Red Hat Summit 红帽全球峰会支持控制台(Console)开发人员开始试用联系人

此内容没有您所选择的语言版本。

Chapter 6. Enabling support for a namespace-scoped Argo Rollouts installation

Red Hat OpenShift GitOps enables support for two modes of Argo Rollouts installations:

  • Cluster-scoped installation (default): The Argo Rollouts custom resources (CRs) defined in any namespace are reconciled by the Argo Rollouts instance. As a result, you can use Argo Rollouts CR across any namespace on the cluster.

  • Namespace-scoped installation: The Argo Rollouts instance is installed in a specific namespace and only handles an Argo Rollouts CR within the same namespace. This installation mode includes the following benefits:

    • This mode does not require cluster-wide ClusterRole or ClusterRoleBinding permissions. You can install and use Argo Rollouts within a single namespace without requiring cluster permissions.
    • This mode provides security benefits by limiting the cluster scope of a single Argo Rollouts instance to a specific namespace.
Note

To prevent unintended privilege escalation, Red Hat OpenShift GitOps allows only one mode of Argo Rollout installation at a time.

To switch between cluster-scoped and namespace-scoped Argo Rollouts installations, complete the following steps.

To configure a namespace-scoped instance of Argo Rollouts installation, complete the following steps.

Prerequisites

  • You are logged in to the Red Hat OpenShift GitOps cluster as an administrator.
  • You have installed Red Hat OpenShift GitOps on your Red Hat OpenShift GitOps cluster.

Procedure

  1. In the Administrator perspective of the web console, go to Administration CustomResourceDefinitions.
  2. Search for Subscription and click the Subscription CRD.
  3. Click the Instances tab and then click the openshift-gitops-operator subscription.

  4. Click the YAML tab and edit the YAML file.

    1. Specify the NAMESPACE_SCOPED_ARGO_ROLLOUTS environment variable, with the value set to true in the .spec.config.env property.

      Example of configuring the namespace-scoped Argo Rollouts installation

      apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: openshift-gitops-operator
spec:
  # (...)
  config:
    env:
      - name: NAMESPACE_SCOPED_ARGO_ROLLOUTS
        value: 'true'
      1
      Copy to Clipboard Toggle word wrap

      1
      The value set to 'true' enables namespace-scoped installation. If the value is set to 'false' or not specified the installation defaults to cluster-scoped mode.

    2. Click Save.

      The Red Hat OpenShift GitOps Operator facilitates the reconciliation of the Argo Rollouts custom resource within a namespace-scoped installation.

  5. Verify that the Red Hat OpenShift GitOps Operator has enabled the namespace-scoped Argo Rollouts installation by viewing the logs of the GitOps container:

    1. In the Administrator perspective of the web console, go to Workloads Pods.
    2. Click the openshift-gitops-operator-controller-manager pod, and then click the Logs tab.
    3. Look for the following log statement: Running in namespaced-scoped mode. This statement indicates that the Red Hat OpenShift GitOps Operator has enabled the namespace-scoped Argo Rollouts installation.

  6. Create a RolloutManager resource to complete the namespace-scoped Argo Rollouts installation:

    1. Go to Operators Installed Operators Red Hat OpenShift GitOps, and click the RolloutManager tab.
    2. Click Create RolloutManager.

    3. Select YAML view and enter the following snippet:

      Example RolloutManager CR for a namespace-scoped Argo Rollouts installation

      apiVersion: argoproj.io/v1alpha1
kind: RolloutManager
metadata:
  name: rollout-manager
  namespace: my-application
      1 
      
spec:
  namespaceScoped: true
      Copy to Clipboard Toggle word wrap

      1
      Specify the name of the project where you want to install the namespace-scoped Argo Rollouts instance.

    4. Click Create.

      After the RolloutManager CR is created, Red Hat OpenShift GitOps begins to install the namespace-scoped Argo Rollouts instance into the selected namespace.

  7. Verify that the namespace-scoped installation is successful.

    1. In the RolloutManager tab, under the RolloutManagers section, ensure that the Status field of the RolloutManager instance is Phase: Available.

    2. Examine the following output in the YAML tab under the RolloutManagers section to ensure that the installation is successful:

      Example of namespace-scoped Argo Rollouts installation YAML file

      spec:
  namespaceScoped: true
status:
  conditions:
    lastTransitionTime: '2024-07-10T14:20:5z`
    message: ''
    reason: Success
    status: 'True'
      1 
      
    type: 'Reconciled'
  phase: Available
  rolloutController: Available
      Copy to Clipboard Toggle word wrap

      1
      This status indicates that the namespace-scoped Argo Rollouts installation is enabled successfully.

      If you try to install a namespace-specific Argo Rollouts instance while a cluster-scoped installation already exists on the cluster, an error message is displayed:

      Example of an incorrect installation with an error message

      spec:
  namespaceScoped: true
status:
  conditions:
   lastTransitionTime: '2024-07-10T14:10:7z`
   message: 'when Subscription has environment variable NAMESPACE_SCOPED_ARGO_ROLLOUTS set to False, there may not exist any namespace-scoped RolloutManagers: only a single cluster-scoped RolloutManager is supported'
   reason: InvalidRolloutManagerScope
   status: 'False'
      1 
      
   type: 'Reconciled'
  phase: Failure
  rolloutController: Failure
      Copy to Clipboard Toggle word wrap

      1
      This status indicates that the namespace-scoped Argo Rollouts installation is not enabled successfully. The installation defaults to cluster-scoped mode.
返回顶部
Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。 了解我们当前的更新.

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

Theme

© 2025 Red Hat