{"id":37903152,"url":"https://github.com/adetalhouet/ocp-gitops","last_synced_at":"2026-01-16T17:06:40.991Z","repository":{"id":42122872,"uuid":"383136346","full_name":"adetalhouet/ocp-gitops","owner":"adetalhouet","description":"This repository is the source of truth of my lab environments.","archived":false,"fork":false,"pushed_at":"2024-04-08T20:22:47.000Z","size":6913,"stargazers_count":30,"open_issues_count":0,"forks_count":3,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-06-11T19:57:09.084Z","etag":null,"topics":["gitops"],"latest_commit_sha":null,"homepage":"","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/adetalhouet.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2021-07-05T12:38:05.000Z","updated_at":"2024-05-29T05:45:48.000Z","dependencies_parsed_at":"2024-03-30T15:28:55.061Z","dependency_job_id":"aba5da3c-b885-40f4-aaa2-741eebee4419","html_url":"https://github.com/adetalhouet/ocp-gitops","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/adetalhouet/ocp-gitops","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adetalhouet%2Focp-gitops","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adetalhouet%2Focp-gitops/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adetalhouet%2Focp-gitops/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adetalhouet%2Focp-gitops/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/adetalhouet","download_url":"https://codeload.github.com/adetalhouet/ocp-gitops/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adetalhouet%2Focp-gitops/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28480081,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-16T11:59:17.896Z","status":"ssl_error","status_checked_at":"2026-01-16T11:55:55.838Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["gitops"],"created_at":"2026-01-16T17:06:37.041Z","updated_at":"2026-01-16T17:06:40.983Z","avatar_url":"https://github.com/adetalhouet.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# GitOps cluster and application configuration\n\nThis repository contains all the cluster and application configuration for my various lab environments.\n\nAll the applications can be customized using overlay, following the kustomize practice.\n\n## Table of Contents\n\n\u003c!-- TOC --\u003e\n- [Create new cluster configuration](#create-new-cluster-configuration)\n- [Required customization](#required-customization)\n- [Deploy the cluster configuration](#deploy-the-cluster-configuration)\n- [Helm packaging for app-of-apps](#helm-packaging-for-app-of-apps)\n- [Helm chart repository](#helm-chart-repository)\n- [Helm chart release process](#helm-chart-release-process)\n\u003c!-- TOC --\u003e\n\n## Create new cluster configuration\n\nIn order to provision a new cluster, few things needs to be adjusted in the various applications. In order to do so, the script `build-cluster.config.sh` can be used.\n\nIt will create new overlay folders based on the `default` one, and adjust the following:\n- the FDQN in the various configuration to reflect that new cluster name and domain name. The FQDN is as follow: `$CLUSTER_NAME.$DOMAIN_NAME`\n- create the necessary boostrap elements so you can kick-start the provisioning\n- regenerate all the SealedSecret\n\nThe script can be used as follow:\n~~~\n./build-cluster-config.sh $CLUSTER_NAME $DOMAIN_NAME\n~~~\n\nOnce the boilerplate is created, I recommand going over the required customization below.\n\n## Required customization\n\n### openshift-gitops\nThe installation assumes OIDC will be use as external SSO provider (in this case, RH-SSO). So the user of this application needs to:\n- create the RH-SSO client-secret\n    Create a file named rhsso-client-secret.yaml with the following\n    ~~~\n    apiVersion: v1\n    data:\n      oidc.keycloak.clientSecret: YOUR_SECRET_HERE\n    kind: Secret\n    metadata:\n      name: argocd-secret-oidc\n      namespace: openshift-gitops\n    type: Opaque\n    ~~~\n- seal the secret\n    ~~~\n    kubeseal --cert ~/.bitnami/tls.crt --format yaml \u003c rhsso-client-secret.yaml \u003e apps/01-openshift-gitops/base/07-sealed-rhsso-client-secret.yaml\n    ~~~\n- create or update the kustommize overlay with the OIDC issuer URL at `/spec/oidcConfig`. \nSee example [here](apps/01-openshift-gitops/overlays/default/kustomization.yaml#L17)\n\n### sealed-secret\nIf you have pre-defined cert and key for sealed-secrets controller, then populate them [here](https://github.com/adetalhouet/ocp-gitops/blob/main/apps/02-sealed-secrets/bootstrap/02-sealed-secrets-secret-EXAMPLE.yaml) and they will get deployed as part of the bootstrap.\nElse, retrieve your sealed-secret cert and key. [Here](https://github.com/redhat-cop/gitops-catalog/tree/main/sealed-secrets-operator/scripts) are tips on how to do so.\n\n### letsencrypt-certs (only for Route53)\nIn order to update the cluster certificate, provide your AWS creds.\n\nCreate a file named aws-credentials.yaml with the following\n~~~\napiVersion: v1\nkind: Secret\nmetadata:\n  name: cloud-dns-credentials\n  namespace: letsencrypt-job\ntype: Opaque \nstringData: \n  AWS_ACCESS_KEY_ID: \"YOUR_ACCESS_ID\"\n  AWS_SECRET_ACCESS_KEY: \"YOUR_ACCESS_KEY_\"\n  AWS_DNS_SLOWRATE: \"1\"\n~~~\nThen seal the secret\n~~~\nkubeseal --cert ~/.bitnami/tls.crt --format yaml \u003c aws-credentials.yaml \u003e apps/03-letsencrypt-certs/05-sealed-aws-credentials.yaml\n~~~\n\nFor additional details regarding this solution, see GitHub: [OpenShift Let's Encrypt Job](https://github.com/pittar/ocp-letsencrypt-job) project reference.\n\n### Red Hat Single Sign-On\nCreate the realms, clients and users according to your desire setup. \nLook [here](https://github.com/adetalhouet/ocp-gitops/blob/main/apps/06-rhsso/overlays/default/config/README.md) for example on how to then seal the information.\n\n### OpenShift OAuth\nCreate the RH SSO client-secret, and seal it\n\n~~~\napiVersion: v1\nkind: Secret\nmetadata:\n  name: keycloack-openshit-client-secret\n  namespace: openshift-config\ntype: Opaque\ndata:\n  clientSecret: YOUR_SECRET_HERE\n~~~\n\n~~~\nkubeseal --cert ~/.bitnami/tls.crt --format yaml \u003c rhsso-client-secret.yaml \u003e apps/07-oauth/02-sealed-rhsso-client-secret.yaml\n~~~\n\n## Deploy the cluster configuration\n\nTo start the initial provisioning, the following script can be used:\nNote: this operation is to be done once only.\n\nThe bootstrap will take care of the following:\n- install `openshift-gitops` operator and adequate RBAC\n- sealed-secret namespace\n- (optional) sealed-secret secret, with your keypair, if configured\n- deply the cluster-config-manager Argo CD application acting as app-of-apps. This is what is pointing to the helm chart\n\n~~~\n./bootstrap/bootstrap.sh $CLUSTER_NAME\n~~~\n\n## Helm packaging for app-of-apps\n\nTo achieve the app-of-apps pattern, few solutions exist:\n- using `ApplicationSet` (but the [lack of SyncWaves support](https://github.com/argoproj-labs/applicationset/issues/221}) makes it difficult to adopt)\n- using an `Application` for each app/overlay. This makes things very verbose due to the repetition of the `Application` + `kustomization.yaml` requirement. See the number of files removed [in this commit](https://github.com/adetalhouet/ocp-gitops/commit/d9ae7ab6fb5ed0dc2e098563ee6a1c5a154ae6d1) when I moved to helm-based app-of-apps.\n- using a Helm Chart with `Application` defined as a template. In my opinion, this makes the deployment elegant and remove all the boilerplate of managing `Application` per app/overlay.\n\nAfter experiencing all the above, I ended up building a Helm Chart to defined the ArgoCD `Application`. It can be found in the [helm](helm) folder.\n\n### How it works\n\nIf you are familiar with Helm, it should be very easy, because my chart is very simple.\n\nI have only one [template](helm/templates) to generate AgoCD `Application` manifests.\n\nThe template goes over the defined application in the [values.yaml](helm/values.yaml) file, and create an `Application` for each.\n\nAll my apps are prefixed with a number, so when helm is rendering the templates, it keeps that ordering, that I can then use as index to defined the application `sync-wave` value.\n\nFinally, some of my application don't have any overlay, so I added the option to specify whether or not to look for overlay.\n\n## Helm chart repository\n\nIn order to use that chart from AgoCD, it must be available through a helm repository. Hence I made this Github repository a helm repository, using Github pages.\nIt is serving the release charts defined in the [index.yaml](index.yaml) file.\n\nIn order to consume the helm chart, simply add the following dependency in yours:\n\n~~~\ndependencies:\n  - name: ocp-gitops\n    version: 1.0.0\n    repository: https://adetalhouet.github.io/ocp-gitops/\n~~~\n\nAnd as you typically do, customize the helm chart with the `values.yaml` file. It will let you pick and choose the applications to deploy.\n\n## Helm chart release process\n\nTo release helm chart, I'm using [chart-releaser](https://github.com/helm/chart-releaser/tree/main).\n\n1. make your Github repo a helm chart repo, [follow this guide](https://medium.com/@mattiaperi/create-a-public-helm-chart-repository-with-github-pages-49b180dbb417)\n2. create the package: create the chart and put it in the [.helm-chart-released](.helm-chart-released) folder\n~~~\ntar -cvzf ocp-gitops-1.0.0.tgz helm`\n~~~\n3. upload the package: this will create a new branch and a new release with the latest chart.\n~~~\ncr upload -r ocp-gitops -o adetalhouet --package-path .helm-chart-released -t $AUTH_TOKEN\n~~~\n4. create/update index: this will regenerate the [index.yaml](index.yaml) file that serves as the chart catalog served by our helm repo.\n~~~\ncr index  -c https://github.com/adetalhouet/ocp-gitops/tree/ocp-gitops-1.0.0/.helm-chart-released -r ocp-gitops -o adetalhouet --package-path .helm-chart-released -i .\n~~~\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadetalhouet%2Focp-gitops","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fadetalhouet%2Focp-gitops","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadetalhouet%2Focp-gitops/lists"}