Red Hat OpenShift Administration III: Scaling Deployments in the Enterprise

Instructions

Some teams in your organization execute periodic tasks manually. Your organization wants to evaluate automating the tasks with OpenShift and GitOps practices.

In this exercise, you install the Red Hat OpenShift GitOps operator for this purpose. You create a custom Argo CD instance, a Git repository with a sample periodic task, and an Argo CD application. For convenience, you use the default Argo CD instance to create a link to GitLab in the OpenShift web console.

Users can create cron jobs only by pushing them to the Git repository. The organization can evaluate later how to enable users to manage and troubleshoot the cron jobs.

1. Install the OpenShift GitOps operator from OperatorHub.

   1. Use the terminal to log in to the OpenShift cluster as the admin user with redhatocp as the password.

      [student@workstation ~]$ oc login -u admin -p redhatocp \
        https://api.ocp4.example.com:6443
      ...output omitted...

   2. Identify the URL for the OpenShift web console.

      [student@workstation ~]$ oc whoami --show-console
      https://console-openshift-console.apps.ocp4.example.com

   3. Open a web browser and navigate to https://console-openshift-console.apps.ocp4.example.com. Either type the URL in a web browser, or right-click and select Open Link from the terminal.

   4. Click Red Hat Identity Management and log in as the admin user with redhatocp as the password.

   5. Navigate to Operators → OperatorHub.

   6. Click Red Hat OpenShift GitOps, and then click Install.

   7. Review the default configuration and click Install. The Operator Lifecycle Manager can take a few minutes to install the operator. Click View Operator to navigate to the operator details.

   Hide Solution

2. Log in to the default Argo CD instance as a user with administrator privileges. You can use the local admin user with the credentials from the openshift-gitops-cluster secret in the openshift-gitops namespace. The operator adds a link to the default instance in the application menu of the OpenShift console.

   1. Open a separate tab and open the default Argo CD instance. You can use the application menu, which is the grid icon on the top navigation bar, by clicking Cluster Argo CD. You can also use the https://openshift-gitops-server-openshift-gitops.apps.ocp4.example.com URL.

      The browser displays a warning because Argo CD uses a self-signed certificate. Trust the certificate. Argo CD might take a few minutes before showing the login page.

   2. Extract the password for the local admin user.

      In the web console, navigate to Workloads → Secrets, search for the openshift-gitops-cluster secret in all namespaces, and then click Reveal values in the detail page to view the password. Alternatively, you can execute the oc extract -n openshift-gitops secret/openshift-gitops-cluster --to=- command in the terminal to view the password.

   3. Log in to Argo CD by using the admin user and the password from the previous step, and click SIGN IN instead of LOG IN VIA OPENSHIFT.

   Hide Solution

3. Configure the default instance to trust GitLab to access repositories. Argo CD accesses only trusted repositories. You can use the config.openshift.io/inject-trusted-cabundle label to inject the bundle with the cluster certificate authority into a configuration map, and then configure Argo CD to trust the bundle. The bundle contains the signing certificate for the classroom GitLab instance. The bundle is in the ca-bundle.crt file in the configuration map, and Argo CD uses the /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem path for trusted certificates in the repository server container.

   1. Change to the terminal window, and create a cluster-root-ca-bundle configuration map in the openshift-gitops namespace.

      [student@workstation ~]$ oc create configmap -n openshift-gitops \
        cluster-root-ca-bundle

   2. Add the config.openshift.io/inject-trusted-cabundle label to the configuration map with the true value. OpenShift injects the bundle with the cluster certificate authority into a configuration map with this label. This bundle contains the signing certificate for the classroom GitLab instance.

      [student@workstation ~]$ oc label configmap -n openshift-gitops \
        cluster-root-ca-bundle config.openshift.io/inject-trusted-cabundle=true
      configmap/cluster-root-ca-bundle labeled

   3. Edit the Argo CD default instance to inject the bundle.

      You can use the following command to edit the resource:

      [student@workstation ~]$ oc edit argocd -n openshift-gitops openshift-gitops

      Edit the resource to mount the ca-bundle.crt file from the configuration map in the /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem path of the repository server container.

      ...output omitted...
      spec:
      ...output omitted...
        repo:
          resources:
            limits:
              cpu: "1"
              memory: 1Gi
            requests:
              cpu: 250m
              memory: 256Mi
          volumeMounts:
          - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
            name: cluster-root-ca-bundle
            subPath: ca-bundle.crt
          volumes:
          - configMap:
              name: cluster-root-ca-bundle
            name: cluster-root-ca-bundle
        resourceExclusions: |
      ...output omitted...

   Hide Solution

4. Create a gitops-review public repository for the applications in the classroom GitLab at https://git.ocp4.example.com. Use the developer GitLab user with d3v3lop3r as the password.

   1. Open a web browser and navigate to https://git.ocp4.example.com. Log in as the developer user with d3v3lop3r as the password.

   2. Click New project, and then click Create blank project. Use gitops-review as the project slug (repository name), select the Public visibility level, and use the default values for all other fields. Click Create project.

   Hide Solution

5. Populate the repository with a console link to GitLab.

   The following text is an example definition of the console link:

   apiVersion: console.openshift.io/v1
   kind: ConsoleLink
   metadata:
     name: git
   spec:
     href: 'https://git.ocp4.example.com'
     text: Git
     location: ApplicationMenu

   1. Click Clone, and then copy the https://git.ocp4.example.com/developer/gitops-review.git HTTPS URL.

   2. Change to the ~/DO380/labs/gitops-admin/ directory.

      [student@workstation ~]$ cd ~/DO380/labs/gitops-review

   3. In a terminal, run the following command to clone the new repository.

      [student@workstation gitops-review]$ git clone \
        https://git.ocp4.example.com/developer/gitops-review.git
      Cloning into 'gitops-review'...
      ...output omitted...

   4. Change to the cloned repository directory.

      [student@workstation gitops-review]$ cd gitops-review

      The default configuration for new repositories adds a README.md initial file.

   5. Create the console directory.

      [student@workstation gitops-review]$ mkdir console

   6. Create a git_link.yaml file in the console directory with the following contents:

      apiVersion: console.openshift.io/v1
      kind: ConsoleLink
      metadata:
        name: git
      spec:
        href: 'https://git.ocp4.example.com'
        text: Git
        location: ApplicationMenu

   7. Add the git_link.yaml file to the repository.

      [student@workstation gitops-review]$ git add console/git_link.yaml

   8. Commit the changes.

      [student@workstation gitops-review]$ git commit -m "add git link"
      ...output omitted...

   9. Push the changes.

      [student@workstation gitops-review]$ git push
      ...output omitted...

   Hide Solution

6. Create an application in Argo CD with the repository and observe the results.

   1. Navigate to Argo CD, and then click CREATE APPLICATION.

   2. Create an application with the information in the following table:

      Field	Value
      Application Name	gitops-review
      Project Name	default
      Repository URL	https://git.ocp4.example.com/developer/gitops-review.git
      Path	console
      Cluster URL	https://kubernetes.default.svc

      Then, click CREATE.

   3. Click gitops-review to view the application.

   4. Click SYNC to display the synchronization panel, and then click SYNCHRONIZE.

      Argo CD starts synchronizing the application.

   5. Verify that the Git link appears in the application menu of the OpenShift web console.

   Hide Solution

7. As the developer OpenShift user, create a gitops-review project. Create a configuration map that contains the bundle with the cluster certificate authority by using the same procedure as in a preceding step.

   1. In the terminal, log in as the developer user with developer as the password.

      [student@workstation gitops-review]$ oc login -u developer -p developer
      Login successful.
      ...output omitted...

   2. Create the gitops-review project.

      [student@workstation gitops-review]$ oc new-project gitops-review
      Now using project "gitops-review" on server "https://api.ocp4.example.com:6443".
      ...output omitted...

   3. Create a cluster-root-ca-bundle configuration map.

      [student@workstation gitops-review]$ oc create configmap cluster-root-ca-bundle

   4. Add the config.openshift.io/inject-trusted-cabundle label to the configuration map with the true value.

      [student@workstation gitops-review]$ oc label configmap cluster-root-ca-bundle \
        config.openshift.io/inject-trusted-cabundle=true
      configmap/cluster-root-ca-bundle labeled

   Hide Solution

8. As the admin OpenShift user, create a gitops Argo CD instance in the gitops-review namespace. You can use the web console to create the Argo CD instance. When you create the instance, set the server route as enabled, choose the reencrypt termination for the server route, and add the bundle with the cluster certificate authority. You can use the same procedure to add the bundle from a previous step. You can also use the credentials for the local admin user in the gitops-cluster secret.

   1. In the web console, navigate to Operators → Installed Operators. Select the gitops-review project in the project list. Click ArgoCD in the Provided APIs column, and then click Create ArgoCD.

   2. Use the form view to create an Argo CD instance.

      Use gitops as the resource name. Expand server, and then expand route. Expand enabled and select enabled. Expand tls. In the termination field, enter reencrypt.

      Then, switch to the YAML view and complete the definition with the following excerpt:

      apiVersion: argoproj.io/v1beta1
      kind: ArgoCD
      metadata:
        name: gitops
        namespace: gitops-review
      spec:
        repo:
          volumeMounts:
          - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
            name: cluster-root-ca-bundle
            subPath: ca-bundle.crt
          volumes:
          - configMap:
              name: cluster-root-ca-bundle
            name: cluster-root-ca-bundle
        server:
          route:
            enabled: true
            tls:
              termination: reencrypt

      Click Create.

   3. Navigate to Workloads → Secrets, click gitops-cluster, click Reveal values on the detail page, and copy the password.

   4. Navigate to Networking → Routes, and then click the URL. Argo CD might take a few minutes before handling requests.

   5. Log in as the admin user, with the password from a previous step. Click SIGN IN.

   Hide Solution

9. Create a periodic-process cron job in the Git repository. Put the manifest in a jobs directory, which you create.

   The cron job runs the echo hello command every minute with the registry.ocp4.example.com:8443/ubi9/ubi image.

   You can use the following command to generate a template for the cron job:

   [student@workstation gitops-review]$ oc create cronjob periodic-process \
     -n gitops-review --schedule "* * * * *" \
     --image registry.ocp4.example.com:8443/ubi9/ubi \
     --dry-run=client -o yaml -- echo hello

   1. Create the jobs directory.

      [student@workstation gitops-review]$ mkdir jobs

   2. Create a jobs/periodic-process.yaml file with the following content:

      apiVersion: batch/v1
      kind: CronJob
      metadata:
        name: periodic-process
        namespace: gitops-review
      spec:
        jobTemplate:
          metadata:
            name: periodic-process
          spec:
            template:
              spec:
                containers:
                - command:
                  - echo
                  - hello
                  image: registry.ocp4.example.com:8443/ubi9/ubi
                  name: periodic-process
                restartPolicy: OnFailure
        schedule: '* * * * *'

      You can create the file with the output of the previous command, and removing the parts that are not present in the previous content.

   3. Add the periodic-process.yaml file to the repository.

      [student@workstation gitops-review]$ git add jobs/periodic-process.yaml

   4. Commit the changes.

      [student@workstation gitops-review]$ git commit -m "add job"
      ...output omitted...

   5. Push the changes.

      [student@workstation gitops-review]$ git push
      ...output omitted...

   Hide Solution

10. Create and synchronize an application, and then observe the cron job execution. Use the second Argo CD instance in the gitops-review namespace, with the https://gitops-server-gitops-review.apps.ocp4.example.com URL.

    1. Navigate to Argo CD, and then click CREATE APPLICATION.

    2. Create an application with the information in the following table:

       Field	Value
       Application Name	jobs
       Project Name	default
       Repository URL	https://git.ocp4.example.com/developer/gitops-review.git
       Path	jobs
       Cluster URL	https://kubernetes.default.svc

       Then, click CREATE.

    3. Click jobs to view the application.

    4. Click SYNC to display the synchronization panel, and then click SYNCHRONIZE.

       Argo CD starts synchronizing the application. After synchronization completes, the cron job executes within one minute. You can observe the resulting jobs and pods from the Argo CD console. Click the pod, and then select the LOGS tab to view the output from the cron job execution.

    5. Change to the /home/student directory.

       [student@workstation gitops-admin]$ cd

    Hide Solution