OpenShift (ArgoCD)¶
Create namespace¶
First, we must create a namespace for the Jumpstarter installation. This namespace
should be labeled with argocd.argoproj.io/managed-by=<your-argo-CD-instance>
to allow
ArgoCD to manage the resources in the namespace.
In this case, using the default openshift-gitops ArgoCD deployment, the command would be:
kubectl create namespace jumpstarter-lab
kubectl label namespace jumpstarter-lab argocd.argoproj.io/managed-by=openshift-gitops
Note on CRDs¶
ArgoCD needs to be able to manage the CRDs that Jumpstarter uses. This is done by creating a ClusterRole and ClusterRoleBinding that allows the ArgoCD application controller to manage the CRDs.
An alternative to this is to manually create and update the CRDs that jumpstarter uses.
The ClusterRole & Binding to allow ArgoCD to manage the CRDs are:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
argocds.argoproj.io/name: openshift-gitops
argocds.argoproj.io/namespace: openshift-gitops
name: openshift-gitops-argocd-appcontroller-crd
rules:
- apiGroups:
- 'apiextensions.k8s.io'
resources:
- 'customresourcedefinitions'
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
argocds.argoproj.io/name: openshift-gitops
argocds.argoproj.io/namespace: openshift-gitops
name: openshift-gitops-argocd-appcontroller-crd
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: openshift-gitops-argocd-appcontroller-crd
subjects:
- kind: ServiceAccount
name: openshift-gitops-argocd-application-controller
namespace: openshift-gitops
Application¶
Warning
jumpstarter-controller.controllerSecret
and jumpstarter-controller.routerSecret
are secrets that are used to secure the authentication between clients and the jumpstarter elements.
These secrets should be unique and not shared between installations. Helm installation can
auto-generate values for these, but with ArgoCD such mechanism doesn’t work. You need to manually
create these secrets in the namespace where the jumpstarter is installed.
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: jumpstarter
namespace: openshift-gitops
spec:
destination:
name: in-cluster
namespace: jumpstarter-lab
project: default
source:
chart: jumpstarter
helm:
parameters:
- name: global.baseDomain
value: devel.jumpstarter.dev
- name: global.metrics.enabled
value: "true"
- name: jumpstarter-controller.controllerSecret
value: "pick-a-secret-DONT-USE-THIS-DEFAULT"
- name: jumpstarter-controller.routerSecret
value: "again-pick-a-secret-DONT-USE-THIS-DEFAULT"
- name: jumpstarter-controller.grpc.mode
value: "route"
repoURL: quay.io/jumpstarter-dev/helm
targetRevision: "0.5.0"