From 6ea39826114803fe219a3927343d428da4b92aaa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Jeanneret?= Date: Mon, 15 Jun 2026 15:24:00 +0200 Subject: [PATCH] feat(patterns): add rhoso-gitops pattern docs Add sandbox-tier documentation for the RHOSO GitOps pattern: overview, getting started, cluster sizing, configuration, and troubleshooting pages, reusable AsciiDoc modules, metadata from pattern-metadata.yaml, shared RHOSO attributes, and spellcheck wordlist entries. Pattern repository links use cjeanner/pattern-rhoso-gitops for now. TODO(repo-move) comments mark github, bugs, and deploy URLs to update once the repo moves to validatedpatterns-sandbox/rhoso-gitops. Architecture diagrams (GitOps delivery and infrastructure topology) were created on Miro and exported as SVG under static/images/rhoso-gitops/. AI-Assist: Cursor; model=Composer; mode=agent; origin=cursor --- .wordlist.txt | 24 +- content/patterns/rhoso-gitops/_index.adoc | 37 +++ .../patterns/rhoso-gitops/cluster-sizing.adoc | 33 +++ .../patterns/rhoso-gitops/configuration.adoc | 18 ++ .../rhoso-gitops/getting-started.adoc | 19 ++ .../rhoso-gitops/troubleshooting.adoc | 88 ++++++ modules/comm-attributes.adoc | 3 + .../rhoso-gitops/metadata-rhoso-gitops.adoc | 27 ++ modules/rhoso-gitops/rhoso-gitops-about.adoc | 74 +++++ .../rhoso-gitops-architecture.adoc | 98 +++++++ .../rhoso-gitops-configuration.adoc | 169 ++++++++++++ .../rhoso-gitops/rhoso-gitops-deploying.adoc | 86 ++++++ .../rhoso-gitops-applications.svg | 242 +++++++++++++++++ .../rhoso-gitops-infrastructure.svg | 252 ++++++++++++++++++ 14 files changed, 1166 insertions(+), 4 deletions(-) create mode 100644 content/patterns/rhoso-gitops/_index.adoc create mode 100644 content/patterns/rhoso-gitops/cluster-sizing.adoc create mode 100644 content/patterns/rhoso-gitops/configuration.adoc create mode 100644 content/patterns/rhoso-gitops/getting-started.adoc create mode 100644 content/patterns/rhoso-gitops/troubleshooting.adoc create mode 100644 modules/rhoso-gitops/metadata-rhoso-gitops.adoc create mode 100644 modules/rhoso-gitops/rhoso-gitops-about.adoc create mode 100644 modules/rhoso-gitops/rhoso-gitops-architecture.adoc create mode 100644 modules/rhoso-gitops/rhoso-gitops-configuration.adoc create mode 100644 modules/rhoso-gitops/rhoso-gitops-deploying.adoc create mode 100644 static/images/rhoso-gitops/rhoso-gitops-applications.svg create mode 100644 static/images/rhoso-gitops/rhoso-gitops-infrastructure.svg diff --git a/.wordlist.txt b/.wordlist.txt index 46ca445a77..97e448751b 100644 --- a/.wordlist.txt +++ b/.wordlist.txt @@ -39,9 +39,9 @@ anattama anonymized anonymizer ansible -api's apicast apicurito +api's apis apiversion appdev @@ -109,6 +109,7 @@ cacert cakephp canarypausestep cas +ccvdr cdd cdh cdn @@ -128,6 +129,7 @@ chown chroot cicd cj +cjeanner ckollujlir claudiol cli @@ -193,6 +195,7 @@ cryptographic csi csr csv +csvs ctdim ctrl cuda @@ -209,6 +212,7 @@ dasv datacenter dataflow datagrid +dataplane dataset datasets datasheet @@ -315,6 +319,7 @@ externalurl extraconfig facto fadc +faipqlsci fc fcb fcea @@ -340,6 +345,7 @@ fs fssl fsv fsync +fu fvsm fx gapped @@ -393,6 +399,7 @@ hc hcl hcp hdsr +healthcheck helloworld helmoverrides helmrepourl @@ -510,6 +517,8 @@ jtf jumpstart jupyter jws +jyerthqlkjdugwqbg +jyerthqlkjdugwqbg7vcg kafdrop kafkasource kafkatopic @@ -708,11 +717,12 @@ opendatahub openid openjdk openshift -openshift's openshiftpullsecret +openshift's openshiftsdn openshiftversion openssl +openstack openvino openvinotoolkit operatorchannel @@ -776,6 +786,7 @@ predeploy prem preplay preprocess +prereq prereqs prerequisitesrequirements privatekey @@ -831,8 +842,8 @@ renderers replicaset replicasets repo -repo's repolist +repo's repos repourl reranked @@ -852,6 +863,7 @@ rhoai rhocp rhodf rhods +rhoso rhpam rhpds rhsm @@ -961,6 +973,7 @@ svg synapseai synched syncpolicy +syncwave sys syscall targetbucket @@ -1037,8 +1050,8 @@ unsealvault untrusted updatingconfig updatingversion -upstream's upstreaming +upstream's ure uri usecsv @@ -1056,6 +1069,7 @@ vaultkeys vaultpolicy vaultprefixes vaultproject +vcg vcpu vcpus vdjtkgams @@ -1065,6 +1079,7 @@ vectorized veeam vfio vhjpkievife +viewform virtualmachine virtualmachines vm @@ -1091,6 +1106,7 @@ wip wjalrxutnfemi/k7mdeng/bpxrficyexamplekey wnklrcd wtjq +wypu wyr xeon xeons diff --git a/content/patterns/rhoso-gitops/_index.adoc b/content/patterns/rhoso-gitops/_index.adoc new file mode 100644 index 0000000000..38d2667079 --- /dev/null +++ b/content/patterns/rhoso-gitops/_index.adoc @@ -0,0 +1,37 @@ +--- +title: RHOSO GitOps +date: 2026-06-15 +tier: sandbox +summary: Deploy Red Hat OpenStack Services on OpenShift using GitOps via the rhoso-gitops meta-chart. +rh_products: + - Red Hat OpenShift Container Platform + - Red Hat OpenShift GitOps + - Red Hat OpenStack Services on OpenShift +industries: + - General +focus_areas: + - DevSecOps +aliases: /rhoso-gitops/ +# TODO(repo-move): update github and bugs URLs to validatedpatterns-sandbox/rhoso-gitops +links: + github: https://github.com/cjeanner/pattern-rhoso-gitops + install: getting-started + bugs: https://github.com/cjeanner/pattern-rhoso-gitops/issues + feedback: https://docs.google.com/forms/d/e/1FAIpQLScI76b6tD1WyPu2-d_9CCVDr3Fu5jYERthqLKJDUGwqBg7Vcg/viewform +--- + +:toc: +:imagesdir: /images +:_content-type: ASSEMBLY +include::modules/comm-attributes.adoc[] + +include::modules/rhoso-gitops/rhoso-gitops-about.adoc[leveloffset=+1] + +include::modules/rhoso-gitops/rhoso-gitops-architecture.adoc[leveloffset=+1] + +[id="next-steps_rhoso-gitops-index"] +== Next steps + +* link:getting-started[Deploy the pattern] +* link:cluster-sizing[Review cluster sizing requirements] +* link:configuration[Configure upstream pins and overrides] diff --git a/content/patterns/rhoso-gitops/cluster-sizing.adoc b/content/patterns/rhoso-gitops/cluster-sizing.adoc new file mode 100644 index 0000000000..58f88ff3e8 --- /dev/null +++ b/content/patterns/rhoso-gitops/cluster-sizing.adoc @@ -0,0 +1,33 @@ +--- +title: Cluster sizing +weight: 20 +aliases: /rhoso-gitops/cluster-sizing/ +--- + +:toc: +:imagesdir: /images +:_content-type: ASSEMBLY +include::modules/comm-attributes.adoc[] +include::modules/rhoso-gitops/metadata-rhoso-gitops.adoc[] + +include::modules/cluster-sizing-template.adoc[] + +[id="rhoso-gitops-dataplane-hosts"] +== Data plane host requirements + +The hub cluster sizing tables above cover the {rh-ocp} nodes that host the +{rh-rhoso-short} control plane. A full {rh-rhoso-short} deployment also +requires separate {rhel-short} hosts for the data plane (compute nodes running +dataplane elements). + +Plan additional {rhel-short} capacity beyond the OpenShift worker sizing in +`pattern-metadata.yaml`. Operator stages, sync order, and version pins are +documented in the pattern repository +link:https://github.com/cjeanner/pattern-rhoso-gitops/blob/main/VERSIONS.md[VERSIONS.md] +file. + +[id="next-steps_rhoso-gitops-cluster-sizing"] +== Next steps + +* link:../getting-started/[Deploy the pattern] +* link:../configuration/[Configure upstream pins and overrides] diff --git a/content/patterns/rhoso-gitops/configuration.adoc b/content/patterns/rhoso-gitops/configuration.adoc new file mode 100644 index 0000000000..b4b54445a4 --- /dev/null +++ b/content/patterns/rhoso-gitops/configuration.adoc @@ -0,0 +1,18 @@ +--- +title: Configuration +weight: 30 +aliases: /rhoso-gitops/configuration/ +--- + +:toc: +:imagesdir: /images +:_content-type: ASSEMBLY +include::modules/comm-attributes.adoc[] + +include::modules/rhoso-gitops/rhoso-gitops-configuration.adoc[leveloffset=+1] + +[id="next-steps_rhoso-gitops-configuration"] +== Next steps + +* link:../getting-started/[Deploy the pattern] +* link:../troubleshooting/[Troubleshooting] diff --git a/content/patterns/rhoso-gitops/getting-started.adoc b/content/patterns/rhoso-gitops/getting-started.adoc new file mode 100644 index 0000000000..31f5bb66ce --- /dev/null +++ b/content/patterns/rhoso-gitops/getting-started.adoc @@ -0,0 +1,19 @@ +--- +title: Getting started +weight: 10 +aliases: /rhoso-gitops/getting-started/ +--- + +:toc: +:imagesdir: /images +:_content-type: ASSEMBLY +include::modules/comm-attributes.adoc[] + +include::modules/rhoso-gitops/rhoso-gitops-deploying.adoc[leveloffset=+1] + +[id="next-steps_rhoso-gitops-getting-started"] +== Next steps + +* link:../configuration/[Configure the pattern] +* link:../cluster-sizing/[Review cluster sizing] +* link:../troubleshooting/[Troubleshooting] diff --git a/content/patterns/rhoso-gitops/troubleshooting.adoc b/content/patterns/rhoso-gitops/troubleshooting.adoc new file mode 100644 index 0000000000..76ab37d61a --- /dev/null +++ b/content/patterns/rhoso-gitops/troubleshooting.adoc @@ -0,0 +1,88 @@ +--- +title: Troubleshooting +weight: 40 +aliases: /rhoso-gitops/troubleshooting/ +--- + +:toc: +:imagesdir: /images +:_content-type: ASSEMBLY +include::modules/comm-attributes.adoc[] + +[id="troubleshooting-rhoso-gitops"] += Troubleshooting the {rhoso-gitops-pattern} + +[id="rhoso-gitops-validate-pattern"] +== Validating the pattern + +Run pattern validation commands from the pattern repository root: + +[source,terminal] +---- +$ ./pattern.sh make validate-prereq +$ ./pattern.sh make validate-schema +$ ./pattern.sh make argo-healthcheck +---- + +[id="rhoso-gitops-check-argocd"] +== Checking Argo CD application status + +The pattern uses two Argo CD namespaces. List applications in each: + +[source,terminal] +---- +$ oc get applications -n vp-gitops +$ oc get applications -n openshift-gitops +---- + +Inspect a child application that is out of sync or unhealthy: + +[source,terminal] +---- +$ oc describe application -n openshift-gitops +---- + +Use the Argo CD UI in the `openshift-gitops` namespace to review sync waves, +resource health, and diff details for upstream overlays. + +[id="rhoso-gitops-check-pods"] +== Checking pod status + +To verify that workloads deployed successfully, list pods that are not Running or +Completed: + +[source,terminal] +---- +$ oc get pods -A | grep -v Running | grep -v Completed +---- + +Review logs for a specific pod: + +[source,terminal] +---- +$ oc logs -n +---- + +[id="rhoso-gitops-known-issues"] +== Known issues + +* *`openstack-secrets` disabled* — The default pattern leaves + `openstack-secrets` disabled because no Git path is configured (`path: TODO`). + Enable it only after you configure secret wiring and a bootstrap credential + out of band. See link:../configuration/#rhoso-gitops-secret-zero[Secret zero + (bootstrap credential)]. +* *Upstream sync failures* — Confirm `targetRevision` and paths in + `overrides/values-rhoso-gitops.yaml` match a tag or branch that exists in + link:https://github.com/openstack-k8s-operators/gitops[openstack-k8s-operators/gitops]. +* *Operator install delays* — Infrastructure operators in `operator-dependencies` + subscribe from the cluster catalog; allow time for OLM to resolve CSVs before + later sync waves run. + +For community support, open an issue in the +link:https://github.com/cjeanner/pattern-rhoso-gitops/issues[pattern repository]. + +[id="next-steps_rhoso-gitops-troubleshooting"] +== Next steps + +* link:../getting-started/[Getting started] +* link:../configuration/[Configuration] diff --git a/modules/comm-attributes.adoc b/modules/comm-attributes.adoc index 7ed8d6c0db..b100adf426 100644 --- a/modules/comm-attributes.adoc +++ b/modules/comm-attributes.adoc @@ -115,6 +115,9 @@ :kebab: image:kebab.png[title="Options menu"] :rh-openstack-first: Red{nbsp}Hat OpenStack Platform (RHOSP) :openstack-short: RHOSP +:rh-rhoso: Red{nbsp}Hat OpenStack Services on OpenShift +:rh-rhoso-short: RHOSO +:rhoso-gitops-pattern: RHOSO GitOps pattern //Assisted Installer :ai-full: Assisted Installer :ai-version: 2.3 diff --git a/modules/rhoso-gitops/metadata-rhoso-gitops.adoc b/modules/rhoso-gitops/metadata-rhoso-gitops.adoc new file mode 100644 index 0000000000..31a87f9010 --- /dev/null +++ b/modules/rhoso-gitops/metadata-rhoso-gitops.adoc @@ -0,0 +1,27 @@ +// This file has been generated automatically from the pattern-metadata.yaml file +// Do not edit manually! +:metadata_version: 1.0 +:name: rhoso-gitops +:description: Deploy Red Hat OpenStack Services on OpenShift (RHOSO) using GitOps via the rhoso-gitops meta-chart and upstream Kustomize example overlays. +:pattern_version: 0.1.0 +:display_name: RHOSO GitOps +:repo_url: https://github.com/cjeanner/pattern-rhoso-gitops +:docs_repo_url: https://github.com/validatedpatterns/docs +:issues_url: https://github.com/cjeanner/pattern-rhoso-gitops/issues +:docs_url: https://github.com/cjeanner/pattern-rhoso-gitops#readme +:tier: sandbox +:owners: cjeanner +:requirements_hub_compute_platform_aws_replicas: 3 +:requirements_hub_compute_platform_aws_type: m5.4xlarge +:requirements_hub_compute_platform_azure_replicas: 3 +:requirements_hub_compute_platform_azure_type: Standard_D16s_v3 +:requirements_hub_compute_platform_gcp_replicas: 3 +:requirements_hub_compute_platform_gcp_type: n1-standard-16 +:requirements_hub_controlPlane_platform_aws_replicas: 3 +:requirements_hub_controlPlane_platform_aws_type: m5.2xlarge +:requirements_hub_controlPlane_platform_azure_replicas: 3 +:requirements_hub_controlPlane_platform_azure_type: Standard_D8s_v3 +:requirements_hub_controlPlane_platform_gcp_replicas: 3 +:requirements_hub_controlPlane_platform_gcp_type: n1-standard-8 +:extra_features_hypershift_support: false +:extra_features_spoke_support: false diff --git a/modules/rhoso-gitops/rhoso-gitops-about.adoc b/modules/rhoso-gitops/rhoso-gitops-about.adoc new file mode 100644 index 0000000000..6b16d1b704 --- /dev/null +++ b/modules/rhoso-gitops/rhoso-gitops-about.adoc @@ -0,0 +1,74 @@ +:_content-type: CONCEPT +:imagesdir: ../../images + +[id="about-rhoso-gitops-pattern"] += About the {rhoso-gitops-pattern} + +Deploying {rh-rhoso} spans operators, networking, and control-plane and data-plane +resources. Teams that rely on imperative scripts or manual cluster changes face +slow rollouts, configuration drift, and weak audit trails when the stack must be +upgraded or reproduced. + +The {rhoso-gitops-pattern} addresses that by driving {rh-rhoso-short} from public +Git through Argo CD: manifests stay declarative and version-controlled, and the +cluster is reconciled to match what is declared in the repository. + +[id="rhoso-gitops-pattern-goals"] +== Pattern goals + +The {rhoso-gitops-pattern} aims to: + +* Install the *rhoso-gitops* meta-chart through the Validated Patterns + clustergroup and {gitops-title} operator +* Create child Argo CD Applications that sync {rh-rhoso-short} stages from upstream + link:https://github.com/openstack-k8s-operators/gitops[openstack-k8s-operators/gitops] + (`example/*` Kustomize overlays) +* Target one {rh-ocp} cluster only; no managed-cluster spokes are in scope +* Keep day-two changes reviewable in Git instead of one-off `oc` or Ansible runs + +[id="rhoso-gitops-red-hat-technologies"] +== Red Hat technologies + +* {rh-ocp} +* {gitops-title} +* {rh-rhoso} + +[id="rhoso-gitops-cluster-scope"] +== Cluster scope + +Validated Patterns distinguish between the *initial cluster* (where the pattern +is installed) and *managed clusters* (additional {rh-ocp} clusters or hosts +managed from that hub, for example through {rh-rhacm}). + +The {rhoso-gitops-pattern} is *single-cluster only*. It does not provide +multi-cluster support, spoke provisioning, or hub-to-spoke {gitops-shortname} +fan-out. + +.Cluster scope +[cols="1,1,3",options="header"] +|=== +| Scope | Supported | What applies + +| Initial cluster +| Yes +| Validated Patterns clustergroup (`values-standalone.yaml`), *rhoso-gitops* + meta-chart, and child {rh-rhoso-short} Applications in `openshift-gitops` + +| Managed clusters +| None +| Not in scope (`spoke_support: false` in `pattern-metadata.yaml`). No spoke + sizing, policies, {rh-rhacm} placement, or remote Argo CD instances are + defined or deployed +|=== + +Sizing guidance under `requirements.hub` in the pattern repository applies to +the single target cluster. Managed-cluster requirements (for example eventual +consistency across spokes) do not apply to this pattern. + +[id="rhoso-gitops-support"] +== Support + +This is a *sandbox tier* Validated Pattern. Support is provided by the community +on a best-effort basis. For details, see the +link:https://github.com/cjeanner/pattern-rhoso-gitops/blob/main/SUPPORT.md[support policy] +in the pattern repository. diff --git a/modules/rhoso-gitops/rhoso-gitops-architecture.adoc b/modules/rhoso-gitops/rhoso-gitops-architecture.adoc new file mode 100644 index 0000000000..bd032a8cde --- /dev/null +++ b/modules/rhoso-gitops/rhoso-gitops-architecture.adoc @@ -0,0 +1,98 @@ +:_content-type: CONCEPT +:imagesdir: ../../images + +[id="rhoso-gitops-architecture"] += {rhoso-gitops-pattern} architecture + +[id="rhoso-gitops-gitops-delivery"] +== GitOps delivery flow + +The pattern uses the Validated Patterns framework to install the *rhoso-gitops* +Helm meta-chart. That chart creates Argo CD `Application` resources that sync +{rh-rhoso-short} stages from the upstream +link:https://github.com/openstack-k8s-operators/gitops[openstack-k8s-operators/gitops] +repository (`example/*` Kustomize overlays). + +The delivery path is: + +. Validated Patterns operator reconciles the pattern clustergroup +. Parent *rhoso-gitops* Application runs in `vp-gitops` (Validated Patterns GitOps) +. Meta-chart renders child Applications in `openshift-gitops` ({gitops-title}) +. Child apps sync upstream `example/*` overlays in order (operators, networks, + control plane, dataplane) + +.GitOps application delivery and sync-wave ordering +image::rhoso-gitops/rhoso-gitops-applications.svg[{rhoso-gitops-pattern} GitOps application delivery,700] + +The diagram shows the parent Application in `vp-gitops`, child Applications in +`openshift-gitops`, and the upstream Kustomize overlays they sync. Sync-wave +annotations order deployment from infrastructure operators through the data +plane. + +[id="rhoso-gitops-dual-argocd"] +== Dual Argo CD namespaces + +* The pattern operator deploys the parent *rhoso-gitops* Application into + *`vp-gitops`* (Validated Patterns GitOps). +* Child {rh-rhoso-short} Applications are created in *`openshift-gitops`* + ({gitops-title} operator), per the meta-chart defaults. + +[id="rhoso-gitops-infrastructure-topology"] +== Infrastructure topology + +An {rh-ocp} cluster hosts the {rh-rhoso-short} control plane (OpenStack operators +and `OpenStackControlPlane` services on control-plane nodes). Separate {rhel-short} +hosts run the {rh-rhoso-short} data plane (dataplane elements on compute nodes). + +The GitOps flow above describes *how* configuration is delivered. The diagram +and list below describe *what* gets deployed: + +.RHOSO infrastructure topology +image::rhoso-gitops/rhoso-gitops-infrastructure.svg[{rhoso-gitops-pattern} infrastructure topology,700] + +* *OpenShift cluster* — control-plane nodes run OpenStack operators and + `OpenStackControlPlane` services +* *Data plane hosts* — one or more {rhel-short} compute nodes run {rh-rhoso-short} + dataplane elements, connected to the control plane + +[id="rhoso-gitops-sync-waves"] +== Application sync order + +Child Applications deploy in sync-wave order when Argo CD reconciles the parent +*rhoso-gitops* Application: + +[cols="2,3,1",options="header"] +|=== +| Application | Purpose | Sync wave + +| `operator-dependencies` +| Infrastructure operators (cert-manager, MetalLB, nmstate, observability) +| `-20` + +| `openstack-operator` +| OpenStack operator subscription +| `-20` + +| `openstack-operator-cr` +| Main `OpenStack` custom resource +| `-15` + +| `openstack-secrets` +| Secure-backend sync (disabled by default) +| `-10` + +| `openstack-networks` +| Network configuration +| `0` + +| `openstack-controlplane` +| `OpenStackControlPlane` +| `10` + +| `openstack-dataplane` +| Data plane +| `20` +|=== + +After changing overrides, confirm child apps in the Argo CD UI or with +`oc get applications -n openshift-gitops`. diff --git a/modules/rhoso-gitops/rhoso-gitops-configuration.adoc b/modules/rhoso-gitops/rhoso-gitops-configuration.adoc new file mode 100644 index 0000000000..6f6069a4d0 --- /dev/null +++ b/modules/rhoso-gitops/rhoso-gitops-configuration.adoc @@ -0,0 +1,169 @@ +:_content-type: REFERENCE +:imagesdir: ../../images + +[id="rhoso-gitops-configuration"] += Configuring the {rhoso-gitops-pattern} + +The *rhoso-gitops* meta-chart renders Argo CD `Application` resources. It does +not deploy {rh-rhoso-short} workloads directly; Kustomize overlays in the +upstream gitops repository remain the source of truth. + +[id="rhoso-gitops-values-layers"] +== Values file layers + +The clustergroup application in `values-standalone.yaml` points Argo CD at +`charts/all/rhoso-gitops` and layers pattern overrides from +`overrides/values-rhoso-gitops.yaml` via `extraValueFiles`. + +.Values file layers +[cols="1,2,3",options="header"] +|=== +| Layer | File | Role + +| Pattern global +| `values-global.yaml` +| Pattern name, sync policy, clustergroup chart version + +| Cluster group +| `values-standalone.yaml` +| Registers the `rhoso-gitops` application and namespaces + +| Chart defaults +| `charts/all/rhoso-gitops/values.yaml` +| Default `applications` map and chart-wide keys + +| Pattern overrides +| `overrides/values-rhoso-gitops.yaml` +| Pins upstream `repoURL`, `targetRevision`, and paths + +| Platform overrides +| `overrides/values-AWS.yaml` +| Optional platform-specific overrides (placeholder) +|=== + +To change upstream Git content (revision, paths, enable or disable apps), edit +`overrides/values-rhoso-gitops.yaml` and sync the pattern (or let automated +sync reconcile, per `global.options.syncPolicy` in `values-global.yaml`). + +[id="rhoso-gitops-upstream-applications"] +== Upstream applications (default `v0.1.0`) + +Child Argo CD Applications sync from +link:https://github.com/openstack-k8s-operators/gitops[openstack-k8s-operators/gitops] +at the revision pinned in `overrides/values-rhoso-gitops.yaml`. + +.Default upstream applications +[cols="2,2,1",options="header"] +|=== +| Argo CD application | Upstream path | Enabled + +| `operator-dependencies` +| `example/dependencies` +| yes + +| `openstack-operator` +| `example/openstack-operator` +| yes + +| `openstack-operator-cr` +| `example/openstack-operator-cr` +| yes + +| `openstack-secrets` +| not configured (`path: TODO`) +| no + +| `openstack-networks` +| `example/openstack-networks` +| yes + +| `openstack-controlplane` +| `example/openstack-controlplane` +| yes + +| `openstack-dataplane` +| `example/openstack-dataplane` +| yes +|=== + +Product, framework, upstream Git, and operator versions are listed in the pattern +repository +link:https://github.com/cjeanner/pattern-rhoso-gitops/blob/main/VERSIONS.md[VERSIONS.md] +file. + +[id="rhoso-gitops-pin-revision"] +== Pinning a different upstream revision + +In `overrides/values-rhoso-gitops.yaml`: + +[source,yaml] +---- +applications: + openstack-operator: + targetRevision: "v0.2.0" + openstack-controlplane: + targetRevision: "v0.2.0" +---- + +Apply the same key under every application you want on that revision, or only +the entries you need to change; unspecified keys keep chart defaults. + +[id="rhoso-gitops-disable-stage"] +== Disabling a deployment stage + +[source,yaml] +---- +applications: + openstack-dataplane: + enabled: false +---- + +[id="rhoso-gitops-repoint-overlay"] +== Repointing an application to your Git overlay + +[source,yaml] +---- +applications: + openstack-controlplane: + repoURL: "https://github.com/example/your-gitops.git" + path: "environments/prod/controlplane" + targetRevision: "main" +---- + +[id="rhoso-gitops-kustomize-components"] +== Adding Kustomize components + +For example, to add a secrets operator component via `operator-dependencies`: + +[source,yaml] +---- +applications: + operator-dependencies: + kustomize: + components: + - "https://github.com/openstack-k8s-operators/gitops/components/secrets/vault-secrets-operator?ref=v0.2.0" +---- + +Component URLs for Vault Secrets Operator and External Secrets Operator are +documented in the upstream +link:https://github.com/openstack-k8s-operators/gitops/tree/main/components/secrets[components/secrets] +readme. + +[id="rhoso-gitops-secret-zero"] +== Secret zero (bootstrap credential) + +{rh-rhoso-short} GitOps often uses a secure store (for example Vault). The +bootstrap credential must not live in Git. Typical steps: + +. Create the `openstack` namespace (or the namespace your overlay specifies). +. Create the Kubernetes `Secret` out of band (`oc create secret generic ...`). +. Add a Kustomize overlay in *your* Git repository for secret wiring (non-sensitive + manifests only). +. Enable and configure `applications.openstack-secrets` in + `overrides/values-rhoso-gitops.yaml` (`enabled: true`, `repoURL`, `path`, + `targetRevision`, optional `kustomize` patches). +. Install the secrets operator via `operator-dependencies` using + `kustomize.components` URLs from the upstream secrets components. + +For standalone Helm usage and advanced chart examples, see the upstream +link:https://github.com/openstack-k8s-operators/gitops/tree/main/charts/rhoso-apps[rhoso-apps chart]. diff --git a/modules/rhoso-gitops/rhoso-gitops-deploying.adoc b/modules/rhoso-gitops/rhoso-gitops-deploying.adoc new file mode 100644 index 0000000000..9bb016196a --- /dev/null +++ b/modules/rhoso-gitops/rhoso-gitops-deploying.adoc @@ -0,0 +1,86 @@ +:_content-type: PROCEDURE +:imagesdir: ../../images + +[id="deploying-rhoso-gitops-pattern"] += Deploying the {rhoso-gitops-pattern} + +[id="rhoso-gitops-prerequisites"] +== Prerequisites + +Before you deploy the pattern, ensure that you have the following: + +* An {rh-ocp} 4.14 or later cluster with sufficient compute and storage for + {rh-rhoso-short}. For sizing guidance, see link:../cluster-sizing/[Cluster sizing]. +* Cluster administrator privileges and a working `kubeconfig` +* link:https://podman.io/[podman] 4.3 or later for `./pattern.sh` +* {gitops-title} available on the cluster (installed by the pattern framework or + pre-installed) +* link:https://validatedpatterns.io/learn/quickstart/[Install the tooling dependencies] + +[id="rhoso-gitops-preparing-deployment"] +== Preparing for deployment + +.Procedure + +// TODO(repo-move): replace cjeanner/pattern-rhoso-gitops with validatedpatterns-sandbox/rhoso-gitops +. Fork the + link:https://github.com/cjeanner/pattern-rhoso-gitops[pattern-rhoso-gitops] + repository on GitHub. + +. Clone your fork: ++ +[source,terminal] +---- +$ git clone git@github.com:/pattern-rhoso-gitops.git +$ cd pattern-rhoso-gitops +---- + +. Optional: if you plan to use Vault integration later, copy the secrets template: ++ +[source,terminal] +---- +$ cp values-secret.yaml.template values-secret.yaml +---- + +[id="rhoso-gitops-installing-pattern"] +== Installing the pattern + +. Validate prerequisites without applying changes: ++ +[source,terminal] +---- +$ ./pattern.sh make validate-prereq +$ ./pattern.sh make show +---- + +. Install the pattern: ++ +[source,terminal] +---- +$ ./pattern.sh make install +---- + +[id="rhoso-gitops-verifying-deployment"] +== Verifying the deployment + +. Watch Argo CD applications in both GitOps namespaces: ++ +[source,terminal] +---- +$ oc get applications -n vp-gitops +$ oc get applications -n openshift-gitops +---- + +. After install, run the pattern health check: ++ +[source,terminal] +---- +$ ./pattern.sh make argo-healthcheck +---- + +. Validate the pattern schema: ++ +[source,terminal] +---- +$ ./pattern.sh make validate-schema +---- diff --git a/static/images/rhoso-gitops/rhoso-gitops-applications.svg b/static/images/rhoso-gitops/rhoso-gitops-applications.svg new file mode 100644 index 0000000000..633860e1f8 --- /dev/null +++ b/static/images/rhoso-gitops/rhoso-gitops-applications.svg @@ -0,0 +1,242 @@ + + + + + + + + + + + + +Validated Pattern: rhoso-​gitopsWave -20: operator-​dependenciesInfra + VSO/ESOWave -20: openstack-​operatorOpenStack operatorWave -15: openstack-​operator-​crMain OpenStack CRWave -10: openstack-​secretsSecure backend syncWave 0: openstack-​networksNetworksWave 10: openstack-​controlplaneOpenStackControlPlaneWave 20: openstack-​dataplaneData planeOpenShift Cluster (OCP)Red Hat OpenStack Services on OpenShift + + creates + + creates + + syncWave 20 + + syncWave 20 + + syncWave 15 + + syncWave 10 + + syncWave 0 + + syncWave 10 + + deploys to \ No newline at end of file diff --git a/static/images/rhoso-gitops/rhoso-gitops-infrastructure.svg b/static/images/rhoso-gitops/rhoso-gitops-infrastructure.svg new file mode 100644 index 0000000000..323addd9a8 --- /dev/null +++ b/static/images/rhoso-gitops/rhoso-gitops-infrastructure.svg @@ -0,0 +1,252 @@ + + + + + + + + + + + + +OpenShift Cluster (OCP)Control Plane Nodes (3 masters)master-1master-2master-3RHOSO Control PlaneOpenStack OperatorsOpenStackControlPlane ServicesData Plane Hosts (N compute nodes)Compute NodeRHELRHOSO Data Plane Elements (nova-​compute, etc.) + + contains + + includes + + includes + + includes + + contains + + manages + + hosts + + contains + + runs + + supports + + controlsCompute NodeCompute nodes \ No newline at end of file