此内容没有您所选择的语言版本。

Chapter 1. Running GitOps control plane workloads on infrastructure nodes

You can use infrastructure nodes to isolate infrastructure workloads for two primary purposes:

To prevent billing costs associated with the number of subscriptions
To separate maintenance and management

You can use the OpenShift Container Platform to run GitOps control plane workloads on infrastructure nodes. This includes the Operator pod and the control plane workloads created by the Red Hat OpenShift GitOps Operator in the openshift-gitops namespace by default, including the default Argo CD instance in this namespace.

With GitOps control plane workloads, you can securely and declaratively isolate the infrastructure workloads by creating multiple isolated Argo CD instances in a cluster, with full control over what an Argo CD instance is capable of. In addition, you can manage these Argo CD instances declaratively across multiple developer namespaces. By using taints, you can ensure that only infrastructure components run on these nodes.

Note

All other Argo CD instances installed in user namespaces are not eligible to run on infrastructure nodes.

1.1. Moving GitOps control plane workloads to infrastructure nodes
复制链接

You can move the GitOps control plane workloads installed by the Red Hat OpenShift GitOps to the infrastructure nodes. The following are the control plane workloads that you can move:

cluster deployment (backend service)
openshift-gitops-applicationset-controller deployment
openshift-gitops-dex-server deployment
openshift-gitops-redis deployment
openshift-gitops-redis-ha-haproxy deployment
openshift-gitops-repo-sever deployment
openshift-gitops-server deployment
openshift-gitops-application-controller statefulset
openshift-gitops-redis-server statefulset

Procedure

Label existing nodes as infrastructure by running the following command:
```
oc label node <node-name> node-role.kubernetes.io/infra=
```
```
$ oc label node <node-name> node-role.kubernetes.io/infra=
```
Copy to Clipboard Toggle word wrap
Edit the GitOpsService custom resource (CR) to add the infrastructure node selector:
```
oc edit gitopsservice -n openshift-gitops
```
```
$ oc edit gitopsservice -n openshift-gitops
```
Copy to Clipboard Toggle word wrap

In the GitOpsService CR file, add runOnInfra field to the spec section and set it to true. This field moves the control plane workloads in openshift-gitops namespace to the infrastructure nodes:

apiVersion: pipelines.openshift.io/v1alpha1
kind: GitopsService
metadata:
  name: cluster
spec:
  runOnInfra: true

apiVersion: pipelines.openshift.io/v1alpha1
kind: GitopsService
metadata:
  name: cluster
spec:
  runOnInfra: true

Copy to Clipboard

Toggle word wrap

Optional: Apply taints and isolate the workloads on infrastructure nodes and prevent other workloads from scheduling on these nodes.
```
oc adm taint nodes -l node-role.kubernetes.io/infra
```
```
$ oc adm taint nodes -l node-role.kubernetes.io/infra
infra=reserved:NoSchedule infra=reserved:NoExecute
```
Copy to Clipboard Toggle word wrap

Optional: If you apply taints to the nodes, you can add tolerations in the GitOpsService CR:

spec:
  runOnInfra: true
  tolerations:
  - effect: NoSchedule
    key: infra
    value: reserved
  - effect: NoExecute
    key: infra
    value: reserved

spec:
  runOnInfra: true
  tolerations:
  - effect: NoSchedule
    key: infra
    value: reserved
  - effect: NoExecute
    key: infra
    value: reserved

Copy to Clipboard

Toggle word wrap

To verify that the workloads are scheduled on infrastructure nodes in the Red Hat OpenShift GitOps namespace, click any of the pod names and ensure that the Node selector and Tolerations have been added.

Note

Any manually added Node selectors and Tolerations in the default Argo CD CR will be overwritten by the toggle and the tolerations in the GitOpsService CR.

1.2. Moving the GitOps Operator pod to infrastructure nodes
复制链接

You can move the GitOps Operator pod to the infrastructure nodes.

Prerequisites

You have installed the Red Hat OpenShift GitOps Operator on your OpenShift Container Platform cluster.
You have access to the cluster with cluster-admin privileges.

Procedure

Label an existing node as infrastructure node by running the following command:
```
oc label node <node_name> node-role.kubernetes.io/infra=
```
```
$ oc label node <node_name> node-role.kubernetes.io/infra= 
```
1
Copy to Clipboard Toggle word wrap
1
Replace <node_name> with the name of the node you want to label as infrastructure node.
Example output
```
node/<node_name> labeled
```
```
node/<node_name> labeled
```
Copy to Clipboard Toggle word wrap

Edit the Red Hat OpenShift GitOps Subscription resource by running the following command:

oc -n openshift-gitops-operator edit subscription openshift-gitops-operator

$ oc -n openshift-gitops-operator edit subscription openshift-gitops-operator

Copy to Clipboard

Toggle word wrap

Add nodeSelector and tolerations to the spec.config field in the Subscription resource:

Example Subscription

apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: openshift-gitops-operator
  namespace: openshift-gitops-operator
spec:
  config:
    nodeSelector: 
      node-role.kubernetes.io/infra: ""
    tolerations: 
    - key: node-role.kubernetes.io/infra
      operator: Exists
      effect: NoSchedule

apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: openshift-gitops-operator
  namespace: openshift-gitops-operator
spec:
  config:
    nodeSelector:


      node-role.kubernetes.io/infra: ""
    tolerations:


    - key: node-role.kubernetes.io/infra
      operator: Exists
      effect: NoSchedule

Copy to Clipboard

Toggle word wrap

1: This ensures that the operator pod is only scheduled on an infrastructure node.
2: This ensures that the pod is accepted by the infrastructure node.

Example output

subscription.operators.coreos.com/openshift-gitops-operator edited

subscription.operators.coreos.com/openshift-gitops-operator edited

Copy to Clipboard

Toggle word wrap

Verify that the GitOps Operator pod is running on the infrastructure node by running the following command:

oc -n openshift-gitops-operator get po -owide

$ oc -n openshift-gitops-operator get po -owide

Copy to Clipboard

Toggle word wrap

Example output

NAME                                                            READY   STATUS    RESTARTS   AGE   IP              NODE            NOMINATED NODE   READINESS GATES
openshift-gitops-operator-controller-manager-abcd               2/2     Running   0          11m   94.142.44.126   <node_name>     <none>           <none>

NAME                                                            READY   STATUS    RESTARTS   AGE   IP              NODE            NOMINATED NODE   READINESS GATES
openshift-gitops-operator-controller-manager-abcd               2/2     Running   0          11m   94.142.44.126   <node_name>     <none>           <none>

Copy to Clipboard

Toggle word wrap

1: Ensure that the listed <node_name> is the node with the node-role.kubernetes.io/infra label.

此内容没有您所选择的语言版本。

Chapter 1. Running GitOps control plane workloads on infrastructure nodes

1.1. Moving GitOps control plane workloads to infrastructure nodes
复制链接

1.2. Moving the GitOps Operator pod to infrastructure nodes
复制链接

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links

此内容没有您所选择的语言版本。

Chapter 1. Running GitOps control plane workloads on infrastructure nodes

1.1. Moving GitOps control plane workloads to infrastructure nodes复制链接链接已复制到粘贴板!

1.2. Moving the GitOps Operator pod to infrastructure nodes复制链接链接已复制到粘贴板!

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links

1.1. Moving GitOps control plane workloads to infrastructure nodes
复制链接

1.2. Moving the GitOps Operator pod to infrastructure nodes
复制链接