Red Hat SummitChapter 1. Running GitOps control plane workloads on infrastructure nodes
You can use infrastructure nodes to prevent additional billing cost against subscription counts.
You can use the OpenShift Container Platform to run certain workloads on infrastructure nodes installed by the Red Hat OpenShift GitOps Operator. This comprises the workloads that are installed by the Red Hat OpenShift GitOps Operator by default in the openshift-gitops namespace, including the default Argo CD instance in that namespace.
Any other Argo CD instances installed to user namespaces are not eligible to run on infrastructure nodes.
1.1. Moving GitOps workloads to infrastructure nodes
You can move the default workloads installed by the Red Hat OpenShift GitOps to the infrastructure nodes. The workloads that can be moved are:
-
kam deployment -
cluster deployment(backend service) -
openshift-gitops-applicationset-controller deployment -
openshift-gitops-dex-server deployment -
openshift-gitops-redis deployment -
openshift-gitops-redis-ha-haproxy deployment -
openshift-gitops-repo-sever deployment -
openshift-gitops-server deployment -
openshift-gitops-application-controller statefulset -
openshift-gitops-redis-server statefulset
Procedure
Label existing nodes as infrastructure by running the following command:
$ oc label node <node-name> node-role.kubernetes.io/infra=Edit the
GitOpsServicecustom resource (CR) to add the infrastructure node selector:$ oc edit gitopsservice -n openshift-gitopsIn the
GitOpsServiceCR file, addrunOnInfrafield to thespecsection and set it totrue. This field moves the workloads inopenshift-gitopsnamespace to the infrastructure nodes:apiVersion: pipelines.openshift.io/v1alpha1 kind: GitopsService metadata: name: cluster spec: runOnInfra: trueOptional: Apply taints and isolate the workloads on infrastructure nodes and prevent other workloads from scheduling on these nodes.
$ oc adm taint nodes -l node-role.kubernetes.io/infra infra=reserved:NoSchedule infra=reserved:NoExecuteOptional: If you apply taints to the nodes, you can add tolerations in the
GitOpsServiceCR:spec: runOnInfra: true tolerations: - effect: NoSchedule key: infra value: reserved - effect: NoExecute key: infra value: reserved
To verify that the workloads are scheduled on infrastructure nodes in the Red Hat OpenShift GitOps namespace, click any of the pod names and ensure that the Node selector and Tolerations have been added.
Any manually added Node selectors and Tolerations in the default Argo CD CR will be overwritten by the toggle and the tolerations in the GitOpsService CR.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}