services
10 | spec:
11 | destination:
12 | namespace: external-secrets
13 | server: 'https://kubernetes.default.svc'
14 | project: services
15 | source:
16 | path: instances/external-secrets-instance
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/machinepools/machinepools.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: machinepools
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "460"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | syncPolicy:
13 | automated:
14 | prune: true
15 | selfHeal: true
16 | destination:
17 | namespace: openshift-gitops
18 | server: https://kubernetes.default.svc
19 | project: clusters
20 | source:
21 | path: machinepools
22 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/5-apps/argocd/cloudpaks/cp4i/cp4i.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: apps-cloudpak-cp4i
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "550"
7 | labels:
8 | gitops.tier.layer: applications
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: openshift-gitops
14 | server: https://kubernetes.default.svc
15 | project: applications
16 | source:
17 | path: cloudpaks/cp4i
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/cicd/project-cicd/bootstrap.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: bootstrap-spokecluster-cicd-project-cicd
5 | namespace: openshift-gitops
6 | spec:
7 | destination:
8 | namespace: openshift-gitops
9 | server: https://kubernetes.default.svc
10 | project: default
11 | source:
12 | path: 0-bootstrap/spokeclusters/cicd/project-cicd
13 | repoURL: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS}
14 | targetRevision: ${GIT_GITOPS_BRANCH}
15 | syncPolicy:
16 | automated:
17 | prune: true
18 | selfHeal: true
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/prod/project-simple/bootstrap.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: bootstrap-spokecluster-prod-project-simple
5 | namespace: openshift-gitops
6 | spec:
7 | destination:
8 | namespace: openshift-gitops
9 | server: https://kubernetes.default.svc
10 | project: default
11 | source:
12 | path: 0-bootstrap/spokeclusters/prod/project-simple
13 | repoURL: https://github.com/testing-gitops/otp-gitops.git
14 | targetRevision: master
15 | syncPolicy:
16 | automated:
17 | prune: true
18 | selfHeal: true
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/namespaces/namespace-rhacm-clusterpools.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: rhacm-clusterpools-namespace
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: rhacm-clusterpools
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/rhacm-clusterpools
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/rbac/rbac-rhacm.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: rbac-rhacm
5 | labels:
6 | gitops.tier.layer: infra
7 | gitops.tier.group: rhacm
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: openshift-gitops
15 | server: https://kubernetes.default.svc
16 | project: infra
17 | source:
18 | path: rbac/rhacm
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
--------------------------------------------------------------------------------
/0-bootstrap/hub/5-apps/argocd/vault/vault.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: apps-cluster-services-vault
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "510"
7 | labels:
8 | gitops.tier.layer: applications
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: openshift-gitops
14 | server: https://kubernetes.default.svc
15 | project: applications
16 | source:
17 | path: vault/acm/
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
22 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/namespaces/namespace-ibm-common-services.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: namespace-ibm-common-services
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: ibm-common-services
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/ibm-common-services
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/namespaces/namespace-rhacm-clusterclaims.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: rhacm-clusterclaims-namespace
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: rhacm-clusterclaims
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/rhacm-clusterclaims
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/consolelink.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: otp-console-link
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | syncPolicy:
14 | automated:
15 | prune: true
16 | selfHeal: true
17 | destination:
18 | namespace: openshift-gitops
19 | server: https://kubernetes.default.svc
20 | project: infra
21 | source:
22 | path: consolelink
23 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/namespaces/namespace-ibm-infra-automation.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: namespace-ibm-infra-automation
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: ibm-infra-automation
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/ibm-infra-automation
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/instances/rhsso-integration-argocd-instance.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: rhsso-integration-argocd
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "252"
7 | labels:
8 | gitops.tier.group: otp
9 | gitops.tier.layer: services
10 | spec:
11 | destination:
12 | namespace: sso-integration
13 | server: https://kubernetes.default.svc
14 | project: services
15 | source:
16 | path: instances/rhsso-integration-argocd
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/cicd/project-cicd/1-infra/argocd/namespaces/namespace-sealed-secrets.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: namespace-sealed-secrets
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: sealed-secrets
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/sealed-secrets
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/test/project-easy/1-infra/argocd/namespaces/namespace-sealed-secrets.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: namespace-sealed-secrets
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: sealed-secrets
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/sealed-secrets
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/machine-configs/machine-configs-workers.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: machine-configs-workers
5 | labels:
6 | gitops.tier.layer: infra
7 | annotations:
8 | argocd.argoproj.io/sync-wave: "100"
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: openshift-gitops
14 | server: https://kubernetes.default.svc
15 | project: infra
16 | source:
17 | path: machine-configs/workers
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/namespaces/namespace-openshift-local-storage.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: openshift-local-storage-namespace
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: openshift-gitops
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/openshift-local-storage
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/namespaces/namespace-openshift-virtualization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: namespace-openshift-virtualization
5 | labels:
6 | gitops.tier.layer: infra
7 | gitops.tier.group: kubevirt
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: openshift-cnv
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/openshift-virtualization
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/cicd/project-cicd/1-infra/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | - argocd/namespaces/namespace-sealed-secrets.yaml
3 | - argocd/namespaces/namespace-openshift-storage.yaml
4 | - argocd/namespaces/namespace-openshift-compliance.yaml
5 |
6 | patches:
7 | - target:
8 | group: argoproj.io
9 | kind: Application
10 | labelSelector: "gitops.tier.layer=infra"
11 | patch: |-
12 | - op: add
13 | path: /spec/source/repoURL
14 | value: https://github.com/one-touch-provisioning/otp-gitops-infra.git
15 | - op: add
16 | path: /spec/source/targetRevision
17 | value: master
18 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/dev/project-simple/1-infra/argocd/namespaces/namespace-sealed-secrets.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: namespace-sealed-secrets
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: sealed-secrets
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/sealed-secrets
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/prod/project-simple/1-infra/argocd/namespaces/namespace-sealed-secrets.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: namespace-sealed-secrets
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: sealed-secrets
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/sealed-secrets
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/test/project-easy/1-infra/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | - argocd/namespaces/namespace-sealed-secrets.yaml
3 | - argocd/namespaces/namespace-openshift-storage.yaml
4 | - argocd/namespaces/namespace-openshift-compliance.yaml
5 |
6 | patches:
7 | - target:
8 | group: argoproj.io
9 | kind: Application
10 | labelSelector: "gitops.tier.layer=infra"
11 | patch: |-
12 | - op: add
13 | path: /spec/source/repoURL
14 | value: https://github.com/one-touch-provisioning/otp-gitops-infra.git
15 | - op: add
16 | path: /spec/source/targetRevision
17 | value: master
18 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/operators/ironic.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: ironic
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "210"
7 | labels:
8 | gitops.tier.group: rhacm
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: metal-provisioner
15 | server: https://kubernetes.default.svc
16 | project: services
17 | source:
18 | path: operators/ironic
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/5-apps/argocd/pipelines/tekton-mcm-gitops.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: apps-infra-tekton-pipeline-mcm-vms
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "550"
7 | labels:
8 | gitops.tier.layer: applications
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: mcm-gitops
14 | server: https://kubernetes.default.svc
15 | project: applications
16 | source:
17 | path: infra/vms/mcm/
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
22 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/cicd/project-cicd/3-apps/argocd/cloudpaks/cp4i/cp4i.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: apps-cloudpak-cp4i
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "450"
7 | labels:
8 | gitops.tier.layer: applications
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: openshift-gitops
14 | server: https://kubernetes.default.svc
15 | project: applications
16 | source:
17 | path: cloudpaks/cp4i
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/dev/project-simple/1-infra/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | - argocd/namespaces/namespace-sealed-secrets.yaml
3 | - argocd/namespaces/namespace-openshift-storage.yaml
4 | - argocd/namespaces/namespace-openshift-compliance.yaml
5 |
6 | patches:
7 | - target:
8 | group: argoproj.io
9 | kind: Application
10 | labelSelector: "gitops.tier.layer=infra"
11 | patch: |-
12 | - op: add
13 | path: /spec/source/repoURL
14 | value: https://github.com/one-touch-provisioning/otp-gitops-infra.git
15 | - op: add
16 | path: /spec/source/targetRevision
17 | value: master
18 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/prod/project-simple/1-infra/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | - argocd/namespaces/namespace-sealed-secrets.yaml
3 | - argocd/namespaces/namespace-openshift-storage.yaml
4 | - argocd/namespaces/namespace-openshift-compliance.yaml
5 |
6 | patches:
7 | - target:
8 | group: argoproj.io
9 | kind: Application
10 | labelSelector: "gitops.tier.layer=infra"
11 | patch: |-
12 | - op: add
13 | path: /spec/source/repoURL
14 | value: https://github.com/one-touch-provisioning/otp-gitops-infra.git
15 | - op: add
16 | path: /spec/source/targetRevision
17 | value: master
18 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/test/project-easy/3-apps/argocd/cloudpaks/cp4i/cp4i.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: apps-cloudpak-cp4i
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "350"
7 | labels:
8 | gitops.tier.layer: applications
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: openshift-gitops
14 | server: https://kubernetes.default.svc
15 | project: applications
16 | source:
17 | path: cloudpaks/cp4i
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/namespaces/namespace-openshift-acm.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: openshift-acm-namespace
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | gitops.tier.group: rhacm
9 | annotations:
10 | argocd.argoproj.io/sync-wave: "100"
11 | spec:
12 | destination:
13 | namespace: open-cluster-management
14 | server: https://kubernetes.default.svc
15 | project: infra
16 | source:
17 | path: namespaces/openshift-acm
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
22 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/instances/openshift-service-mesh-instance.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: openshift-service-mesh-instance
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "250"
7 | labels:
8 | gitops.tier.group: otp
9 | gitops.tier.layer: services
10 | spec:
11 | destination:
12 | namespace: istio-system
13 | server: https://kubernetes.default.svc
14 | project: services
15 | source:
16 | path: instances/openshift-servicemesh/overlays/default
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/instances/rhsso-instance.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: rhsso-instance
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "250"
7 | labels:
8 | gitops.tier.group: otp
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: sso
15 | server: https://kubernetes.default.svc
16 | project: services
17 | source:
18 | path: instances/rhsso-instance
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/operators/rhsso-operator.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: rhsso-operator
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "200"
7 | labels:
8 | gitops.tier.group: otp
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: sso
15 | server: https://kubernetes.default.svc
16 | project: services
17 | source:
18 | path: operators/rhsso-operator
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/operators/turbonomic.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: turbonomic
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "200"
7 | labels:
8 | gitops.tier.group: otp
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: turbonomic
15 | server: 'https://kubernetes.default.svc'
16 | project: services
17 | source:
18 | path: operators/turbonomic
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/cicd/project-cicd/1-infra/argocd/namespaces/namespace-openshift-storage.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: openshift-storage-namespace
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: openshift-gitops
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/openshift-storage
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/dev/project-simple/1-infra/argocd/namespaces/namespace-openshift-storage.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: openshift-storage-namespace
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: openshift-gitops
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/openshift-storage
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/dev/project-simple/3-apps/argocd/cloudpaks/cp4i/cp4i.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: apps-cloudpak-cp4i
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "450"
7 | labels:
8 | gitops.tier.layer: applications
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: openshift-gitops
14 | server: https://kubernetes.default.svc
15 | project: applications
16 | source:
17 | path: cloudpaks/cp4i
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/prod/project-simple/1-infra/argocd/namespaces/namespace-openshift-storage.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: openshift-storage-namespace
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: openshift-gitops
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/openshift-storage
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/prod/project-simple/2-services/argocd/instances/sysflow.yaml:
--------------------------------------------------------------------------------
1 | #if a production deployment with CP4S this would be better as a policy
2 | apiVersion: argoproj.io/v1alpha1
3 | kind: Application
4 | metadata:
5 | name: sysflow
6 | annotations:
7 | argocd.argoproj.io/sync-wave: "200"
8 | labels:
9 | gitops.tier.layer: services
10 | spec:
11 | destination:
12 | namespace: sysflow
13 | server: https://kubernetes.default.svc
14 | project: services
15 | source:
16 | path: instances/sysflow/sf-chart
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/prod/project-simple/3-apps/argocd/cloudpaks/cp4i/cp4i.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: apps-cloudpak-cp4i
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "350"
7 | labels:
8 | gitops.tier.layer: applications
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: openshift-gitops
14 | server: https://kubernetes.default.svc
15 | project: applications
16 | source:
17 | path: cloudpaks/cp4i
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/test/project-easy/1-infra/argocd/namespaces/namespace-openshift-storage.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: openshift-storage-namespace
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: openshift-gitops
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/openshift-storage
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/namespaces/namespace-metal-provisioner.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: metal-provisioner-namespace
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | gitops.tier.group: rhacm
9 | annotations:
10 | argocd.argoproj.io/sync-wave: "100"
11 | spec:
12 | destination:
13 | namespace: metal-provisioner
14 | server: https://kubernetes.default.svc
15 | project: infra
16 | source:
17 | path: namespaces/metal-provisioner
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
22 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/namespaces/namespace-rhacm-credentials.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: namespace-rhacm-credentials
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | gitops.tier.group: rhacm
9 | annotations:
10 | argocd.argoproj.io/sync-wave: "100"
11 | spec:
12 | destination:
13 | namespace: rhacm-credentials
14 | server: https://kubernetes.default.svc
15 | project: infra
16 | source:
17 | path: namespaces/rhacm-credentials
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
22 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/rbac/rbac-external-secrets.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: rbac-external-secrets
5 | labels:
6 | gitops.tier.layer: infra
7 | gitops.tier.group: rhacm
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: openshift-gitops
15 | server: https://kubernetes.default.svc
16 | project: infra
17 | source:
18 | path: rbac/external-secrets
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/instances/ibm-infra-automation-instance.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: ibm-infra-automation-instance
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "299"
7 | labels:
8 | gitops.tier.group: ibm-cloudpak
9 | gitops.tier.layer: services
10 | spec:
11 | syncPolicy:
12 | automated:
13 | prune: true
14 | selfHeal: true
15 | destination:
16 | namespace: ibm-infra-automation
17 | server: https://kubernetes.default.svc
18 | project: services
19 | source:
20 | path: instances/ibm-infra-automation-instance
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/instances/openshift-virtualization-instance.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: openshift-virtualization-instance
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "250"
7 | labels:
8 | gitops.tier.group: kubevirt
9 | gitops.tier.layer: services
10 | spec:
11 | destination:
12 | namespace: openshift-cnv
13 | server: https://kubernetes.default.svc
14 | project: services
15 | source:
16 | path: instances/openshift-virtualization-instance
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/instances/rhsso-integration-preprocessing-instance.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: rhsso-integration-preprocessing
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "251"
7 | labels:
8 | gitops.tier.group: otp
9 | gitops.tier.layer: services
10 | spec:
11 | destination:
12 | namespace: sso-integration
13 | server: https://kubernetes.default.svc
14 | project: services
15 | source:
16 | path: instances/rhsso-integration-preprocessing
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/3-policies/argocd/otp-policies/deploy-lso/deploy-lso.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: policy-deploy-lso
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "300"
7 | labels:
8 | gitops.tier.layer: policies
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: openshift-gitops
14 | server: https://kubernetes.default.svc
15 | project: policies
16 | source:
17 | path: otp-policies/policy-generators/deploy-lso
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
--------------------------------------------------------------------------------
/0-bootstrap/hub/3-policies/argocd/otp-policies/deploy-odf/deploy-odf.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: policy-deploy-odf
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "300"
7 | labels:
8 | gitops.tier.layer: policies
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: openshift-gitops
14 | server: https://kubernetes.default.svc
15 | project: policies
16 | source:
17 | path: otp-policies/policy-generators/deploy-odf
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/machine-configs/machine-configs-control-planes.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: machine-configs-control-planes
5 | labels:
6 | gitops.tier.layer: infra
7 | annotations:
8 | argocd.argoproj.io/sync-wave: "100"
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: openshift-gitops
14 | server: https://kubernetes.default.svc
15 | project: infra
16 | source:
17 | path: machine-configs/control-planes
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/namespaces/namespace-ansible-automation-platform.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: namespace-ansible-automation-platform
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: ansible-automation-platform
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/ansible-automation-platform
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/5-apps/argocd/pipelines/tekton-mcm-providers.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: apps-infra-tekton-pipeline-mcm-providers
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "550"
7 | labels:
8 | gitops.tier.layer: applications
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: mcm-gitops
14 | server: https://kubernetes.default.svc
15 | project: applications
16 | source:
17 | path: infra/providers/mcm/
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
22 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/cicd/project-cicd/1-infra/argocd/namespaces/namespace-openshift-compliance.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: namespace-openshift-compliance
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: openshift-compliance
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/openshift-compliance
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/dev/project-simple/1-infra/argocd/namespaces/namespace-openshift-compliance.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: namespace-openshift-compliance
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: openshift-compliance
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/openshift-compliance
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/test/project-easy/1-infra/argocd/namespaces/namespace-openshift-compliance.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: namespace-openshift-compliance
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: openshift-compliance
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/openshift-compliance
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/instances/ibm-common-services-mcm-instance.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: ibm-common-services-mcm-instance
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "220"
7 | labels:
8 | gitops.tier.group: ibm-cloudpak
9 | gitops.tier.layer: services
10 | spec:
11 | syncPolicy:
12 | automated:
13 | prune: true
14 | selfHeal: true
15 | destination:
16 | namespace: ibm-common-services
17 | server: https://kubernetes.default.svc
18 | project: services
19 | source:
20 | path: instances/ibm-common-services-mcm-instance
21 |
22 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/operators/cert-manager.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: cert-manager
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "200"
7 | labels:
8 | gitops.tier.group: otp
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: openshift-operators
15 | server: 'https://kubernetes.default.svc'
16 | project: services
17 | source:
18 | path: operators/cert-manager
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/infra/providers/rhacm/aws/sealed-secrets/aws.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: rhacm-credentials-aws
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "400"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: rhacm-credentials
14 | server: https://kubernetes.default.svc
15 | project: clusters
16 | source:
17 | path: rhacm/providers/aws/sealed-secrets/
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/prod/project-simple/1-infra/argocd/namespaces/namespace-openshift-compliance.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: namespace-openshift-compliance
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: openshift-compliance
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/openshift-compliance
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/operators/quay-registry.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: quay-registry-operator
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "200"
7 | labels:
8 | gitops.tier.group: quay
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: openshift-gitops
15 | server: https://kubernetes.default.svc
16 | project: services
17 | source:
18 | path: operators/quay-registry
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/clusters/prod/vsphere/vsphere-prod.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: clusters-vsphere-vsphere-prod
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "450"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: openshift-gitops
14 | server: https://kubernetes.default.svc
15 | project: clusters
16 | source:
17 | path: clusters/deploy/vsphere/vsphere-eltham/
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
22 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/clusters/test/vsphere/vsphere-test.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: clusters-vsphere-vsphere-test
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "450"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: openshift-gitops
14 | server: https://kubernetes.default.svc
15 | project: clusters
16 | source:
17 | path: clusters/deploy/vsphere/vsphere-eltham/
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
22 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/operators/kiali.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: kiali-operator
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "200"
7 | labels:
8 | gitops.tier.group: otp
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: openshift-operators
15 | server: 'https://kubernetes.default.svc'
16 | project: services
17 | source:
18 | path: operators/kiali-operator/overlays/stable
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/instances/openshift-acm-cim.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: openshift-acm-cim
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "270"
7 | labels:
8 | gitops.tier.group: rhacm
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: open-cluster-management
15 | server: https://kubernetes.default.svc
16 | project: services
17 | source:
18 | path: instances/openshift-acm-cim
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/operators/baremetal-operator.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: baremetal-operator
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "200"
7 | labels:
8 | gitops.tier.group: rhacm
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: metal-provisioner
15 | server: https://kubernetes.default.svc
16 | project: services
17 | source:
18 | path: operators/baremetal-operator
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/operators/jaeger.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: jaeger-operator
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "200"
7 | labels:
8 | gitops.tier.group: otp
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: openshift-operators
15 | server: 'https://kubernetes.default.svc'
16 | project: services
17 | source:
18 | path: operators/jaeger-operator/overlays/stable
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/operators/openshift-acm.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: openshift-acm-operator
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "200"
7 | labels:
8 | gitops.tier.group: rhacm
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: open-cluster-management
15 | server: https://kubernetes.default.svc
16 | project: services
17 | source:
18 | path: operators/openshift-acm
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/operators/openshift-acs-operator.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: openshift-acs-operator
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "200"
7 | labels:
8 | gitops.tier.group: acs
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: stackrox
15 | server: https://kubernetes.default.svc
16 | project: services
17 | source:
18 | path: operators/openshift-acs-operator
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/operators/openshift-gitops.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: openshift-gitops-operator
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "200"
7 | labels:
8 | gitops.tier.group: otp
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: openshift-operators
15 | server: https://kubernetes.default.svc
16 | project: services
17 | source:
18 | path: operators/openshift-gitops
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/infra/providers/rhacm/azure/sealed-secrets/azure.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: rhacm-credentials-azure
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "400"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: rhacm-credentials
14 | server: https://kubernetes.default.svc
15 | project: clusters
16 | source:
17 | path: rhacm/providers/azure/sealed-secrets/
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
22 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/infra/providers/rhacm/rhocm/sealed-secrets/rhocm.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: rhacm-credentials-rhocm
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "400"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: rhacm-credentials
14 | server: https://kubernetes.default.svc
15 | project: clusters
16 | source:
17 | path: rhacm/providers/rhocm/sealed-secrets/
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
22 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/rbac/rbac-openshift-virtualization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: rbac-openshift-virtualization
5 | labels:
6 | gitops.tier.layer: infra
7 | gitops.tier.group: kubevirt
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: openshift-gitops
15 | server: https://kubernetes.default.svc
16 | project: infra
17 | source:
18 | path: rbac/openshift-virtualization
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/instances/rhsso-integration-hub-instance.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: rhsso-integration-hub
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "252"
7 | labels:
8 | gitops.tier.group: otp
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: sso-integration
15 | server: https://kubernetes.default.svc
16 | project: services
17 | source:
18 | path: instances/rhsso-integration-hub
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/operators/quay-bridge-operator.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: quay-bridge-operator
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "215"
7 | labels:
8 | gitops.tier.group: quay
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: openshift-gitops
15 | server: https://kubernetes.default.svc
16 | project: services
17 | source:
18 | path: operators/quay-bridge-operator
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/infra/providers/rhacm/vsphere/sealed-secrets/vsphere.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: rhacm-credentials-vsphere
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "400"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: rhacm-credentials
14 | server: https://kubernetes.default.svc
15 | project: clusters
16 | source:
17 | path: rhacm/providers/vsphere/sealed-secrets/
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
22 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/5-apps/argocd/cluster-services/cert-manager/cert-manager.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: apps-cluster-services-cert-manager
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "510"
7 | labels:
8 | gitops.tier.layer: applications
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: openshift-gitops
14 | server: https://kubernetes.default.svc
15 | project: applications
16 | source:
17 | path: cluster-services/cert-manager/acm/
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
22 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/5-apps/argocd/virtual-machines/instana/instana-vm.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: apps-virtual-machine-instana
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "500"
7 | labels:
8 | gitops.tier.layer: applications
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: openshift-virtualization-virtual-machines
14 | server: https://kubernetes.default.svc
15 | project: applications
16 | source:
17 | path: infra/virtual-machines/instana/
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/namespaces/namespace-openshift-virtualization-os-images.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: namespace-openshift-virtualization-os-images
5 | labels:
6 | gitops.tier.layer: infra
7 | gitops.tier.group: kubevirt
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: openshift-virtualization-os-images
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/openshift-virtualization-os-images
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/instances/ansible-automation-platform-hub-instance.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: ansible-automation-platform-hub-instance
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "250"
7 | labels:
8 | gitops.tier.group: ansible
9 | gitops.tier.layer: services
10 | spec:
11 | destination:
12 | namespace: ansible-automation-platform
13 | server: https://kubernetes.default.svc
14 | project: services
15 | source:
16 | path: instances/ansible-automation-platform-hub-instance
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/instances/quay-registry-instance.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: quay-registry-instance
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "250"
7 | labels:
8 | gitops.tier.group: quay
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: quay-registry
15 | server: https://kubernetes.default.svc
16 | project: services
17 | source:
18 | path: instances/quay-registry-instance
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/operators/external-secrets.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: external-secrets-operator
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "200"
7 | labels:
8 | gitops.tier.group: otp
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: external-secrets
15 | server: 'https://kubernetes.default.svc'
16 | project: services
17 | source:
18 | path: operators/external-secrets-operator
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/operators/openshift-pipelines.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: openshift-pipelines-operator
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "200"
7 | labels:
8 | gitops.tier.group: otp
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: openshift-operators
15 | server: https://kubernetes.default.svc
16 | project: services
17 | source:
18 | path: operators/openshift-pipelines
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/operators/ibm-cp4mcm-operator.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: ibm-cp4mcm-operator
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "230"
7 | labels:
8 | gitops.tier.group: ibm-cloudpak
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: openshift-operators
15 | server: 'https://kubernetes.default.svc'
16 | project: services
17 | source:
18 | path: operators/ibm-cp4mcm-operator
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/operators/elasticsearch.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: elasticsearch-operator
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "200"
7 | labels:
8 | gitops.tier.group: otp
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: openshift-operators
15 | server: 'https://kubernetes.default.svc'
16 | project: services
17 | source:
18 | path: operators/elasticsearch-operator/overlays/stable
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/operators/quay-container-security.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: quay-container-security-operator
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "210"
7 | labels:
8 | gitops.tier.group: quay
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: openshift-gitops
15 | server: https://kubernetes.default.svc
16 | project: services
17 | source:
18 | path: operators/quay-container-security
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/3-policies/argocd/otp-policies/deploy-placement-bindings/deploy-placement-bindings.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: policy-deploy-placement-bindings
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "300"
7 | labels:
8 | gitops.tier.layer: policies
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: openshift-gitops
14 | server: https://kubernetes.default.svc
15 | project: policies
16 | source:
17 | path: otp-policies/policies/placementbindings
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/namespaces/namespace-openshift-acm-observability.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: openshift-acm-observability-namespace
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | gitops.tier.group: rhacm
9 | annotations:
10 | argocd.argoproj.io/sync-wave: "100"
11 | spec:
12 | destination:
13 | namespace: open-cluster-management-observability
14 | server: https://kubernetes.default.svc
15 | project: infra
16 | source:
17 | path: namespaces/openshift-acm-observability
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
22 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/3-policies/argocd/otp-policies/deploy-placement-rules/deploy-placement-rules.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: policy-deploy-placement-rules
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "300"
7 | labels:
8 | gitops.tier.layer: policies
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: openshift-gitops
14 | server: https://kubernetes.default.svc
15 | project: policies
16 | source:
17 | path: otp-policies/policy-generators/deploy-placement-rules
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
--------------------------------------------------------------------------------
/0-bootstrap/hub/5-apps/argocd/cluster-services/amazon-cloudwatch/amazon-cloudwatch.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: apps-cluster-services-amazon-cloudwatch
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "530"
7 | labels:
8 | gitops.tier.layer: applications
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: openshift-gitops
14 | server: https://kubernetes.default.svc
15 | project: applications
16 | source:
17 | path: cluster-services/amazon-cloudwatch/acm/
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
22 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/instances/ansible-automation-platform-controller-instance.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: ansible-automation-platform-controller-instance
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "250"
7 | labels:
8 | gitops.tier.group: ansible
9 | gitops.tier.layer: services
10 | spec:
11 | destination:
12 | namespace: ansible-automation-platform
13 | server: https://kubernetes.default.svc
14 | project: services
15 | source:
16 | path: instances/ansible-automation-platform-controller-instance
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/instances/openshift-acm-instance.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: openshift-acm-instance
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "250"
7 | labels:
8 | gitops.tier.group: rhacm
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: open-cluster-management
15 | server: https://kubernetes.default.svc
16 | project: services
17 | source:
18 | path: instances/openshift-acm-instance/overlays/basic
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/instances/openshift-gitopscluster-instance.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: openshift-acm-gitopscluster
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "275"
7 | labels:
8 | gitops.tier.layer: services
9 | gitops.tier.group: rhacm
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: openshift-gitops
15 | server: https://kubernetes.default.svc
16 | project: services
17 | source:
18 | path: instances/openshift-gitopscluster-instance
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
--------------------------------------------------------------------------------
/0-bootstrap/hub/3-policies/argocd/otp-policies/deploy-openshift-gitops/deploy-openshift-gitops.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: policy-deploy-openshift-gitops
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "300"
7 | labels:
8 | gitops.tier.layer: policies
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: openshift-gitops
14 | server: https://kubernetes.default.svc
15 | project: policies
16 | source:
17 | path: otp-policies/policy-generators/deploy-openshift-gitops
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/storage/storage.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: odf-on-managed-clusters
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "465"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | syncPolicy:
13 | automated:
14 | prune: true
15 | selfHeal: true
16 | destination:
17 | namespace: openshift-gitops
18 | server: https://kubernetes.default.svc
19 | project: clusters
20 | source:
21 | path: storage
22 | helm:
23 | values: |
24 | odfVersion: '4.12'
25 | odfSizeGB: 256
26 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/operators/openshift-service-mesh.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: openshift-service-mesh
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "201"
7 | labels:
8 | gitops.tier.group: service-mesh
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: openshift-operators
15 | server: https://kubernetes.default.svc
16 | project: services
17 | source:
18 | path: operators/openshift-servicemesh/overlays/stable
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/operators/openshift-virtualization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: openshift-virtualization-operator
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "200"
7 | labels:
8 | gitops.tier.group: kubevirt
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: openshift-cnv
15 | server: https://kubernetes.default.svc
16 | project: services
17 | source:
18 | path: operators/openshift-virtualization-operator
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/setup/argocd-instance/resource-customizations/ocs.yaml:
--------------------------------------------------------------------------------
1 | kind: ConfigMap
2 | apiVersion: v1
3 | metadata:
4 | name: argocd-cm
5 | namespace: openshift-gitops
6 | data:
7 | resource.customizations.health.ocs.openshift.io_StorageCluster: |
8 | hs = {}
9 | if obj.status ~= nil then
10 | if obj.status.phase ~= nil then
11 | hs.message = obj.status.phase
12 | if obj.status.phase == "Running" or obj.status.phase == "Ready" then
13 | hs.status = "Healthy"
14 | else
15 | hs.status = "Progressing"
16 | end
17 | return hs
18 | end
19 | end
20 | hs.status = "Progressing"
21 | hs.message = "Unknown"
22 | return hs
23 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/namespaces/namespace-openshift-virtualization-virtual-machines.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: namespace-openshift-virtualization-virtual-machines
5 | labels:
6 | gitops.tier.layer: infra
7 | gitops.tier.group: kubevirt
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | spec:
11 | destination:
12 | namespace: openshift-virtualization-virtual-machines
13 | server: https://kubernetes.default.svc
14 | project: infra
15 | source:
16 | path: namespaces/openshift-virtualization-virtual-machines
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/operators/ibm-common-services-mcm.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: ibm-common-services-mcm-operator
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "210"
7 | labels:
8 | gitops.tier.group: ibm-cloudpak
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: openshift-operators
15 | server: 'https://kubernetes.default.svc'
16 | project: services
17 | source:
18 | path: operators/ibm-common-services-mcm-operator
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/operators/ibm-infra-automation-operator.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: ibm-infra-automation-operator
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "230"
7 | labels:
8 | gitops.tier.group: ibm-cloudpak
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: openshift-operators
15 | server: 'https://kubernetes.default.svc'
16 | project: services
17 | source:
18 | path: operators/ibm-infra-automation-operator
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/3-policies/argocd/otp-policies/deploy-openshift-serverless/deploy-openshift-serverless.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: policy-deploy-openshift-serverless
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "300"
7 | labels:
8 | gitops.tier.layer: policies
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: openshift-gitops
14 | server: https://kubernetes.default.svc
15 | project: policies
16 | source:
17 | path: otp-policies/policy-generators/deploy-openshift-serverless
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/instances/openshift-acm-discovery-service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: openshift-acm-discovery-service
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "350"
7 | labels:
8 | gitops.tier.group: rhacm
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: openshift-rhacm-credentials
15 | server: https://kubernetes.default.svc
16 | project: services
17 | source:
18 | path: instances/openshift-acm-discovery-service
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/scripts/patch-argocd-tls.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | argocd_url="$(oc get route router-default -n openshift-ingress -o jsonpath='{.spec.host}')"
4 | pattern="router-default\.(.+)\..+\.containers\.appdomain\.cloud"
5 | [[ "$argocd_url" =~ $pattern ]]
6 | ingress_secret_name="${BASH_REMATCH[1]}"
7 |
8 | oc get secret $ingress_secret_name -n openshift-ingress -o jsonpath='{.data.tls\.crt}' | base64 -d > $(pwd)/tls.crt
9 | oc get secret $ingress_secret_name -n openshift-ingress -o jsonpath='{.data.tls\.key}' | base64 -d > $(pwd)/tls.key
10 |
11 | oc create -n openshift-gitops secret tls argocd-server-tls \
12 | --cert=$(pwd)/tls.crt \
13 | --key=$(pwd)/tls.key
14 |
15 | # Clean up keys
16 | rm $(pwd)/tls.crt
17 | rm $(pwd)/tls.key
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/instances/openshift-acm-observability-instance.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: openshift-acm-observability-instance
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "260"
7 | argocd.argoproj.io/compare-options: IgnoreExtraneous
8 | labels:
9 | gitops.tier.group: rhacm
10 | gitops.tier.layer: services
11 | spec:
12 | destination:
13 | namespace: open-cluster-management-observability
14 | server: https://kubernetes.default.svc
15 | project: services
16 | source:
17 | path: instances/openshift-acm-observability-instance
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
22 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/operators/ansible-automation-platform-operator.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: ansible-automation-platform-operator
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "200"
7 | labels:
8 | gitops.tier.group: ansible
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: ansible-automation-platform
15 | server: https://kubernetes.default.svc
16 | project: services
17 | source:
18 | path: operators/ansible-automation-platform-operator
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/3-policies/argocd/otp-policies/deploy-aws-managed-cluster-infra-nodes/deploy-aws-managed-cluster-infra-nodes.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: policy-deploy-aws-managed-cluster-infra-nodes
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "300"
7 | labels:
8 | gitops.tier.layer: policies
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: openshift-gitops
14 | server: https://kubernetes.default.svc
15 | project: policies
16 | source:
17 | path: otp-policies/policies/machinepools/aws/infra-nodes
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/cicd/project-cicd/2-services/argocd/operators/openshift-compliance-operator.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: openshift-compliance-operator
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "200"
7 | labels:
8 | gitops.tier.group: compliance
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: openshift-compliance
15 | server: https://kubernetes.default.svc
16 | project: services
17 | source:
18 | path: operators/openshift-compliance-operator
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/dev/project-simple/2-services/argocd/operators/openshift-compliance-operator.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: openshift-compliance-operator
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "200"
7 | labels:
8 | gitops.tier.group: compliance
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: openshift-compliance
15 | server: https://kubernetes.default.svc
16 | project: services
17 | source:
18 | path: operators/openshift-compliance-operator
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/prod/project-simple/2-services/argocd/operators/openshift-compliance-operator.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: openshift-compliance-operator
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "200"
7 | labels:
8 | gitops.tier.group: compliance
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: openshift-compliance
15 | server: https://kubernetes.default.svc
16 | project: services
17 | source:
18 | path: operators/openshift-compliance-operator
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/test/project-easy/2-services/argocd/operators/openshift-compliance-operator.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: openshift-compliance-operator
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "200"
7 | labels:
8 | gitops.tier.group: compliance
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: openshift-compliance
15 | server: https://kubernetes.default.svc
16 | project: services
17 | source:
18 | path: operators/openshift-compliance-operator
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/3-policies/argocd/otp-policies/deploy-aws-managed-cluster-storage-nodes/deploy-aws-managed-cluster-storage-nodes.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: policy-deploy-aws-managed-cluster-storage-nodes
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "300"
7 | labels:
8 | gitops.tier.layer: policies
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: openshift-gitops
14 | server: https://kubernetes.default.svc
15 | project: policies
16 | source:
17 | path: otp-policies/policies/machinepools/aws/storage-nodes
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/submariner/configure-azure.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: submariner-configure-azure
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "495"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: openshift-gitops
14 | server: https://kubernetes.default.svc
15 | project: clusters
16 | source:
17 | path: submariner/configure-azure/
18 | helm:
19 | values: |
20 | azureClustersList:
21 | - azure0
22 | - azure1
23 | syncPolicy:
24 | automated:
25 | prune: true
26 | selfHeal: true
27 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/submariner/add-existing-clusters.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: submariner-add-cluster-clusterset
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "490"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: openshift-gitops
14 | server: https://kubernetes.default.svc
15 | project: clusters
16 | source:
17 | path: submariner/configure-azure/
18 | helm:
19 | values: |
20 | azureClustersList:
21 | - azure0
22 | - azure1
23 | syncPolicy:
24 | automated:
25 | prune: true
26 | selfHeal: true
27 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/bootstrap.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: bootstrap-hub-cluster
5 | namespace: openshift-gitops
6 | spec:
7 | destination:
8 | namespace: openshift-gitops
9 | server: https://kubernetes.default.svc
10 | project: default
11 | source:
12 | path: 0-bootstrap/hub
13 | repoURL: https://github.com/platformengineers-xyz/otp-gitops.git
14 | targetRevision: ${GIT_GITOPS_BRANCH}
15 | syncPolicy:
16 | automated:
17 | prune: true
18 | selfHeal: true
19 | syncOptions:
20 | - PruneLast=true
21 | - ApplyOutOfSyncOnly=true
22 | retry:
23 | limit: 5
24 | backoff:
25 | duration: 5s
26 | factor: 2
27 | maxDuration: 3m
28 |
--------------------------------------------------------------------------------
/setup/argocd-instance/resource-customizations/rhacs.yaml:
--------------------------------------------------------------------------------
1 | kind: ConfigMap
2 | apiVersion: v1
3 | metadata:
4 | name: argocd-cm
5 | namespace: openshift-gitops
6 | data:
7 | resource.customizations.health.platform.stackrox.io_Central: |
8 | hs = {}
9 | if obj.status ~= nil and obj.status.conditions ~= nil then
10 | for i, condition in ipairs(obj.status.conditions) do
11 | if condition.status == "True" and (condition.reason == "InstallSuccessful" or condition.reason =="UpgradeSuccessful") then
12 | hs.status = "Healthy"
13 | hs.message = "Install Successful"
14 | return hs
15 | end
16 | end
17 | end
18 | hs.status = "Progressing"
19 | hs.message = "Waiting for Central to deploy."
20 | return hs
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/cicd/project-cicd/2-services/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | # OpenShift Compliance
3 | - argocd/operators/openshift-compliance-operator.yaml
4 | patches:
5 | - target:
6 | group: argoproj.io
7 | kind: Application
8 | labelSelector: "gitops.tier.layer=services"
9 | patch: |-
10 | - op: add
11 | path: /spec/source/repoURL
12 | value: https://github.com/one-touch-provisioning/otp-gitops-services.git
13 | - op: add
14 | path: /spec/source/targetRevision
15 | value: master
16 | - target:
17 | group: argoproj.io
18 | kind: Application
19 | labelSelector: "gitops.tier.layer=services,gitops.tier.source=helm"
20 | patch: |-
21 | - op: add
22 | path: /spec/source/repoURL
23 | value: https://charts.cloudnativetoolkit.dev
24 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/dev/project-simple/2-services/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | # OpenShift Compliance
3 | - argocd/operators/openshift-compliance-operator.yaml
4 | patches:
5 | - target:
6 | group: argoproj.io
7 | kind: Application
8 | labelSelector: "gitops.tier.layer=services"
9 | patch: |-
10 | - op: add
11 | path: /spec/source/repoURL
12 | value: https://github.com/one-touch-provisioning/otp-gitops-services.git
13 | - op: add
14 | path: /spec/source/targetRevision
15 | value: master
16 | - target:
17 | group: argoproj.io
18 | kind: Application
19 | labelSelector: "gitops.tier.layer=services,gitops.tier.source=helm"
20 | patch: |-
21 | - op: add
22 | path: /spec/source/repoURL
23 | value: https://charts.cloudnativetoolkit.dev
24 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/test/project-easy/2-services/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | # OpenShift Compliance
3 | - argocd/operators/openshift-compliance-operator.yaml
4 | patches:
5 | - target:
6 | group: argoproj.io
7 | kind: Application
8 | labelSelector: "gitops.tier.layer=services"
9 | patch: |-
10 | - op: add
11 | path: /spec/source/repoURL
12 | value: https://github.com/one-touch-provisioning/otp-gitops-services.git
13 | - op: add
14 | path: /spec/source/targetRevision
15 | value: master
16 | - target:
17 | group: argoproj.io
18 | kind: Application
19 | labelSelector: "gitops.tier.layer=services,gitops.tier.source=helm"
20 | patch: |-
21 | - op: add
22 | path: /spec/source/repoURL
23 | value: https://charts.cloudnativetoolkit.dev
24 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/instances/ibm-foundational-services-instance.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: ibm-foundational-services-instance
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "220"
7 | labels:
8 | gitops.tier.group: ibm-cloudpak
9 | gitops.tier.layer: services
10 | spec:
11 | syncPolicy:
12 | automated:
13 | prune: true
14 | selfHeal: true
15 | destination:
16 | namespace: ibm-common-services
17 | server: https://kubernetes.default.svc
18 | project: services
19 | source:
20 | path: instances/ibm-common-services-instance
21 | helm:
22 | values: |
23 | ibm-common-services-instance:
24 | ibmcommonservices:
25 | name: common-service
26 | spec:
27 | size: small
28 |
29 |
--------------------------------------------------------------------------------
/setup/argocd-instance/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | - argocd-instance.yaml
3 | - argocd-cm.yaml
4 |
5 | # Platform
6 |
7 | # Platform services
8 |
9 | # Apps
10 | apiVersion: kustomize.config.k8s.io/v1beta1
11 | kind: Kustomization
12 | patches:
13 | - path: resource-customizations/k8s.yaml
14 | - path: resource-customizations/openshift.yaml
15 | - path: resource-customizations/operators.yaml
16 | - path: resource-customizations/ocs.yaml
17 | - path: resource-customizations/kubevirt.yaml
18 | - path: resource-customizations/external-secrets.yaml
19 | - path: resource-customizations/argocd.yaml
20 | - path: resource-customizations/rhacm.yaml
21 | - path: resource-customizations/rhacs.yaml
22 | - path: resource-customizations/cp4i.yaml
23 | - path: resource-customizations/cpd.yaml
24 | - path: resource-customizations/ansible-automation-platform.yaml
25 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/prod/project-simple/2-services/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | # OpenShift Compliance
3 | - argocd/operators/openshift-compliance-operator.yaml
4 |
5 | # Instances
6 | #- argocd/instances/sysflow.yaml
7 |
8 | patches:
9 | - target:
10 | group: argoproj.io
11 | kind: Application
12 | labelSelector: "gitops.tier.layer=services"
13 | patch: |-
14 | - op: add
15 | path: /spec/source/repoURL
16 | value: https://github.com/one-touch-provisioning/otp-gitops-services.git
17 | - op: add
18 | path: /spec/source/targetRevision
19 | value: master
20 | - target:
21 | group: argoproj.io
22 | kind: Application
23 | labelSelector: "gitops.tier.layer=services,gitops.tier.source=helm"
24 | patch: |-
25 | - op: add
26 | path: /spec/source/repoURL
27 | value: https://charts.cloudnativetoolkit.dev
28 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/storage-odf.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: storage-odf
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "110"
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: openshift-storage
15 | server: https://kubernetes.default.svc
16 | project: infra
17 | source:
18 | path: storage
19 | helm:
20 | values: |
21 | channel: ${CHANNEL}
22 | sizeGiB: 512
23 | storageClass: ${STORCLASS}
24 | argo:
25 | namespace: openshift-gitops
26 | serviceAccount: openshift-gitops-otp-argocd-application-controller
27 | syncPolicy:
28 | automated:
29 | prune: true
30 | selfHeal: true
31 |
--------------------------------------------------------------------------------
/setup/argocd-instance/resource-customizations/argocd.yaml:
--------------------------------------------------------------------------------
1 | kind: ConfigMap
2 | apiVersion: v1
3 | metadata:
4 | name: argocd-cm
5 | namespace: openshift-gitops
6 | data:
7 | resource.customizations.ignoreDifferences.argoproj.io_Application: |
8 | jsonPointers:
9 | - /spec/source/targetRevision
10 | - /spec/source/repoURL
11 | resource.customizations.health.argoproj.io_Application: |
12 | hs = {}
13 | hs.status = "Progressing"
14 | hs.message = ""
15 | if obj.status ~= nil then
16 | if obj.status.health ~= nil then
17 | hs.status = obj.status.health.status
18 | if obj.status.health.message ~= nil then
19 | hs.message = obj.status.health.message
20 | end
21 | end
22 | end
23 | return hs
24 | resource.customizations.ignoreDifferences.argoproj.io_AppProject: |
25 | jsonPointers:
26 | - /spec/sourceRepos
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/submariner/deploy-submariner.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: submariner-deploy-submariner
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "495"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: openshift-gitops
14 | server: https://kubernetes.default.svc
15 | project: clusters
16 | source:
17 | path: submariner/deploy-submariner/
18 | helm:
19 | values: |
20 | clustersList:
21 | - aws0
22 | - aws1
23 | - aws2
24 | - azure0
25 | - azure1
26 | awsClusterList:
27 | - aws0
28 | - aws1
29 | - aws2
30 | syncPolicy:
31 | automated:
32 | prune: true
33 | selfHeal: true
34 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/storage-local-odf.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: localstorage-odf
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "110"
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: openshift-storage
15 | server: https://kubernetes.default.svc
16 | project: infra
17 | source:
18 | path: storage-local
19 | helm:
20 | values: |
21 | channel: ${CHANNEL}
22 | sizeGiB: 512
23 | storageClass: ${STORCLASS}
24 | argo:
25 | namespace: openshift-gitops
26 | serviceAccount: openshift-gitops-otp-argocd-application-controller
27 | syncPolicy:
28 | automated:
29 | prune: true
30 | selfHeal: true
31 |
--------------------------------------------------------------------------------
/setup/argocd-instance/resource-customizations/ansible-automation-platform.yaml:
--------------------------------------------------------------------------------
1 |
2 | kind: ConfigMap
3 | apiVersion: v1
4 | metadata:
5 | name: argocd-cm
6 | namespace: openshift-gitops
7 | data:
8 | resource.customizations.health.automationcontroller.ansible.com_AutomationController: |
9 | hs = {}
10 | hs.status = "Progressing"
11 | hs.message = "Waiting for Automation Controller deployment..."
12 | if obj.status ~= nil and obj.status.conditions ~= nil then
13 | for i, condition in ipairs(obj.status.conditions) do
14 | if condition.status == "True" and condition.type == "Running" then
15 | hs.status = "Healthy"
16 | hs.message = condition.message
17 | return hs
18 | else
19 | hs.status = "Progressing"
20 | hs.message = condition.message
21 | end
22 | end
23 | end
24 | hs.status = "Progressing"
25 | return hs
26 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/instances/rhsso-integration-managed-clusters.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: rhsso-integration-managed-clusters
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "253"
7 | labels:
8 | gitops.tier.group: otp
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: sso-integration
15 | server: https://kubernetes.default.svc
16 | project: services
17 | source:
18 | path: instances/rhsso-integration-managed-clusters
19 | helm:
20 | values: |
21 | clustersList:
22 | - aws-cluster-shared-0
23 | - aws-cluster-shared-1
24 | - aws-cluster-shared-2
25 | - aws-cluster-shared-03
26 | - azure-cluster-06
27 | syncPolicy:
28 | automated:
29 | prune: true
30 | selfHeal: true
--------------------------------------------------------------------------------
/setup/argocd-instance/resource-customizations/external-secrets.yaml:
--------------------------------------------------------------------------------
1 | kind: ConfigMap
2 | apiVersion: v1
3 | metadata:
4 | name: argocd-cm
5 | namespace: openshift-gitops
6 | data:
7 | resource.customizations.health.external-secrets.io_ClusterSecretStore: |
8 | hs = {}
9 | hs.status = "Progressing"
10 | hs.message = ""
11 | if obj.status ~= nil then
12 | if obj.status.conditions ~= nil then
13 | for i, condition in ipairs(obj.status.conditions) do
14 | if condition.type == "Ready" and condition.status == "False" then
15 | hs.status = "Degraded"
16 | hs.message = condition.message
17 | return hs
18 | end
19 | if condition.type == "Ready" and condition.status == "True" then
20 | hs.status = "Healthy"
21 | hs.message = condition.message
22 | return hs
23 | end
24 | end
25 | end
26 | end
27 | return hs
28 |
--------------------------------------------------------------------------------
/setup/argocd-instance/argocd-cm.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ConfigMap
3 | metadata:
4 | name: argocd-cm
5 | namespace: openshift-gitops
6 | labels:
7 | app.kubernetes.io/name: argocd-cm
8 | app.kubernetes.io/part-of: argocd
9 | data:
10 | # Enables application status badge feature
11 | statusbadge.enabled: "true"
12 |
13 | # Configuration to completely ignore entire classes of resource group/kinds (optional).
14 | # Excluding high-volume resources improves performance and memory usage, and reduces load and
15 | # bandwidth to the Kubernetes API server.
16 | # These are globs, so a "*" will match all values.
17 | # If you omit groups/kinds/clusters then they will match all groups/kind/clusters.
18 | # NOTE: events.k8s.io and metrics.k8s.io are excluded by default
19 | resource.exclusions: |
20 | - apiGroups:
21 | - tekton.dev
22 | clusters:
23 | - '*'
24 | kinds:
25 | - TaskRun
26 | - PipelineRun
27 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/instances/sealed-secrets.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: sealed-secrets
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "200"
7 | labels:
8 | gitops.tier.group: otp
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: sealed-secrets
15 | server: https://kubernetes.default.svc
16 | project: services
17 | source:
18 | path: instances/sealed-secrets
19 | helm:
20 | values: |
21 | sealed-secrets:
22 | commandArgs:
23 | - "--update-status"
24 | securityContext:
25 | # securityContext.runAsUser defines under which user the operator Pod and its containers/processes run.
26 | runAsUser: ""
27 | # securityContext.fsGroup defines the filesystem group
28 | fsGroup: ""
29 | syncPolicy:
30 | automated:
31 | prune: true
32 | selfHeal: true
33 |
--------------------------------------------------------------------------------
/setup/argocd-instance/resource-customizations/operators.yaml:
--------------------------------------------------------------------------------
1 | kind: ConfigMap
2 | apiVersion: v1
3 | metadata:
4 | name: argocd-cm
5 | namespace: openshift-gitops
6 | data:
7 | # https://github.com/operator-framework/olm-broker/blob/master/vendor/github.com/operator-framework/operator-lifecycle-manager/pkg/api/apis/operators/v1alpha1/installplan_types.go#L51
8 | resource.customizations.health.operators.coreos.com_InstallPlan: |
9 | hs = {}
10 | if obj.status ~= nil then
11 | if obj.status.phase ~= nil then
12 | hs.message = obj.status.phase
13 | if obj.status.phase == "Failed" then
14 | hs.status = "Degraded"
15 | return hs
16 | elseif obj.status.phase == "Complete" then
17 | hs.status = "Healthy"
18 | return hs
19 | end
20 | end
21 | end
22 | hs.status = "Progressing"
23 | return hs
24 | resource.customizations.ignoreDifferences.operators.coreos.com_OperatorGroup: |
25 | jsonPointers:
26 | - /metadata/annotations/olm.providedAPIs
27 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/machinepools.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: machinepools
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: openshift-gitops
15 | server: https://kubernetes.default.svc
16 | project: infra
17 | source:
18 | path: machinepools
19 | helm:
20 | values: |
21 | # cloudProvider.name set to aws, azure or vsphere
22 | cloudProvider:
23 | name: "${PLATFORM}"
24 | managed: ${MANAGED}
25 | # only for "aws" or "azure" maybe "gcp"
26 | cloud:
27 | clusterName: ${CLUSTERNAME}
28 | # only for "vsphere" - ignored for other
29 | vsphere:
30 | clusterName: ${CLUSTERNAME}
31 | syncPolicy:
32 | automated:
33 | prune: true
34 | selfHeal: true
35 |
36 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/operators/grafana-operator.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: grafana-operator
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "200"
7 | labels:
8 | gitops.tier.group: otp
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: tools
15 | server: 'https://kubernetes.default.svc'
16 | project: services
17 | source:
18 | path: operators/grafana
19 | helm:
20 | values: |
21 | grafana-operator:
22 | subscriptions:
23 | grafana:
24 | name: grafana-operator
25 | subscription:
26 | channel: alpha
27 | installPlanApproval: Automatic
28 | name: grafana-operator
29 | source: community-operators
30 | sourceNamespace: openshift-marketplace
31 | syncPolicy:
32 | automated:
33 | prune: true
34 | selfHeal: true
35 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/operators/ibm-foundations.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: ibm-common-services
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "210"
7 | labels:
8 | gitops.tier.group: ibm-cloudpak
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: openshift-operators
15 | server: 'https://kubernetes.default.svc'
16 | project: services
17 | source:
18 | path: operators/ibm-foundations
19 | helm:
20 | values: |
21 | ibm-common-services:
22 | subscriptions:
23 | subscription:
24 | channel: v3
25 | config:
26 | resources: {}
27 | installPlanApproval: Automatic
28 | name: ibm-common-service-operator
29 | source: opencloud-operators
30 | sourceNamespace: openshift-marketplace
31 | syncPolicy:
32 | automated:
33 | prune: true
34 | selfHeal: true
35 |
--------------------------------------------------------------------------------
/setup/argocd-instance/resource-customizations/kubevirt.yaml:
--------------------------------------------------------------------------------
1 | kind: ConfigMap
2 | apiVersion: v1
3 | metadata:
4 | name: argocd-cm
5 | namespace: openshift-gitops
6 | data:
7 | resource.customizations.health.hco.kubevirt.io_HyperConverged: |
8 | hs = { status="Progressing", message="No status available"}
9 | if obj.status ~= nil then
10 | if obj.status.conditions ~= nil then
11 | for i, condition in ipairs(obj.status.conditions) do
12 | if condition.type == "Available" and condition.status == "True" then
13 | hs.status = "Healthy"
14 | hs.message = "Status is Available"
15 | elseif condition.type == "Degraded" and condition.status == "True" then
16 | hs.status = "Degraded"
17 | hs.message = condition.reason
18 | elseif condition.type == "Progressing" and condition.status == "True" then
19 | hs.message = condition.reason
20 | end
21 | end
22 | end
23 | if obj.status.phase ~= nil then
24 | hs.message = obj.status.phase
25 | end
26 | end
27 | return hs
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/clusters/dev/aws/aws-dev/aws-dev.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: clusters-aws-dev
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "450"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | syncPolicy:
13 | automated:
14 | prune: true
15 | selfHeal: true
16 | destination:
17 | namespace: openshift-gitops
18 | server: https://kubernetes.default.svc
19 | project: clusters
20 | source:
21 | path: clusters/deploy/external-secrets/aws/
22 | helm:
23 | values: |
24 | cluster: aws-dev
25 | imageName: 4.10.18
26 |
27 | managedCluster:
28 | status: "enabled" # Valid values "enabled" or "disabled"
29 | managedRepo: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS} # Repository that will be used to manage the Cluster resources
30 |
31 | powerState: Running
32 |
33 | provider:
34 | region: ap-southeast-2
35 | baseDomain:
36 | sshPublickey:
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/clusters/prod/aws/aws-prod/aws-prod.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: clusters-aws-prod
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "450"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | syncPolicy:
13 | automated:
14 | prune: true
15 | selfHeal: true
16 | destination:
17 | namespace: openshift-gitops
18 | server: https://kubernetes.default.svc
19 | project: clusters
20 | source:
21 | path: clusters/deploy/external-secrets/aws/
22 | helm:
23 | values: |
24 | cluster: aws-prod
25 | imageName: 4.10.18
26 |
27 | managedCluster:
28 | status: "enabled" # Valid values "enabled" or "disabled"
29 | managedRepo: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS} # Repository that will be used to manage the Cluster resources
30 |
31 | powerState: Running
32 |
33 | provider:
34 | region: ap-southeast-2
35 | baseDomain:
36 | sshPublickey:
--------------------------------------------------------------------------------
/doc/usage.md:
--------------------------------------------------------------------------------
1 | # Usage Examples
2 |
3 | Welcome to the One Touch Provisioning (OTP) GitOps documentation! Below you'll find comprehensive guides and examples to help you get started with our powerful automation tools.
4 |
5 | ## Featured Use Cases
6 |
7 | - [Auto-discovery and Import of Existing OpenShift Clusters](auto-discovery-and-import.md)
8 | - Seamlessly discover and import your existing OpenShift clusters into the OTP ecosystem
9 |
10 | - [Hibernating Managed OpenShift Clusters](hibernating-clusters.md)
11 | - Learn how to efficiently manage cluster resources by hibernating clusters when not in use
12 |
13 | - [Managing IaaS Providers within IBM Infrastructure Automation](ibm-infra-automation.md)
14 | - Streamline your infrastructure management with IBM's automation capabilities
15 |
16 | - [Deployment of Cloud Paks through OpenShift GitOps](deploy-ibm-cloud-paks.md)
17 | - Deploy IBM Cloud Paks efficiently using GitOps practices
18 |
19 | Each guide provides step-by-step instructions, best practices, and real-world examples to help you succeed with OTP GitOps.
20 |
21 | [Back to Main Repository]
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/clusterclaims/cicd/aws/project-cicd.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: clusters-clusterclaim-aws-cicd-project-easy
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "460"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | ignoreDifferences:
13 | - group: hive.openshift.io
14 | kind: ClusterClaim
15 | jqPathExpressions:
16 | - .metadata.annotations."cluster.open-cluster-management.io/createmanagedcluster"
17 | syncPolicy:
18 | automated:
19 | prune: false
20 | selfHeal: true
21 | destination:
22 | namespace: openshift-gitops
23 | server: https://kubernetes.default.svc
24 | project: clusters
25 | source:
26 | path: clusterclaims
27 | helm:
28 | values: |
29 | clusterClaimName: aws-cicd-project-cicd
30 |
31 | clusterPoolName: aws-cicd-pool
32 |
33 | managedCluster:
34 | status: "enabled"
35 | managedRepo: https://github.com/testing-gitops/otp-gitops.git
36 | environment: cicd
37 | projectName: project-cicd
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/operators/ibm-automation-foundation-core-operator.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: ibm-automation-foundation-core-operator
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "215"
7 | labels:
8 | gitops.tier.group: ibm-cloudpak
9 | gitops.tier.layer: services
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: openshift-operators
15 | server: 'https://kubernetes.default.svc'
16 | project: services
17 | source:
18 | path: operators/ibm-automation-foundation-core-operator
19 | helm:
20 | values: |
21 | ibm-automation-foundation-core-operator:
22 | subscriptions:
23 | ibmautomation:
24 | name: ibm-automation-foundation-core
25 | subscription:
26 | channel: v1.1
27 | installPlanApproval: Automatic
28 | name: ibm-automation-core
29 | source: iaf-core-operators
30 | sourceNamespace: openshift-marketplace
31 | syncPolicy:
32 | automated:
33 | prune: true
34 | selfHeal: true
35 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/clusterclaims/dev/aws/project-simple.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: clusters-clusterclaim-aws-dev-project-simple
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "460"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | ignoreDifferences:
13 | - group: hive.openshift.io
14 | kind: ClusterClaim
15 | jqPathExpressions:
16 | - .metadata.annotations."cluster.open-cluster-management.io/createmanagedcluster"
17 | syncPolicy:
18 | automated:
19 | prune: false
20 | selfHeal: true
21 | destination:
22 | namespace: openshift-gitops
23 | server: https://kubernetes.default.svc
24 | project: clusters
25 | source:
26 | path: clusterclaims
27 | helm:
28 | values: |
29 | clusterClaimName: aws-dev-project-simple
30 |
31 | clusterPoolName: aws-dev-pool
32 |
33 | managedCluster:
34 | status: "enabled"
35 | managedRepo: https://github.com/testing-gitops/otp-gitops.git
36 | environment: dev
37 | projectName: project-simple
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/clusterclaims/test/aws/project-easy.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: clusters-clusterclaim-aws-test-project-easy
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "460"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | ignoreDifferences:
13 | - group: hive.openshift.io
14 | kind: ClusterClaim
15 | jqPathExpressions:
16 | - .metadata.annotations."cluster.open-cluster-management.io/createmanagedcluster"
17 | syncPolicy:
18 | automated:
19 | prune: false
20 | selfHeal: true
21 | destination:
22 | namespace: openshift-gitops
23 | server: https://kubernetes.default.svc
24 | project: clusters
25 | source:
26 | path: clusterclaims
27 | helm:
28 | values: |
29 | clusterClaimName: aws-test-project-easy
30 |
31 | clusterPoolName: aws-test-pool
32 |
33 | managedCluster:
34 | status: "enabled"
35 | managedRepo: https://github.com/testing-gitops/otp-gitops.git
36 | environment: test
37 | projectName: project-test
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/clusterclaims/prod/aws/project-simple.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: clusters-clusterclaim-aws-prod-project-simple
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "460"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | ignoreDifferences:
13 | - group: hive.openshift.io
14 | kind: ClusterClaim
15 | jqPathExpressions:
16 | - .metadata.annotations."cluster.open-cluster-management.io/createmanagedcluster"
17 | syncPolicy:
18 | automated:
19 | prune: false
20 | selfHeal: true
21 | destination:
22 | namespace: openshift-gitops
23 | server: https://kubernetes.default.svc
24 | project: clusters
25 | source:
26 | path: clusterclaims
27 | helm:
28 | values: |
29 | clusterClaimName: aws-prod-project-simple
30 |
31 | clusterPoolName: aws-prod-pool
32 |
33 | managedCluster:
34 | status: "enabled"
35 | managedRepo: https://github.com/testing-gitops/otp-gitops.git
36 | environment: prod
37 | projectName: project-simple
--------------------------------------------------------------------------------
/0-bootstrap/hub/5-apps/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | ## Optional Components. These are NOT required for OTP, but can be enabled.
3 |
4 | ## WAIOps Infrastructure Automation Pipelines
5 | #- argocd/pipelines/tekton-mcm-gitops.yaml
6 | #- argocd/pipelines/tekton-mcm-providers.yaml
7 |
8 |
9 | ## Create Instana Virtual Machines
10 | #- argocd/infra/virtual-machines/instana/instana-vm.yaml
11 |
12 | # Cert Manager
13 | #- argocd/cluster-services/cert-manager/cert-manager.yaml
14 |
15 | ## Vault
16 | #- argocd/vault/vault.yaml
17 |
18 | ## AWS Cloud Watch
19 | #- argocd/cluster-services/amazon-cloudwatch/amazon-cloudwatch.yaml
20 |
21 | ## Deploy Applications to Managed Clusters
22 | ## Include the Applications you wish to deploy below
23 | ## An example has been provided
24 | #- argocd/cloudpaks/cp4i/cp4i.yaml
25 |
26 | patches:
27 | - target:
28 | group: argoproj.io
29 | kind: Application
30 | labelSelector: "gitops.tier.layer=applications"
31 | patch: |-
32 | - op: add
33 | path: /spec/source/repoURL
34 | value: https://github.com/platformengineers-xyz/otp-gitops-apps.git
35 | - op: add
36 | path: /spec/source/targetRevision
37 | value: ${GIT_GITOPS_BRANCH}
38 |
--------------------------------------------------------------------------------
/doc/ipi-options.md:
--------------------------------------------------------------------------------
1 | # Installer Provisioned Infrastructure (IPI) - Installation Options
2 |
3 | Welcome to the OpenShift Container Platform installation guide! This document provides you with step-by-step instructions for deploying OpenShift using the Installer Provisioned Infrastructure (IPI) method across various cloud and virtualization platforms.
4 |
5 | ## Available Installation Options
6 |
7 | Choose your preferred platform from the following options:
8 |
9 | - [AWS](https://docs.openshift.com/container-platform/4.11/installing/installing_aws/installing-aws-default.html) - Deploy OpenShift on Amazon Web Services
10 | - [Azure](https://docs.openshift.com/container-platform/4.11/installing/installing_azure/installing-azure-default.html) - Set up OpenShift on Microsoft Azure
11 | - [VMware](https://docs.openshift.com/container-platform/4.11/installing/installing_vsphere/installing-vsphere-installer-provisioned.html) - Install OpenShift on VMware vSphere
12 |
13 | Each guide provides detailed instructions for a successful deployment, including prerequisites, configuration steps, and post-installation verification.
14 |
15 | (back to main)
--------------------------------------------------------------------------------
/setup/argocd-instance/resource-customizations/openshift.yaml:
--------------------------------------------------------------------------------
1 | kind: ConfigMap
2 | apiVersion: v1
3 | metadata:
4 | name: argocd-cm
5 | namespace: openshift-gitops
6 | data:
7 | resource.customizations.health.machine.openshift.io_MachineSet: |
8 | hs = {}
9 | if obj.status ~= nil then
10 | hs.message = "Not Ready"
11 | if obj.status.replicas == 0 then
12 | hs.status = "Healthy"
13 | return hs
14 | end
15 | if obj.status.replicas == obj.status.availableReplicas then
16 | hs.status = "Healthy"
17 | else
18 | hs.status = "Progressing"
19 | end
20 | return hs
21 | end
22 | hs.status = "Progressing"
23 | hs.message = "Unknown"
24 | return hs
25 | resource.customizations.health.machine.openshift.io_Machine: |
26 | hs = {}
27 | if obj.status ~= nil then
28 | hs.message = obj.status.phase
29 | if obj.status.nodeRef ~= nil then
30 | hs.status = "Healthy"
31 | return hs
32 | else
33 | hs.status = "Progressing"
34 | return hs
35 | end
36 | end
37 | resource.customizations.ignoreDifferences.build.openshift.io_BuildConfig: |
38 | jsonPointers:
39 | - /status/lastVersion
40 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/clusters/prod/azure/azure-prod/azure-prod.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: clusters-azure-azure-prod
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "450"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | syncPolicy:
13 | automated:
14 | prune: true
15 | selfHeal: true
16 | destination:
17 | namespace: openshift-gitops
18 | server: https://kubernetes.default.svc
19 | project: clusters
20 | source:
21 | path: clusters/deploy/external-secrets/azure/
22 | helm:
23 | values: |
24 | cluster: azure-prod
25 | imageName: 4.10.18
26 |
27 | managedCluster:
28 | status: "enabled" # Valid values "enabled" or "disabled"
29 | managedRepo: https://github.com/testing-gitops/otp-gitops.git # Repository that will be used to manage the Cluster resources
30 |
31 | powerState: Running
32 |
33 | provider:
34 | region: australiaeast
35 | baseDomain: azure01.ibmdojo01.com
36 | resource_group: dojo-dns-zones
37 | sshPublickey:
38 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/clusterclaims/TEMPLATE/TEMPLATE-CLOUD/TEMPLATE-APP.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: clusters-clusterclaim-aws-cicd-project-easy
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "460"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | ignoreDifferences:
13 | - group: hive.openshift.io
14 | kind: ClusterClaim
15 | jqPathExpressions:
16 | - .metadata.annotations."cluster.open-cluster-management.io/createmanagedcluster"
17 | syncPolicy:
18 | automated:
19 | prune: false
20 | selfHeal: true
21 | syncOptions:
22 | - RespectIgnoreDifferences=true
23 | destination:
24 | namespace: openshift-gitops
25 | server: https://kubernetes.default.svc
26 | project: clusters
27 | source:
28 | path: clusterclaims
29 | helm:
30 | values: |
31 | clusterClaimName: aws-cicd-project-cicd
32 |
33 | clusterPoolName: aws-cicd-pool
34 |
35 | managedCluster:
36 | status: "enabled"
37 | managedRepo: https://github.com/testing-gitops/otp-gitops.git
38 | environment: cicd
39 | projectName: project-cicd
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/clusterpools/t-shirt-sizing/medium.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: azure-medium-clusterpool
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "410"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | syncPolicy:
13 | automated:
14 | prune: true
15 | selfHeal: true
16 | destination:
17 | namespace: openshift-gitops
18 | server: https://kubernetes.default.svc
19 | project: clusters
20 | source:
21 | path: clusterpools/azure/
22 | helm:
23 | values: |
24 | clusterpoolName: azure-medium-clusterpool
25 | imageName: 4.12.2
26 | provider:
27 | region: eastus
28 | baseDomain: << base-domain >>
29 | sshPublickey: << ssh public key >>
30 | resource_group: << resource group >>
31 |
32 | ${GIT_GITOPS_BRANCH}s:
33 | architecture: amd64
34 | count: 3
35 | diskSize: 128
36 | machineType: Standard_D8s_v3
37 |
38 | workers:
39 | architecture: amd64
40 | count: 3
41 | diskSize: 128
42 | machineType: Standard_D8s_v3
43 |
44 | poolSize: 0
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/clusterpools/t-shirt-sizing/large.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: azure-large-clusterpool
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "410"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | syncPolicy:
13 | automated:
14 | prune: true
15 | selfHeal: true
16 | destination:
17 | namespace: openshift-gitops
18 | server: https://kubernetes.default.svc
19 | project: clusters
20 | source:
21 | path: clusterpools/azure/
22 | helm:
23 | values: |
24 | clusterpoolName: azure-large-clusterpool
25 | imageName: 4.12.2
26 | provider:
27 | region: eastus
28 | baseDomain: << base-domain >>
29 | sshPublickey: << ssh public key >>
30 | resource_group: << resource group >>
31 |
32 | ${GIT_GITOPS_BRANCH}s:
33 | architecture: amd64
34 | count: 3
35 | diskSize: 128
36 | machineType: Standard_D8s_v3
37 |
38 | workers:
39 | architecture: amd64
40 | count: 3
41 | diskSize: 256
42 | machineType: Standard_D16s_v3
43 |
44 | poolSize: 0
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/clusterpools/t-shirt-sizing/small.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: azure-small-clusterpool
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "410"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | syncPolicy:
13 | automated:
14 | prune: true
15 | selfHeal: true
16 | destination:
17 | namespace: openshift-gitops
18 | server: https://kubernetes.default.svc
19 | project: clusters
20 | source:
21 | path: clusterpools/azure/
22 | helm:
23 | values: |
24 | clusterpoolName: azure-small-clusterpool
25 | imageName: 4.12.2
26 | provider:
27 | region: eastus
28 | baseDomain: << base-domain >>
29 | sshPublickey: << ssh public key >>
30 | resource_group: << resource group >>
31 |
32 | ${GIT_GITOPS_BRANCH}s:
33 | architecture: amd64
34 | count: 3
35 | diskSize: 128
36 | machineType: Standard_D8s_v3
37 |
38 | workers:
39 | architecture: amd64
40 | count: 3
41 | diskSize: 128
42 | machineType: Standard_D4s_v3
43 |
44 | poolSize: 3
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/machinesets.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: machinesets
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: openshift-gitops
15 | server: https://kubernetes.default.svc
16 | project: infra
17 | source:
18 | path: machinesets
19 | helm:
20 | values: |
21 | infrastructureId: "${INFRASTRUCTURE_ID}"
22 | # cloudProvider.name set to aws, azure or vsphere
23 | cloudProvider:
24 | name: "${PLATFORM}"
25 | managed: ${MANAGED}
26 | # only for "aws" or "azure" maybe "gcp"
27 | cloud:
28 | region: ${REGION}
29 | image: ${IMAGE_NAME}
30 | # only for "vsphere" - ignored for other
31 | vsphere:
32 | networkName: ${VS_NETWORK}
33 | datacenter: ${VS_DATACENTER}
34 | datastore: ${VS_DATASTORE}
35 | cluster: ${VS_CLUSTER}
36 | server: ${VS_SERVER}
37 | syncPolicy:
38 | automated:
39 | prune: true
40 | selfHeal: true
41 |
42 |
--------------------------------------------------------------------------------
/doc/auto-discovery-and-import.md:
--------------------------------------------------------------------------------
1 | # Auto-discovery and Import of Existing OpenShift Clusters
2 |
3 | ## Overview
4 | Red Hat Advanced Cluster Management (RHACM) provides a powerful Discovery Service that automatically discovers and imports OpenShift clusters configured within your Red Hat OpenShift Cluster Manager (RHOCM) account. This feature streamlines cluster management by eliminating manual configuration steps.
5 |
6 | ## Benefits
7 | - **Automated Discovery**: Seamlessly detect clusters in your RHOCM account
8 | - **Zero-Touch Import**: Automatically import discovered clusters into RHACM
9 | - **Simplified Management**: Reduce manual configuration and potential errors
10 |
11 | ## Implementation
12 | To enable auto-discovery and import functionality, include the following resource in your configuration:
13 |
14 | ```yaml
15 | resources:
16 | ## Discover & Import Existing Clusters
17 | - argocd/clusters/discover/discover-openshift.yaml
18 | ```
19 |
20 | ## Manual Alternative
21 | While the Discovery Service provides automated cluster management, you can still manually discover and import clusters if needed. However, this approach requires additional configuration steps and careful attention to detail.
22 |
23 | (back to main)
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/4-clusters.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: argoproj.io/v1alpha1
3 | kind: AppProject
4 | metadata:
5 | name: clusters
6 | labels:
7 | gitops.tier.layer: clusters
8 | spec:
9 | sourceRepos: [] # Populated by kustomize patches in 4-clusters/kustomization.yaml
10 | destinations:
11 | - namespace: '*'
12 | server: '*'
13 | clusterResourceWhitelist:
14 | - group: '*'
15 | kind: '*'
16 | roles:
17 | # A role which provides read-only access to all applications in the project
18 | - name: read-only
19 | description: Read-only privileges to my-project
20 | policies:
21 | - p, proj:my-project:read-only, applications, get, my-project/*, allow
22 | groups:
23 | - argocd-admins
24 | ---
25 | apiVersion: argoproj.io/v1alpha1
26 | kind: Application
27 | metadata:
28 | name: clusters
29 | annotations:
30 | argocd.argoproj.io/sync-wave: "400"
31 | labels:
32 | gitops.tier.layer: gitops
33 | spec:
34 | destination:
35 | namespace: openshift-gitops
36 | server: https://kubernetes.default.svc
37 | project: clusters
38 | source: # repoURL and targetRevision populated by kustomize patches in 4-clusters/kustomization.yaml
39 | path: 0-bootstrap/hub/4-clusters
40 | syncPolicy:
41 | automated:
42 | prune: true
43 | selfHeal: true
44 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/5-apps/5-apps.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: argoproj.io/v1alpha1
3 | kind: AppProject
4 | metadata:
5 | name: applications
6 | labels:
7 | gitops.tier.layer: applications
8 | spec:
9 | sourceRepos: [] # Populated by kustomize patches in 5-apps/kustomization.yaml
10 | destinations:
11 | - namespace: '*'
12 | server: https://kubernetes.default.svc
13 | clusterResourceWhitelist:
14 | - group: '*'
15 | kind: '*'
16 | roles:
17 | # A role which provides read-only access to all applications in the project
18 | - name: read-only
19 | description: Read-only privileges to my-project
20 | policies:
21 | - p, proj:my-project:read-only, applications, get, my-project/*, allow
22 | groups:
23 | - argocd-admins
24 | ---
25 | apiVersion: argoproj.io/v1alpha1
26 | kind: Application
27 | metadata:
28 | name: applications
29 | annotations:
30 | argocd.argoproj.io/sync-wave: "500"
31 | labels:
32 | gitops.tier.layer: gitops
33 | spec:
34 | destination:
35 | namespace: openshift-gitops
36 | server: https://kubernetes.default.svc
37 | project: applications
38 | source: # repoURL and targetRevision populated by kustomize patches in 5-apps/kustomization.yaml
39 | path: 0-bootstrap/hub/5-apps
40 | syncPolicy:
41 | automated:
42 | prune: true
43 | selfHeal: true
44 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/3-policies/3-policies.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: argoproj.io/v1alpha1
3 | kind: AppProject
4 | metadata:
5 | name: policies
6 | labels:
7 | gitops.tier.layer: policies
8 | spec:
9 | sourceRepos: [] # Populated by kustomize patches in 3-policies/kustomization.yaml
10 | destinations:
11 | - namespace: '*'
12 | server: https://kubernetes.default.svc
13 | clusterResourceWhitelist:
14 | - group: '*'
15 | kind: '*'
16 | roles:
17 | # A role which provides read-only access to all applications in the project
18 | - name: read-only
19 | description: Read-only privileges to my-project
20 | policies:
21 | - p, proj:my-project:read-only, applications, get, my-project/*, allow
22 | groups:
23 | - argocd-admins
24 | ---
25 | apiVersion: argoproj.io/v1alpha1
26 | kind: Application
27 | metadata:
28 | name: policies
29 | annotations:
30 | argocd.argoproj.io/sync-wave: "300"
31 | labels:
32 | gitops.tier.layer: gitops
33 | spec:
34 | destination:
35 | namespace: openshift-gitops
36 | server: https://kubernetes.default.svc
37 | project: policies
38 | source: # repoURL and targetRevision populated by kustomize patches in 3-policies/kustomization.yaml
39 | path: 0-bootstrap/hub/3-policies
40 | syncPolicy:
41 | automated:
42 | prune: true
43 | selfHeal: true
44 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/infra/providers/rhacm/aws/external-secrets/aws.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: rhacm-credentials-aws
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "400"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: rhacm-credentials
14 | server: https://kubernetes.default.svc
15 | project: clusters
16 | syncPolicy:
17 | automated:
18 | prune: true
19 | selfHeal: true
20 | source:
21 | path: rhacm/providers/external-secrets/
22 | helm:
23 | values: |
24 | # RHACM Provider Name
25 | rhacmProviderName: aws
26 |
27 | # Cloud (e.g. aws, azure, vsphere, rhocm)
28 | cloudProvider:
29 | name: "aws"
30 |
31 | # Required Values
32 | awsSecrets:
33 | awsAccessKeyRef: 88671bfc-14d4-29ad-ab9b-950eaac3808f
34 | awsSecretKeyRef: ac307a9e-41fc-23df-2f28-3ce521b971ea
35 | awsBaseDomainRef: 3ab49d22-2408-3dd0-3891-7d613f74c293
36 | openshiftPullSecretRef: 115f3c37-cd7c-5704-173f-a8a3e1234b2d
37 | openshiftSSHPrivateKeyRef: 9f9063e0-1525-2534-cf8e-9c85096c7b3d
38 | openshiftSSHPublicKeyRef: 90a961eb-dfd6-dbbc-049f-a532560614f6
39 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/consolenotification.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: otp-consolenotification
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "100"
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | syncPolicy:
14 | automated:
15 | prune: true
16 | selfHeal: true
17 | destination:
18 | namespace: openshift-gitops
19 | server: https://kubernetes.default.svc
20 | project: infra
21 | source:
22 | path: consolenotification
23 | helm:
24 | values: |
25 | ocp-console-notification:
26 | ## The name of the ConsoleNotification resource in the cluster
27 | name: "banner-env"
28 |
29 | ## The background color that should be used for the banner
30 | backgroundColor: blue
31 | ## The color of the text that will appear in the banner
32 | color: "#fff"
33 | ## The location of the banner. Options: BannerTop, BannerBottom, BannerTopBottom
34 | location: BannerTop
35 | ## The text that should be displayed in the banner. This value is required for the banner to be created
36 | text: "Red Hat Advanced Cluster Management Hub Cluster (Inc. IBM Infrastructure Automation)"
37 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/cicd/project-cicd/1-infra/1-infra.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: argoproj.io/v1alpha1
3 | kind: AppProject
4 | metadata:
5 | name: infra
6 | labels:
7 | gitops.tier.layer: infra
8 | spec:
9 | sourceRepos: [] # Populated by kustomize patches in 1-infra/kustomization.yaml
10 | destinations:
11 | - namespace: '*'
12 | server: https://kubernetes.default.svc
13 | clusterResourceWhitelist:
14 | - group: '*'
15 | kind: '*'
16 | roles:
17 | # A role which provides read-only access to all applications in the project
18 | - name: read-only
19 | description: Read-only privileges to my-project
20 | policies:
21 | - p, proj:my-project:read-only, applications, get, my-project/*, allow
22 | groups:
23 | - argocd-admins
24 | ---
25 | apiVersion: argoproj.io/v1alpha1
26 | kind: Application
27 | metadata:
28 | name: infra
29 | annotations:
30 | argocd.argoproj.io/sync-wave: "100"
31 | labels:
32 | gitops.tier.layer: gitops
33 | spec:
34 | destination:
35 | namespace: openshift-gitops
36 | server: https://kubernetes.default.svc
37 | project: infra
38 | source: # repoURL and targetRevision populated by kustomize patches in 1-infra/kustomization.yaml
39 | path: 0-bootstrap/3-clusters/argocd/clusters/EXAMPLE/managed/aws/aws5/1-infra
40 | syncPolicy:
41 | automated:
42 | prune: true
43 | selfHeal: true
44 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/dev/project-simple/1-infra/1-infra.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: argoproj.io/v1alpha1
3 | kind: AppProject
4 | metadata:
5 | name: infra
6 | labels:
7 | gitops.tier.layer: infra
8 | spec:
9 | sourceRepos: [] # Populated by kustomize patches in 1-infra/kustomization.yaml
10 | destinations:
11 | - namespace: '*'
12 | server: https://kubernetes.default.svc
13 | clusterResourceWhitelist:
14 | - group: '*'
15 | kind: '*'
16 | roles:
17 | # A role which provides read-only access to all applications in the project
18 | - name: read-only
19 | description: Read-only privileges to my-project
20 | policies:
21 | - p, proj:my-project:read-only, applications, get, my-project/*, allow
22 | groups:
23 | - argocd-admins
24 | ---
25 | apiVersion: argoproj.io/v1alpha1
26 | kind: Application
27 | metadata:
28 | name: infra
29 | annotations:
30 | argocd.argoproj.io/sync-wave: "100"
31 | labels:
32 | gitops.tier.layer: gitops
33 | spec:
34 | destination:
35 | namespace: openshift-gitops
36 | server: https://kubernetes.default.svc
37 | project: infra
38 | source: # repoURL and targetRevision populated by kustomize patches in 1-infra/kustomization.yaml
39 | path: 0-bootstrap/3-clusters/argocd/clusters/EXAMPLE/managed/aws/aws5/1-infra
40 | syncPolicy:
41 | automated:
42 | prune: true
43 | selfHeal: true
44 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/test/project-easy/1-infra/1-infra.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: argoproj.io/v1alpha1
3 | kind: AppProject
4 | metadata:
5 | name: infra
6 | labels:
7 | gitops.tier.layer: infra
8 | spec:
9 | sourceRepos: [] # Populated by kustomize patches in 1-infra/kustomization.yaml
10 | destinations:
11 | - namespace: '*'
12 | server: https://kubernetes.default.svc
13 | clusterResourceWhitelist:
14 | - group: '*'
15 | kind: '*'
16 | roles:
17 | # A role which provides read-only access to all applications in the project
18 | - name: read-only
19 | description: Read-only privileges to my-project
20 | policies:
21 | - p, proj:my-project:read-only, applications, get, my-project/*, allow
22 | groups:
23 | - argocd-admins
24 | ---
25 | apiVersion: argoproj.io/v1alpha1
26 | kind: Application
27 | metadata:
28 | name: infra
29 | annotations:
30 | argocd.argoproj.io/sync-wave: "100"
31 | labels:
32 | gitops.tier.layer: gitops
33 | spec:
34 | destination:
35 | namespace: openshift-gitops
36 | server: https://kubernetes.default.svc
37 | project: infra
38 | source: # repoURL and targetRevision populated by kustomize patches in 1-infra/kustomization.yaml
39 | path: 0-bootstrap/3-clusters/argocd/clusters/EXAMPLE/managed/aws/aws5/1-infra
40 | syncPolicy:
41 | automated:
42 | prune: true
43 | selfHeal: true
44 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/prod/project-simple/1-infra/1-infra.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: argoproj.io/v1alpha1
3 | kind: AppProject
4 | metadata:
5 | name: infra
6 | labels:
7 | gitops.tier.layer: infra
8 | spec:
9 | sourceRepos: [] # Populated by kustomize patches in 1-infra/kustomization.yaml
10 | destinations:
11 | - namespace: '*'
12 | server: https://kubernetes.default.svc
13 | clusterResourceWhitelist:
14 | - group: '*'
15 | kind: '*'
16 | roles:
17 | # A role which provides read-only access to all applications in the project
18 | - name: read-only
19 | description: Read-only privileges to my-project
20 | policies:
21 | - p, proj:my-project:read-only, applications, get, my-project/*, allow
22 | groups:
23 | - argocd-admins
24 | ---
25 | apiVersion: argoproj.io/v1alpha1
26 | kind: Application
27 | metadata:
28 | name: infra
29 | annotations:
30 | argocd.argoproj.io/sync-wave: "100"
31 | labels:
32 | gitops.tier.layer: gitops
33 | spec:
34 | destination:
35 | namespace: openshift-gitops
36 | server: https://kubernetes.default.svc
37 | project: infra
38 | source: # repoURL and targetRevision populated by kustomize patches in 1-infra/kustomization.yaml
39 | path: 0-bootstrap/3-clusters/argocd/clusters/EXAMPLE/managed/aws/aws5/1-infra
40 | syncPolicy:
41 | automated:
42 | prune: true
43 | selfHeal: true
44 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/infra/providers/rhacm/azure/external-secrets/azure.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: rhacm-credentials-azure
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "400"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | destination:
13 | namespace: rhacm-credentials
14 | server: https://kubernetes.default.svc
15 | project: clusters
16 | syncPolicy:
17 | automated:
18 | prune: true
19 | selfHeal: true
20 | source:
21 | path: rhacm/providers/external-secrets/
22 | helm:
23 | values: |
24 | # RHACM Provider Name
25 | rhacmProviderName: azure
26 |
27 | # Cloud (e.g. aws, azure, vsphere, rhocm)
28 | cloudProvider:
29 | name: "azure"
30 |
31 | # Required Values
32 | azureSecrets:
33 | azureBaseDomainRef: 015b85fd-67cb-f70c-fa40-20b9b9d3b510
34 | azureBaseDomainResourceGroupNameRef: 20061b87-02af-d55a-fdc0-db9477acbe2a
35 | azureOsServicePrincipalRef: 4f5caf7a-174c-5890-84b2-d7cffc7a4be7
36 | openshiftPullSecretRef: 115f3c37-cd7c-5704-173f-a8a3e1234b2d
37 | openshiftSSHPrivateKeyRef: 9f9063e0-1525-2534-cf8e-9c85096c7b3d
38 | openshiftSSHPublicKeyRef: 90a961eb-dfd6-dbbc-049f-a532560614f6
39 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/cicd/project-cicd/3-apps/3-apps.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: argoproj.io/v1alpha1
3 | kind: AppProject
4 | metadata:
5 | name: applications
6 | labels:
7 | gitops.tier.layer: applications
8 | spec:
9 | sourceRepos: [] # Populated by kustomize patches in 3-apps/kustomization.yaml
10 | destinations:
11 | - namespace: '*'
12 | server: https://kubernetes.default.svc
13 | clusterResourceWhitelist:
14 | - group: '*'
15 | kind: '*'
16 | roles:
17 | # A role which provides read-only access to all applications in the project
18 | - name: read-only
19 | description: Read-only privileges to my-project
20 | policies:
21 | - p, proj:my-project:read-only, applications, get, my-project/*, allow
22 | groups:
23 | - argocd-admins
24 | ---
25 | apiVersion: argoproj.io/v1alpha1
26 | kind: Application
27 | metadata:
28 | name: applications
29 | annotations:
30 | argocd.argoproj.io/sync-wave: "400"
31 | labels:
32 | gitops.tier.layer: gitops
33 | spec:
34 | destination:
35 | namespace: openshift-gitops
36 | server: https://kubernetes.default.svc
37 | project: applications
38 | source: # repoURL and targetRevision populated by kustomize patches in 3-apps/kustomization.yaml
39 | path: 0-bootstrap/3-clusters/argocd/clusters/EXAMPLE/managed/aws/aws5/3-apps
40 | syncPolicy:
41 | automated:
42 | prune: true
43 | selfHeal: true
44 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/dev/project-simple/3-apps/3-apps.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: argoproj.io/v1alpha1
3 | kind: AppProject
4 | metadata:
5 | name: applications
6 | labels:
7 | gitops.tier.layer: applications
8 | spec:
9 | sourceRepos: [] # Populated by kustomize patches in 3-apps/kustomization.yaml
10 | destinations:
11 | - namespace: '*'
12 | server: https://kubernetes.default.svc
13 | clusterResourceWhitelist:
14 | - group: '*'
15 | kind: '*'
16 | roles:
17 | # A role which provides read-only access to all applications in the project
18 | - name: read-only
19 | description: Read-only privileges to my-project
20 | policies:
21 | - p, proj:my-project:read-only, applications, get, my-project/*, allow
22 | groups:
23 | - argocd-admins
24 | ---
25 | apiVersion: argoproj.io/v1alpha1
26 | kind: Application
27 | metadata:
28 | name: applications
29 | annotations:
30 | argocd.argoproj.io/sync-wave: "400"
31 | labels:
32 | gitops.tier.layer: gitops
33 | spec:
34 | destination:
35 | namespace: openshift-gitops
36 | server: https://kubernetes.default.svc
37 | project: applications
38 | source: # repoURL and targetRevision populated by kustomize patches in 3-apps/kustomization.yaml
39 | path: 0-bootstrap/3-clusters/argocd/clusters/EXAMPLE/managed/aws/aws5/3-apps
40 | syncPolicy:
41 | automated:
42 | prune: true
43 | selfHeal: true
44 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/prod/project-simple/3-apps/3-apps.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: argoproj.io/v1alpha1
3 | kind: AppProject
4 | metadata:
5 | name: applications
6 | labels:
7 | gitops.tier.layer: applications
8 | spec:
9 | sourceRepos: [] # Populated by kustomize patches in 3-apps/kustomization.yaml
10 | destinations:
11 | - namespace: '*'
12 | server: https://kubernetes.default.svc
13 | clusterResourceWhitelist:
14 | - group: '*'
15 | kind: '*'
16 | roles:
17 | # A role which provides read-only access to all applications in the project
18 | - name: read-only
19 | description: Read-only privileges to my-project
20 | policies:
21 | - p, proj:my-project:read-only, applications, get, my-project/*, allow
22 | groups:
23 | - argocd-admins
24 | ---
25 | apiVersion: argoproj.io/v1alpha1
26 | kind: Application
27 | metadata:
28 | name: applications
29 | annotations:
30 | argocd.argoproj.io/sync-wave: "300"
31 | labels:
32 | gitops.tier.layer: gitops
33 | spec:
34 | destination:
35 | namespace: openshift-gitops
36 | server: https://kubernetes.default.svc
37 | project: applications
38 | source: # repoURL and targetRevision populated by kustomize patches in 3-apps/kustomization.yaml
39 | path: 0-bootstrap/3-clusters/argocd/clusters/EXAMPLE/managed/aws/aws5/3-apps
40 | syncPolicy:
41 | automated:
42 | prune: true
43 | selfHeal: true
44 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/test/project-easy/3-apps/3-apps.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: argoproj.io/v1alpha1
3 | kind: AppProject
4 | metadata:
5 | name: applications
6 | labels:
7 | gitops.tier.layer: applications
8 | spec:
9 | sourceRepos: [] # Populated by kustomize patches in 3-apps/kustomization.yaml
10 | destinations:
11 | - namespace: '*'
12 | server: https://kubernetes.default.svc
13 | clusterResourceWhitelist:
14 | - group: '*'
15 | kind: '*'
16 | roles:
17 | # A role which provides read-only access to all applications in the project
18 | - name: read-only
19 | description: Read-only privileges to my-project
20 | policies:
21 | - p, proj:my-project:read-only, applications, get, my-project/*, allow
22 | groups:
23 | - argocd-admins
24 | ---
25 | apiVersion: argoproj.io/v1alpha1
26 | kind: Application
27 | metadata:
28 | name: applications
29 | annotations:
30 | argocd.argoproj.io/sync-wave: "300"
31 | labels:
32 | gitops.tier.layer: gitops
33 | spec:
34 | destination:
35 | namespace: openshift-gitops
36 | server: https://kubernetes.default.svc
37 | project: applications
38 | source: # repoURL and targetRevision populated by kustomize patches in 3-apps/kustomization.yaml
39 | path: 0-bootstrap/3-clusters/argocd/clusters/EXAMPLE/managed/aws/aws5/3-apps
40 | syncPolicy:
41 | automated:
42 | prune: true
43 | selfHeal: true
44 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/cicd/project-cicd/2-services/2-services.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: argoproj.io/v1alpha1
3 | kind: AppProject
4 | metadata:
5 | name: services
6 | labels:
7 | gitops.tier.layer: services
8 | spec:
9 | sourceRepos: [] # Populated by kustomize patches in 2-services/kustomization.yaml
10 | destinations:
11 | - namespace: '*'
12 | server: https://kubernetes.default.svc
13 | clusterResourceWhitelist:
14 | - group: '*'
15 | kind: '*'
16 | roles:
17 | # A role which provides read-only access to all applications in the project
18 | - name: read-only
19 | description: Read-only privileges to my-project
20 | policies:
21 | - p, proj:my-project:read-only, applications, get, my-project/*, allow
22 | groups:
23 | - argocd-admins
24 | ---
25 | apiVersion: argoproj.io/v1alpha1
26 | kind: Application
27 | metadata:
28 | name: services
29 | annotations:
30 | argocd.argoproj.io/sync-wave: "200"
31 | labels:
32 | gitops.tier.layer: gitops
33 | spec:
34 | destination:
35 | namespace: openshift-gitops
36 | server: https://kubernetes.default.svc
37 | project: services
38 | source: # repoURL and targetRevision populated by kustomize patches in 2-services/kustomization.yaml
39 | path: 0-bootstrap/3-clusters/argocd/clusters/EXAMPLE/managed/aws/aws5/2-services
40 | syncPolicy:
41 | automated:
42 | prune: true
43 | selfHeal: true
44 |
45 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/dev/project-simple/2-services/2-services.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: argoproj.io/v1alpha1
3 | kind: AppProject
4 | metadata:
5 | name: services
6 | labels:
7 | gitops.tier.layer: services
8 | spec:
9 | sourceRepos: [] # Populated by kustomize patches in 2-services/kustomization.yaml
10 | destinations:
11 | - namespace: '*'
12 | server: https://kubernetes.default.svc
13 | clusterResourceWhitelist:
14 | - group: '*'
15 | kind: '*'
16 | roles:
17 | # A role which provides read-only access to all applications in the project
18 | - name: read-only
19 | description: Read-only privileges to my-project
20 | policies:
21 | - p, proj:my-project:read-only, applications, get, my-project/*, allow
22 | groups:
23 | - argocd-admins
24 | ---
25 | apiVersion: argoproj.io/v1alpha1
26 | kind: Application
27 | metadata:
28 | name: services
29 | annotations:
30 | argocd.argoproj.io/sync-wave: "200"
31 | labels:
32 | gitops.tier.layer: gitops
33 | spec:
34 | destination:
35 | namespace: openshift-gitops
36 | server: https://kubernetes.default.svc
37 | project: services
38 | source: # repoURL and targetRevision populated by kustomize patches in 2-services/kustomization.yaml
39 | path: 0-bootstrap/3-clusters/argocd/clusters/EXAMPLE/managed/aws/aws5/2-services
40 | syncPolicy:
41 | automated:
42 | prune: true
43 | selfHeal: true
44 |
45 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/prod/project-simple/2-services/2-services.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: argoproj.io/v1alpha1
3 | kind: AppProject
4 | metadata:
5 | name: services
6 | labels:
7 | gitops.tier.layer: services
8 | spec:
9 | sourceRepos: [] # Populated by kustomize patches in 2-services/kustomization.yaml
10 | destinations:
11 | - namespace: '*'
12 | server: https://kubernetes.default.svc
13 | clusterResourceWhitelist:
14 | - group: '*'
15 | kind: '*'
16 | roles:
17 | # A role which provides read-only access to all applications in the project
18 | - name: read-only
19 | description: Read-only privileges to my-project
20 | policies:
21 | - p, proj:my-project:read-only, applications, get, my-project/*, allow
22 | groups:
23 | - argocd-admins
24 | ---
25 | apiVersion: argoproj.io/v1alpha1
26 | kind: Application
27 | metadata:
28 | name: services
29 | annotations:
30 | argocd.argoproj.io/sync-wave: "200"
31 | labels:
32 | gitops.tier.layer: gitops
33 | spec:
34 | destination:
35 | namespace: openshift-gitops
36 | server: https://kubernetes.default.svc
37 | project: services
38 | source: # repoURL and targetRevision populated by kustomize patches in 2-services/kustomization.yaml
39 | path: 0-bootstrap/3-clusters/argocd/clusters/EXAMPLE/managed/aws/aws5/2-services
40 | syncPolicy:
41 | automated:
42 | prune: true
43 | selfHeal: true
44 |
45 |
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/test/project-easy/2-services/2-services.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: argoproj.io/v1alpha1
3 | kind: AppProject
4 | metadata:
5 | name: services
6 | labels:
7 | gitops.tier.layer: services
8 | spec:
9 | sourceRepos: [] # Populated by kustomize patches in 2-services/kustomization.yaml
10 | destinations:
11 | - namespace: '*'
12 | server: https://kubernetes.default.svc
13 | clusterResourceWhitelist:
14 | - group: '*'
15 | kind: '*'
16 | roles:
17 | # A role which provides read-only access to all applications in the project
18 | - name: read-only
19 | description: Read-only privileges to my-project
20 | policies:
21 | - p, proj:my-project:read-only, applications, get, my-project/*, allow
22 | groups:
23 | - argocd-admins
24 | ---
25 | apiVersion: argoproj.io/v1alpha1
26 | kind: Application
27 | metadata:
28 | name: services
29 | annotations:
30 | argocd.argoproj.io/sync-wave: "200"
31 | labels:
32 | gitops.tier.layer: gitops
33 | spec:
34 | destination:
35 | namespace: openshift-gitops
36 | server: https://kubernetes.default.svc
37 | project: services
38 | source: # repoURL and targetRevision populated by kustomize patches in 2-services/kustomization.yaml
39 | path: 0-bootstrap/3-clusters/argocd/clusters/EXAMPLE/managed/aws/aws5/2-services
40 | syncPolicy:
41 | automated:
42 | prune: true
43 | selfHeal: true
44 |
45 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/1-infra/argocd/infraconfig.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: infraconfig
5 | namespace: openshift-gitops
6 | labels:
7 | gitops.tier.layer: infra
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "112"
10 | finalizers:
11 | - resources-finalizer.argocd.argoproj.io
12 | spec:
13 | destination:
14 | namespace: openshift-gitops
15 | server: https://kubernetes.default.svc
16 | project: infra
17 | source:
18 | path: infraconfig
19 | helm:
20 | values: |
21 | cloudProvider:
22 | name: "${PLATFORM}" # set to aws or vsphere,
23 | managed: ${MANAGED} # set to true for ARO or ROSA
24 | argo:
25 | namespace: openshift-gitops
26 | serviceAccount: openshift-gitops-otp-argocd-application-controller
27 | registry:
28 | storageClassName: ocs-storagecluster-cephfs
29 | replicas: 2
30 | ingress:
31 | replicas: 3
32 | image-registry-hook-job:
33 | name: infraconfig-postsync
34 | namespace: tools
35 | hook:
36 | enabled: true
37 | hooktype: infraconfig-postsync
38 | hookdeletepolicy:
39 | enabled: true
40 | hookdeletepolicytype: HookSucceeded
41 | syncPolicy:
42 | automated:
43 | prune: true
44 | selfHeal: true
45 |
--------------------------------------------------------------------------------
/doc/hibernating-clusters.md:
--------------------------------------------------------------------------------
1 | # Hibernating Managed OpenShift Clusters
2 |
3 | ## Overview
4 | Save costs on your Managed OpenShift clusters by hibernating them when not in use. This feature is available for clusters running on AWS, Azure, and GCP platforms.
5 |
6 | ## Prerequisites
7 | - A successfully deployed Managed OpenShift cluster
8 | - Access to the cluster's GitOps configuration
9 |
10 | ## How to Hibernate a Cluster
11 | To hibernate a running cluster, follow these steps:
12 |
13 | 1. Locate your cluster's ClusterDeployment manifest at:
14 | ```
15 | /0-bootstrap/hub/4-clusters/clusters////
16 | ```
17 |
18 | 2. Modify the `spec.powerState` from `Running` to `Hibernating`:
19 | ```yaml
20 | spec:
21 | powerState: Hibernating
22 | ```
23 |
24 | 3. Commit and push the changes to your Git repository
25 |
26 | ## Resuming a Hibernated Cluster
27 | To bring your cluster back online:
28 |
29 | 1. Locate the same ClusterDeployment manifest
30 | 2. Change the `spec.powerState` from `Hibernating` to `Running`
31 | 3. Commit and push the changes to your Git repository
32 |
33 | ## Benefits
34 | - Significantly reduce operational costs when clusters are not in use
35 | - Maintain cluster configuration and data while hibernated
36 | - Quick and easy process to resume clusters when needed
37 |
38 | (back to main)
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/clusters/cicd/aws/aws-cicd/aws-cicd.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: clusters-aws-cicd
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "450"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | syncPolicy:
13 | automated:
14 | prune: true
15 | selfHeal: true
16 | destination:
17 | namespace: openshift-gitops
18 | server: https://kubernetes.default.svc
19 | project: clusters
20 | source:
21 | path: clusters/deploy/external-secrets/aws/
22 | helm:
23 | values: |
24 | cluster: aws-cicd
25 | imageName: 4.10.18
26 |
27 | managedCluster:
28 | status: "enabled" # Valid values "enabled" or "disabled"
29 | managedRepo: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS} # Repository that will be used to manage the Cluster resources
30 | managedRepoBranch: ${GIT_GITOPS_BRANCH} # Branch to use
31 | environment: cicd # Typically this would be dev, test, cicd, prod
32 | projectName: project-cicd # This could be a project, line of business, anything that makes sense to you. This references the folder name
33 | # within the "environment" folder
34 |
35 | powerState: Running
36 |
37 | provider:
38 | region: ap-southeast-2
39 | baseDomain:
40 | sshPublickey:
--------------------------------------------------------------------------------
/0-bootstrap/hub/2-services/argocd/operators/ibm-automation-foundation-operator.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: ibm-automation-foundation-operator
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "215"
7 | labels:
8 | gitops.tier.group: ibm-cloudpak
9 | gitops.tier.layer: services
10 | gitops.tier.source: helm
11 | finalizers:
12 | - resources-finalizer.argocd.argoproj.io
13 | spec:
14 | destination:
15 | namespace: openshift-operators
16 | server: 'https://kubernetes.default.svc'
17 | project: services
18 | syncPolicy:
19 | automated:
20 | prune: true
21 | selfHeal: true
22 | source:
23 | chart: ocp-subscription
24 | repoURL: "" # Populated by kustomize patches in 2-services/kustomization.yaml
25 | targetRevision: 1.0.0
26 | helm:
27 | parameters:
28 | - name: metadata.name
29 | value: ibm-automation-foundation
30 | - name: spec.installPlanApproval
31 | value: Automatic
32 | - name: spec.name
33 | value: ibm-automation
34 | - name: spec.source
35 | value: ibm-operator-catalog
36 | - name: spec.sourceNamespace
37 | value: openshift-marketplace
38 | - name: spec.config.resources.limits.cpu
39 | value: 200m
40 | - name: spec.config.resources.limits.memory
41 | value: 300Mi
42 | - name: spec.config.resources.requests.cpu
43 | value: 150m
44 | - name: spec.config.resources.requests.memory
45 | value: 200Mi
46 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/clusters/cicd/azure/azure-cicd/azure-cicd.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: clusters-azure-azure-cicd
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "450"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | syncPolicy:
13 | automated:
14 | prune: true
15 | selfHeal: true
16 | destination:
17 | namespace: openshift-gitops
18 | server: https://kubernetes.default.svc
19 | project: clusters
20 | source:
21 | path: clusters/deploy/external-secrets/azure/
22 | helm:
23 | values: |
24 | cluster: azure-cicd
25 | imageName: 4.10.18
26 |
27 | managedCluster:
28 | status: "enabled" # Valid values "enabled" or "disabled"
29 | managedRepo: https://github.com/testing-gitops/otp-gitops.git # Repository that will be used to manage the Cluster resources
30 | managedRepoBranch: ${GIT_GITOPS_BRANCH} # Branch to use
31 | environment: cicd # Typically this would be dev, test, cicd, prod
32 | projectName: project-cicd # This could be a project, line of business, anything that makes sense to you. This references the folder name
33 | # within the "environment" folder
34 |
35 | powerState: Running
36 |
37 | provider:
38 | region: australiaeast
39 | baseDomain: azure01.ibmdojo01.com
40 | resource_group: dojo-dns-zones
41 | sshPublickey:
42 |
--------------------------------------------------------------------------------
/setup/argocd-instance/resource-customizations/k8s.yaml:
--------------------------------------------------------------------------------
1 | kind: ConfigMap
2 | apiVersion: v1
3 | metadata:
4 | name: argocd-cm
5 | namespace: openshift-gitops
6 | data:
7 | resource.customizations.health.Job: |
8 | hs = {}
9 | if obj.status ~= nil then
10 | if obj.status.active ~= nil then
11 | if obj.status.active == "1" then
12 | hs.status = "Progressing"
13 | hs.message = obj.status.active .. " active job(s)."
14 | return hs
15 | end
16 | end
17 | if obj.status.succeeded ~= nil then
18 | if obj.status.succeeded == 1 then
19 | hs.status = "Healthy"
20 | hs.message = "Job completed successfully."
21 | return hs
22 | end
23 | end
24 | end
25 | hs.status = "Progressing"
26 | hs.message = "Waiting for Job to complete."
27 | return hs
28 | resource.customizations.health.PersistentVolumeClaim: |
29 | hs = {}
30 | if obj.status ~= nil then
31 | if obj.status.phase ~= nil then
32 | if obj.status.phase == "Pending" then
33 | hs.status = "Healthy"
34 | hs.message = obj.status.phase
35 | return hs
36 | end
37 | if obj.status.phase == "Bound" then
38 | hs.status = "Healthy"
39 | hs.message = obj.status.phase
40 | return hs
41 | end
42 | end
43 | end
44 | hs.status = "Progressing"
45 | hs.message = "Waiting for certificate"
46 | return hs
47 | resource.customizations.ignoreDifferences.ServiceAccount: |
48 | jsonPointers:
49 | - /imagePullSecrets
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/clusterpools/prod/aws/aws-prod-pool/aws-prod-pool.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: clusters-clusterpools-prod-aws
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "410"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | syncPolicy:
13 | automated:
14 | prune: true
15 | selfHeal: true
16 | destination:
17 | namespace: openshift-gitops
18 | server: https://kubernetes.default.svc
19 | project: clusters
20 | source:
21 | path: clusterpools/aws/
22 | helm:
23 | values: |
24 | clusterpoolName: aws-prod-pool
25 | imageName: 4.9.38
26 |
27 | provider:
28 | region: ap-southeast-1
29 | baseDomain: mutihybridcloudkitchen.com
30 | sshPublickey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHNPy2KYhFVrmE49K+stN0SNOzWZdn2pQstns6Mw78J6SlA19eX38D0wt2SXE8b9ybKUngigZuab7yFoVbBl/fUqxo8xNu+rLj/dS/eAhPAI9QDPWIf0T/Qmmd5bJz+guDYDr/eU96Wt/MLvVcF3WAj1IDhzct1ek57AmFSSg8vemvr0XveiAHlXYomtvaBlBQrpzq/U9/5Bw3yPOcl/wGdhsNUg+nBTChVn5wk2plS7HPRoRV+w4TcuzhdAyM77PpC04PpnZGrH3e4s6HiCKtBy2Vu1nhZotmOkaRjst0Y1cQDU8c34G3BNt/LbjUGnZ4kVIkhLsQdky8we2kdPtsaZxlIDm2B0CZ+oBw8iisq0nVGRz5eG4ry7UzCMwzgQa5SGJhsBNVm7qhmWYmTIHQ7t4byV/1GxBFi01/oM/Xgvbn7eletzJ8sbB+ZW9QuY9lrzdzzP3joq++bRSes+dodzEf6A+Y37GY72GHaZkh2GZtx9F5l5EL7d7qyo5nUhjeMquw4QF7/dcbzkO6mh139lQGGVGf7+1qz8/YZcUlZBy6ETidwcJmEk/p8gZuUUs+NKw56AkVxo6jN5hNzOlz/cklLrmiD9X4VjuA+uE6dl5r+mtSXt3MswI3udlM1wFjlnvyGulNRnkhVqmv0Sp21dWiH4yQ2tOSWlaoMY0BtQ== benswinney
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/clusters/dev/hcp/hcp-dev/hcp-dev.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: clusters-hcp-dev
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "450"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | syncPolicy:
13 | automated:
14 | prune: true
15 | selfHeal: true
16 | destination:
17 | namespace: openshift-gitops
18 | server: https://kubernetes.default.svc
19 | project: clusters
20 | source:
21 | path: clusters/deploy/external-secrets/hypershift/
22 | helm:
23 | values: |
24 | imageName: 4.16.39
25 |
26 | managedCluster:
27 | status: "disabled" # Valid values "enabled" or "disabled"
28 | managedRepo: https://github.com/one-touch-provisioning/otp-gitops.git # Repository that will be used to manage the Cluster resources
29 |
30 | # Cluster Name
31 | cluster: hcp-dev
32 | clusterNamespace: clusters-hcp-dev
33 |
34 | nodepool:
35 | name: hcp-dev-np-1
36 | count: 2
37 | computeCores: 2
38 | computeMemory: 8Gi
39 | diskSize: 32Gi
40 |
41 | # Availability Policy
42 | availabilityPolicy:
43 | controller: SingleReplica
44 | infrastructure: SingleReplica
45 |
46 | # Everything Secrets
47 | secrets:
48 | openshiftPullSecretRef: 93d46ecb-e15e-9f94-a877-e409c2fd4d89
49 | openshiftSSHPublicKeyRef: 68db2e04-fa47-691e-45cc-f88160a77fc7
--------------------------------------------------------------------------------
/0-bootstrap/hub/3-policies/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | ## Deploy PlacementRules for Policies on Hub Cluster
3 | # - argocd/otp-policies/deploy-placement-rules/deploy-placement-rules.yaml
4 |
5 | ## Deploy PlacementBindings for Policies on Hub Cluster
6 | # - argocd/otp-policies/deploy-placement-bindings/deploy-placement-bindings.yaml
7 |
8 | ## Policy to install OpenShift GitOps on all OpenShift Clusters, except the Hub Cluster
9 | # - argocd/otp-policies/deploy-openshift-gitops/deploy-openshift-gitops.yaml
10 |
11 | ## Policy to deploy Infra Nodes to AWS Managed Clusters
12 | # - argocd/otp-policies/deploy-aws-managed-clusters-infra-nodes/deploy-aws-managed-cluster-infra-nodes.yaml
13 |
14 | # Policy to deploy Storage Nodes to AWS Managed Clusters
15 | # - argocd/otp-policies/deploy-aws-managed-clusters-storage-nodes/deploy-aws-managed-cluster-storage-nodes.yaml
16 |
17 | # Policy to deploy ODF Operator to Managed Clusters
18 | # - argocd/otp-policies/deploy-odf/deploy-odf.yaml
19 |
20 | # Policy to deploy LSO Operator to Managed Clusters
21 | # - argocd/otp-policies/deploy-lso/deploy-lso.yaml
22 |
23 | ## Policy to install OpenShift Serverless Operator
24 | # - argocd/otp-policies/deploy-openshift-gitops/deploy-openshift-serverless.yaml
25 |
26 | patches:
27 | - target:
28 | group: argoproj.io
29 | kind: Application
30 | labelSelector: "gitops.tier.layer=policies"
31 | patch: |-
32 | - op: add
33 | path: /spec/source/repoURL
34 | value: https://github.com/platformengineers-xyz/otp-gitops-policies.git
35 | - op: add
36 | path: /spec/source/targetRevision
37 | value: ${GIT_GITOPS_BRANCH}
38 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/clusterpools/dev/aws/aws-dev-pool/aws-dev-pool.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: clusters-clusterpools-dev-aws
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "410"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | syncPolicy:
13 | automated:
14 | prune: true
15 | selfHeal: true
16 | destination:
17 | namespace: openshift-gitops
18 | server: https://kubernetes.default.svc
19 | project: clusters
20 | source:
21 | path: clusterpools/aws/
22 | helm:
23 | values: |
24 | clusterpoolName: aws-dev-pool
25 | imageName: 4.10.18
26 |
27 | provider:
28 | region: ap-southeast-2
29 | baseDomain: mutihybridcloudkitchen.com
30 | sshPublickey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHNPy2KYhFVrmE49K+stN0SNOzWZdn2pQstns6Mw78J6SlA19eX38D0wt2SXE8b9ybKUngigZuab7yFoVbBl/fUqxo8xNu+rLj/dS/eAhPAI9QDPWIf0T/Qmmd5bJz+guDYDr/eU96Wt/MLvVcF3WAj1IDhzct1ek57AmFSSg8vemvr0XveiAHlXYomtvaBlBQrpzq/U9/5Bw3yPOcl/wGdhsNUg+nBTChVn5wk2plS7HPRoRV+w4TcuzhdAyM77PpC04PpnZGrH3e4s6HiCKtBy2Vu1nhZotmOkaRjst0Y1cQDU8c34G3BNt/LbjUGnZ4kVIkhLsQdky8we2kdPtsaZxlIDm2B0CZ+oBw8iisq0nVGRz5eG4ry7UzCMwzgQa5SGJhsBNVm7qhmWYmTIHQ7t4byV/1GxBFi01/oM/Xgvbn7eletzJ8sbB+ZW9QuY9lrzdzzP3joq++bRSes+dodzEf6A+Y37GY72GHaZkh2GZtx9F5l5EL7d7qyo5nUhjeMquw4QF7/dcbzkO6mh139lQGGVGf7+1qz8/YZcUlZBy6ETidwcJmEk/p8gZuUUs+NKw56AkVxo6jN5hNzOlz/cklLrmiD9X4VjuA+uE6dl5r+mtSXt3MswI3udlM1wFjlnvyGulNRnkhVqmv0Sp21dWiH4yQ2tOSWlaoMY0BtQ== benswinney
31 |
32 | workers:
33 | count: 2
34 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/clusterpools/cicd/aws/aws-cicd-pool/aws-cicd-pool.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: clusters-clusterpools-cicd-aws
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "410"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | syncPolicy:
13 | automated:
14 | prune: true
15 | selfHeal: true
16 | destination:
17 | namespace: openshift-gitops
18 | server: https://kubernetes.default.svc
19 | project: clusters
20 | source:
21 | path: clusterpools/aws/
22 | helm:
23 | values: |
24 | clusterpoolName: aws-cicd-pool
25 | imageName: 4.10.18
26 |
27 | provider:
28 | region: ap-southeast-2
29 | baseDomain: mutihybridcloudkitchen.com
30 | sshPublickey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHNPy2KYhFVrmE49K+stN0SNOzWZdn2pQstns6Mw78J6SlA19eX38D0wt2SXE8b9ybKUngigZuab7yFoVbBl/fUqxo8xNu+rLj/dS/eAhPAI9QDPWIf0T/Qmmd5bJz+guDYDr/eU96Wt/MLvVcF3WAj1IDhzct1ek57AmFSSg8vemvr0XveiAHlXYomtvaBlBQrpzq/U9/5Bw3yPOcl/wGdhsNUg+nBTChVn5wk2plS7HPRoRV+w4TcuzhdAyM77PpC04PpnZGrH3e4s6HiCKtBy2Vu1nhZotmOkaRjst0Y1cQDU8c34G3BNt/LbjUGnZ4kVIkhLsQdky8we2kdPtsaZxlIDm2B0CZ+oBw8iisq0nVGRz5eG4ry7UzCMwzgQa5SGJhsBNVm7qhmWYmTIHQ7t4byV/1GxBFi01/oM/Xgvbn7eletzJ8sbB+ZW9QuY9lrzdzzP3joq++bRSes+dodzEf6A+Y37GY72GHaZkh2GZtx9F5l5EL7d7qyo5nUhjeMquw4QF7/dcbzkO6mh139lQGGVGf7+1qz8/YZcUlZBy6ETidwcJmEk/p8gZuUUs+NKw56AkVxo6jN5hNzOlz/cklLrmiD9X4VjuA+uE6dl5r+mtSXt3MswI3udlM1wFjlnvyGulNRnkhVqmv0Sp21dWiH4yQ2tOSWlaoMY0BtQ== benswinney
31 |
32 | workers:
33 | count: 2
34 |
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/clusterpools/test/aws/aws-test-pool/aws-test-pool.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: clusters-clusterpools-test-aws
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "410"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | syncPolicy:
13 | automated:
14 | prune: true
15 | selfHeal: true
16 | destination:
17 | namespace: openshift-gitops
18 | server: https://kubernetes.default.svc
19 | project: clusters
20 | source:
21 | path: clusterpools/aws/
22 | helm:
23 | values: |
24 | clusterpoolName: aws-test-pool
25 | imageName: 4.10.18
26 |
27 | provider:
28 | region: ap-southeast-2
29 | baseDomain: mutihybridcloudkitchen.com
30 | sshPublickey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHNPy2KYhFVrmE49K+stN0SNOzWZdn2pQstns6Mw78J6SlA19eX38D0wt2SXE8b9ybKUngigZuab7yFoVbBl/fUqxo8xNu+rLj/dS/eAhPAI9QDPWIf0T/Qmmd5bJz+guDYDr/eU96Wt/MLvVcF3WAj1IDhzct1ek57AmFSSg8vemvr0XveiAHlXYomtvaBlBQrpzq/U9/5Bw3yPOcl/wGdhsNUg+nBTChVn5wk2plS7HPRoRV+w4TcuzhdAyM77PpC04PpnZGrH3e4s6HiCKtBy2Vu1nhZotmOkaRjst0Y1cQDU8c34G3BNt/LbjUGnZ4kVIkhLsQdky8we2kdPtsaZxlIDm2B0CZ+oBw8iisq0nVGRz5eG4ry7UzCMwzgQa5SGJhsBNVm7qhmWYmTIHQ7t4byV/1GxBFi01/oM/Xgvbn7eletzJ8sbB+ZW9QuY9lrzdzzP3joq++bRSes+dodzEf6A+Y37GY72GHaZkh2GZtx9F5l5EL7d7qyo5nUhjeMquw4QF7/dcbzkO6mh139lQGGVGf7+1qz8/YZcUlZBy6ETidwcJmEk/p8gZuUUs+NKw56AkVxo6jN5hNzOlz/cklLrmiD9X4VjuA+uE6dl5r+mtSXt3MswI3udlM1wFjlnvyGulNRnkhVqmv0Sp21dWiH4yQ2tOSWlaoMY0BtQ== benswinney
31 |
32 | workers:
33 | count: 2
34 |
--------------------------------------------------------------------------------
/setup/argocd-operator/clusterrolebinding.yaml:
--------------------------------------------------------------------------------
1 | kind: ClusterRoleBinding
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | metadata:
4 | name: openshift-gitops-argocd-application-controller
5 | subjects:
6 | - kind: ServiceAccount
7 | name: openshift-gitops-argocd-application-controller
8 | namespace: openshift-gitops
9 | roleRef:
10 | apiGroup: rbac.authorization.k8s.io
11 | kind: ClusterRole
12 | name: custom-argocd-cluster-argocd-application-controller
13 | ---
14 | kind: ClusterRoleBinding
15 | apiVersion: rbac.authorization.k8s.io/v1
16 | metadata:
17 | name: openshift-gitops-otp-argocd-application-controller
18 | subjects:
19 | - kind: ServiceAccount
20 | name: openshift-gitops-otp-argocd-application-controller
21 | namespace: openshift-gitops
22 | roleRef:
23 | apiGroup: rbac.authorization.k8s.io
24 | kind: ClusterRole
25 | name: custom-argocd-cluster-argocd-application-controller
26 | ---
27 | kind: ClusterRoleBinding
28 | apiVersion: rbac.authorization.k8s.io/v1
29 | metadata:
30 | name: openshift-gitops-otp-argocd-default-sa
31 | subjects:
32 | - kind: ServiceAccount
33 | name: default
34 | namespace: openshift-gitops
35 | roleRef:
36 | apiGroup: rbac.authorization.k8s.io
37 | kind: ClusterRole
38 | name: custom-argocd-cluster-argocd-application-controller
39 | ---
40 | kind: ClusterRoleBinding
41 | apiVersion: rbac.authorization.k8s.io/v1
42 | metadata:
43 | name: openshift-oauth-default-sa
44 | subjects:
45 | - kind: ServiceAccount
46 | name: default
47 | namespace: sso-integration
48 | roleRef:
49 | apiGroup: rbac.authorization.k8s.io
50 | kind: ClusterRole
51 | name: custom-argocd-cluster-argocd-application-controller
--------------------------------------------------------------------------------
/0-bootstrap/hub/4-clusters/argocd/clusterpools/cicd/azure/azure-cicd-pool/azure-cicd-pool.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: clusters-clusterpools-cicd-azure
5 | annotations:
6 | argocd.argoproj.io/sync-wave: "410"
7 | labels:
8 | gitops.tier.layer: clusters
9 | finalizers:
10 | - resources-finalizer.argocd.argoproj.io
11 | spec:
12 | syncPolicy:
13 | automated:
14 | prune: true
15 | selfHeal: true
16 | destination:
17 | namespace: openshift-gitops
18 | server: https://kubernetes.default.svc
19 | project: clusters
20 | source:
21 | path: clusterpools/azure/
22 | helm:
23 | values: |
24 | clusterpoolName: azure-cicd-pool
25 | imageName: 4.10.18
26 |
27 | provider:
28 | region: eastus
29 | baseDomain: mutihybridcloudkitchen.com
30 | sshPublickey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHNPy2KYhFVrmE49K+stN0SNOzWZdn2pQstns6Mw78J6SlA19eX38D0wt2SXE8b9ybKUngigZuab7yFoVbBl/fUqxo8xNu+rLj/dS/eAhPAI9QDPWIf0T/Qmmd5bJz+guDYDr/eU96Wt/MLvVcF3WAj1IDhzct1ek57AmFSSg8vemvr0XveiAHlXYomtvaBlBQrpzq/U9/5Bw3yPOcl/wGdhsNUg+nBTChVn5wk2plS7HPRoRV+w4TcuzhdAyM77PpC04PpnZGrH3e4s6HiCKtBy2Vu1nhZotmOkaRjst0Y1cQDU8c34G3BNt/LbjUGnZ4kVIkhLsQdky8we2kdPtsaZxlIDm2B0CZ+oBw8iisq0nVGRz5eG4ry7UzCMwzgQa5SGJhsBNVm7qhmWYmTIHQ7t4byV/1GxBFi01/oM/Xgvbn7eletzJ8sbB+ZW9QuY9lrzdzzP3joq++bRSes+dodzEf6A+Y37GY72GHaZkh2GZtx9F5l5EL7d7qyo5nUhjeMquw4QF7/dcbzkO6mh139lQGGVGf7+1qz8/YZcUlZBy6ETidwcJmEk/p8gZuUUs+NKw56AkVxo6jN5hNzOlz/cklLrmiD9X4VjuA+uE6dl5r+mtSXt3MswI3udlM1wFjlnvyGulNRnkhVqmv0Sp21dWiH4yQ2tOSWlaoMY0BtQ== benswinney
31 | resource_group: dojo-dns-zones
32 |
33 | workers:
34 | count: 2
35 |
--------------------------------------------------------------------------------
/doc/hubandspoke-concepts.md:
--------------------------------------------------------------------------------
1 | # Red Hat Advanced Cluster Management Hub and Spoke Clusters Concepts
2 |
3 | ## Overview
4 |
5 | This pattern leverages two powerful open-source technologies to deliver robust cluster management capabilities:
6 |
7 | - **ArgoCD** (also known as OpenShift GitOps): For GitOps-based continuous delivery
8 | - **Open Cluster Management** (also known as Red Hat Advanced Cluster Management or RHACM): For comprehensive cluster lifecycle management
9 |
10 | ## Understanding the Architecture
11 |
12 | At the heart of RHACM lies a Hub and Spoke architecture that provides centralized management of multiple clusters. The Hub Cluster, running RHACM, serves as the control center, offering:
13 |
14 | - Cluster lifecycle management
15 | - Application lifecycle management
16 | - Governance and policy enforcement
17 | - Comprehensive observability
18 | - Centralized control of all Spoke Clusters
19 |
20 | ## Visual Representation
21 |
22 | Below is a visual representation of a typical Hub and Spoke deployment across multiple cloud environments:
23 |
24 |
25 |
26 |
(back to main)
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/cicd/project-cicd/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | - 1-infra/1-infra.yaml
3 | - 2-services/2-services.yaml
4 | - 3-apps/3-apps.yaml
5 | patches:
6 | - target:
7 | group: argoproj.io
8 | kind: Application
9 | labelSelector: "gitops.tier.layer=gitops"
10 | patch: |-
11 | - op: add
12 | path: /spec/source/repoURL
13 | value: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS}
14 | - op: add
15 | path: /spec/source/targetRevision
16 | value: ${GIT_GITOPS_BRANCH}
17 | - target:
18 | group: argoproj.io
19 | kind: AppProject
20 | patch: |-
21 | - op: add
22 | path: /spec/sourceRepos/-
23 | value: ${HELM_REPOURL}
24 | - target:
25 | group: argoproj.io
26 | kind: AppProject
27 | labelSelector: "gitops.tier.layer=infra"
28 | patch: |-
29 | - op: add
30 | path: /spec/sourceRepos/-
31 | value: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS}
32 | - op: add
33 | path: /spec/sourceRepos/-
34 | value: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS_INFRA}
35 | - target:
36 | group: argoproj.io
37 | kind: AppProject
38 | labelSelector: "gitops.tier.layer=services"
39 | patch: |-
40 | - op: add
41 | path: /spec/sourceRepos/-
42 | value: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS}
43 | - op: add
44 | path: /spec/sourceRepos/-
45 | value: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS_SERVICES}
46 | - target:
47 | group: argoproj.io
48 | kind: AppProject
49 | labelSelector: "gitops.tier.layer=applications"
50 | patch: |-
51 | - op: add
52 | path: /spec/sourceRepos/-
53 | value: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS}
54 | - op: add
55 | path: /spec/sourceRepos/-
56 | value: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS_APPLICATIONS}
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/dev/project-simple/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | - 1-infra/1-infra.yaml
3 | - 2-services/2-services.yaml
4 | #- 3-apps/3-apps.yaml
5 | patches:
6 | - target:
7 | group: argoproj.io
8 | kind: Application
9 | labelSelector: "gitops.tier.layer=gitops"
10 | patch: |-
11 | - op: add
12 | path: /spec/source/repoURL
13 | value: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS}
14 | - op: add
15 | path: /spec/source/targetRevision
16 | value: ${GIT_GITOPS_BRANCH}
17 | - target:
18 | group: argoproj.io
19 | kind: AppProject
20 | patch: |-
21 | - op: add
22 | path: /spec/sourceRepos/-
23 | value: ${HELM_REPOURL}
24 | - target:
25 | group: argoproj.io
26 | kind: AppProject
27 | labelSelector: "gitops.tier.layer=infra"
28 | patch: |-
29 | - op: add
30 | path: /spec/sourceRepos/-
31 | value: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS}
32 | - op: add
33 | path: /spec/sourceRepos/-
34 | value: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS_INFRA}
35 | - target:
36 | group: argoproj.io
37 | kind: AppProject
38 | labelSelector: "gitops.tier.layer=services"
39 | patch: |-
40 | - op: add
41 | path: /spec/sourceRepos/-
42 | value: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS}
43 | - op: add
44 | path: /spec/sourceRepos/-
45 | value: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS_SERVICES}
46 | - target:
47 | group: argoproj.io
48 | kind: AppProject
49 | labelSelector: "gitops.tier.layer=applications"
50 | patch: |-
51 | - op: add
52 | path: /spec/sourceRepos/-
53 | value: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS}
54 | - op: add
55 | path: /spec/sourceRepos/-
56 | value: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS_APPLICATIONS}
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/prod/project-simple/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | - 1-infra/1-infra.yaml
3 | - 2-services/2-services.yaml
4 | #- 3-apps/3-apps.yaml
5 | patches:
6 | - target:
7 | group: argoproj.io
8 | kind: Application
9 | labelSelector: "gitops.tier.layer=gitops"
10 | patch: |-
11 | - op: add
12 | path: /spec/source/repoURL
13 | value: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS}
14 | - op: add
15 | path: /spec/source/targetRevision
16 | value: ${GIT_GITOPS_BRANCH}
17 | - target:
18 | group: argoproj.io
19 | kind: AppProject
20 | patch: |-
21 | - op: add
22 | path: /spec/sourceRepos/-
23 | value: ${HELM_REPOURL}
24 | - target:
25 | group: argoproj.io
26 | kind: AppProject
27 | labelSelector: "gitops.tier.layer=infra"
28 | patch: |-
29 | - op: add
30 | path: /spec/sourceRepos/-
31 | value: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS}
32 | - op: add
33 | path: /spec/sourceRepos/-
34 | value: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS_INFRA}
35 | - target:
36 | group: argoproj.io
37 | kind: AppProject
38 | labelSelector: "gitops.tier.layer=services"
39 | patch: |-
40 | - op: add
41 | path: /spec/sourceRepos/-
42 | value: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS}
43 | - op: add
44 | path: /spec/sourceRepos/-
45 | value: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS_SERVICES}
46 | - target:
47 | group: argoproj.io
48 | kind: AppProject
49 | labelSelector: "gitops.tier.layer=applications"
50 | patch: |-
51 | - op: add
52 | path: /spec/sourceRepos/-
53 | value: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS}
54 | - op: add
55 | path: /spec/sourceRepos/-
56 | value: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS_APPLICATIONS}
--------------------------------------------------------------------------------
/0-bootstrap/spokeclusters/test/project-easy/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | - 1-infra/1-infra.yaml
3 | - 2-services/2-services.yaml
4 | #- 3-apps/3-apps.yaml
5 | patches:
6 | - target:
7 | group: argoproj.io
8 | kind: Application
9 | labelSelector: "gitops.tier.layer=gitops"
10 | patch: |-
11 | - op: add
12 | path: /spec/source/repoURL
13 | value: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS}
14 | - op: add
15 | path: /spec/source/targetRevision
16 | value: ${GIT_GITOPS_BRANCH}
17 | - target:
18 | group: argoproj.io
19 | kind: AppProject
20 | patch: |-
21 | - op: add
22 | path: /spec/sourceRepos/-
23 | value: ${HELM_REPOURL}
24 | - target:
25 | group: argoproj.io
26 | kind: AppProject
27 | labelSelector: "gitops.tier.layer=infra"
28 | patch: |-
29 | - op: add
30 | path: /spec/sourceRepos/-
31 | value: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS}
32 | - op: add
33 | path: /spec/sourceRepos/-
34 | value: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS_INFRA}
35 | - target:
36 | group: argoproj.io
37 | kind: AppProject
38 | labelSelector: "gitops.tier.layer=services"
39 | patch: |-
40 | - op: add
41 | path: /spec/sourceRepos/-
42 | value: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS}
43 | - op: add
44 | path: /spec/sourceRepos/-
45 | value: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS_SERVICES}
46 | - target:
47 | group: argoproj.io
48 | kind: AppProject
49 | labelSelector: "gitops.tier.layer=applications"
50 | patch: |-
51 | - op: add
52 | path: /spec/sourceRepos/-
53 | value: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS}
54 | - op: add
55 | path: /spec/sourceRepos/-
56 | value: ${GIT_BASEURL}/${GIT_ORG}/${GIT_GITOPS_APPLICATIONS}
--------------------------------------------------------------------------------
/doc/upi-options.md:
--------------------------------------------------------------------------------
1 | # User Provisioned Infrastructure (UPI) - Installation Options
2 |
3 | Welcome to our comprehensive guide for OpenShift User Provisioned Infrastructure (UPI) installation! This guide provides you with access to battle-tested Terraform configurations developed by the IBM Cloud Native Toolkit team to help you deploy OpenShift across various cloud platforms and infrastructure providers.
4 |
5 | ## Available Installation Options
6 |
7 | Choose from our collection of Terraform-based installation templates for your preferred platform:
8 |
9 | - [Azure](https://github.com/ibm-cloud-architecture/terraform-openshift4-azure) - Deploy OpenShift on Microsoft Azure
10 | - [AWS](https://github.com/ibm-cloud-architecture/terraform-openshift4-aws) - Deploy OpenShift on Amazon Web Services
11 | - [VMWare](https://github.com/ibm-cloud-architecture/terraform-openshift4-vmware) - Deploy OpenShift on VMWare vSphere
12 | - [IBM Cloud VMWare Cloud Director](https://github.com/ibm-cloud-architecture/terraform-openshift4-vcd) - Deploy OpenShift on IBM Cloud VCD
13 | - [GCP](https://github.com/ibm-cloud-architecture/terraform-openshift4-gcp) - Deploy OpenShift on Google Cloud Platform
14 | - [IBM Power Systems - PowerVC](https://github.com/ocp-power-automation/ocp4-upi-powervm) - Deploy OpenShift on IBM Power Systems using PowerVC
15 | - [IBM Power Systems - HMC](https://github.com/ocp-power-automation/ocp4-upi-powervm-hmc) - Deploy OpenShift on IBM Power Systems using HMC
16 | - [IBM Cloud PowerVS](https://github.com/ocp-power-automation/ocp4-upi-powervs) - Deploy OpenShift on IBM Cloud Power Virtual Servers
17 |
18 | Each repository contains detailed documentation, best practices, and pre-configured Terraform modules to help you get started quickly and efficiently.
19 |
20 | (back to main)
--------------------------------------------------------------------------------