{"id":13626245,"url":"https://github.com/cloud-native-toolkit/multi-tenancy-gitops","last_synced_at":"2026-01-31T10:38:19.060Z","repository":{"id":37583647,"uuid":"350784496","full_name":"cloud-native-toolkit/multi-tenancy-gitops","owner":"cloud-native-toolkit","description":"Provides our opinionated point of view on how GitOps can be used to manage the infrastructure, services and application layers of K8s based systems","archived":false,"fork":false,"pushed_at":"2025-05-09T18:47:42.000Z","size":5752,"stargazers_count":117,"open_issues_count":9,"forks_count":723,"subscribers_count":15,"default_branch":"master","last_synced_at":"2025-06-22T03:02:56.993Z","etag":null,"topics":["argocd","cloudpaks","gitops","gitops-toolkit","kubernetes","openshift"],"latest_commit_sha":null,"homepage":"https://cloudnativetoolkit.dev/adopting/use-cases/gitops/gitops-ibm-cloud-paks/","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cloud-native-toolkit.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-03-23T16:37:15.000Z","updated_at":"2025-05-09T18:47:49.000Z","dependencies_parsed_at":"2024-01-14T04:44:41.391Z","dependency_job_id":"398f5b1f-f8dc-4e01-824c-0d4475c50690","html_url":"https://github.com/cloud-native-toolkit/multi-tenancy-gitops","commit_stats":null,"previous_names":[],"tags_count":0,"template":true,"template_full_name":null,"purl":"pkg:github/cloud-native-toolkit/multi-tenancy-gitops","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloud-native-toolkit%2Fmulti-tenancy-gitops","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloud-native-toolkit%2Fmulti-tenancy-gitops/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloud-native-toolkit%2Fmulti-tenancy-gitops/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloud-native-toolkit%2Fmulti-tenancy-gitops/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cloud-native-toolkit","download_url":"https://codeload.github.com/cloud-native-toolkit/multi-tenancy-gitops/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloud-native-toolkit%2Fmulti-tenancy-gitops/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28938841,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-31T10:18:23.202Z","status":"ssl_error","status_checked_at":"2026-01-31T10:18:22.693Z","response_time":128,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["argocd","cloudpaks","gitops","gitops-toolkit","kubernetes","openshift"],"created_at":"2024-08-01T21:02:13.879Z","updated_at":"2026-01-31T10:38:19.037Z","avatar_url":"https://github.com/cloud-native-toolkit.png","language":"Shell","funding_links":[],"categories":["kubernetes","Shell"],"sub_categories":[],"readme":"# Cloud Native Toolkit - GitOps Production Deployment Guide\n\nThe GitOps concept originated from [Weaveworks](https://www.weave.works/) back in 2017 and the goal was to automate the operations of a Kubernetes (K8s) system using a model external to the system as the source of truth ([History of GitOps](https://www.weave.works/blog/the-history-of-gitops)).\n\nThis repository provides our opinionated point of view on how `GitOps` can be used to manage the infrastructure, services and application layers of K8s based systems.  It takes into account the various personas interacting with the system and accounts for separation of duties.  The instructions and examples are focused around the [Red Hat OpenShift](https://cloud.redhat.com/learn/what-is-openshift) platform and [IBM Cloud Paks](https://www.ibm.com/cloud/paks).\n\nThe reference architecture for this GitOps workflow can be found [here](https://cloudnativetoolkit.dev/adopting/use-cases/gitops/gitops-ibm-cloud-paks/).\n\n\n## Table of contents\n- [Cloud Native Toolkit - GitOps Production Deployment Guide](#cloud-native-toolkit---gitops-production-deployment-guide)\n  - [Table of contents](#table-of-contents)\n  - [Pre-requisites](#pre-requisites)\n    - [Red Hat OpenShift cluster](#red-hat-openshift-cluster)\n    - [CLI tools](#cli-tools)\n    - [IBM Entitlement Key](#ibm-entitlement-key)\n  - [Setup git repositories](#setup-git-repositories)\n    - [Tasks:](#tasks)\n  - [Install and configure OpenShift GitOps](#install-and-configure-openshift-gitops)\n    - [Tasks:](#tasks-1)\n  - [Bootstrap the OpenShift cluster](#bootstrap-the-openshift-cluster)\n    - [Tasks:](#tasks-2)\n  - [Select resources to deploy](#select-resources-to-deploy)\n    - [Tasks:](#tasks-3)\n\n\n## Pre-requisites\n\n### Red Hat OpenShift cluster\n- An OpenShift v4.7+ cluster is required.\n\n### CLI tools\n- Install the [git CLI](https://github.com/git-guides/install-git).\n    - Configure your username for your Git commits - [link](https://docs.github.com/en/get-started/getting-started-with-git/setting-your-username-in-git).\n    - Configure your email for your Git commits - [link](https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-user-account/managing-email-preferences/setting-your-commit-email-address).\n- Install the OpenShift CLI oc (version 4.7+) .  The binary can be downloaded from the Help menu from the OpenShift Console.\n    \u003cdetails\u003e\n    \u003csummary\u003eDownload oc cli\u003c/summary\u003e\n\n    ![oc cli](doc/images/oc-cli.png)\n    \u003c/details\u003e\n- Log in from a terminal window.\n    ```bash\n    oc login --token=\u003ctoken\u003e --server=\u003cserver\u003e\n    ```\n\n### IBM Entitlement Key\n- The `IBM Entitlement Key` is required to pull IBM Cloud Pak specific container images from the IBM Entitled Registry.  To get an entitlement key,\n\n    1. Log in to [MyIBM Container Software Library](https://myibm.ibm.com/products-services/containerlibrary) with an IBMid and password associated with the entitled software.\n    2. Select the **View library** option to verify your entitlement(s).\n    3. Select the **Get entitlement key** to retrieve the key.\n\n- A **Secret** containing the entitlement key is created in the `tools` namespace.\n\n    ```bash\n    oc new-project tools || true\n    oc create secret docker-registry ibm-entitlement-key -n tools \\\n    --docker-username=cp \\\n    --docker-password=\"\u003centitlement_key\u003e\" \\\n    --docker-server=cp.icr.io\n    ```\n\n## Setup git repositories\n- The following set of Git repositories will be used for our GitOps workflow.\n    - Main GitOps repository ([https://github.com/cloud-native-toolkit/multi-tenancy-gitops](https://github.com/cloud-native-toolkit/multi-tenancy-gitops)): This repository contains all the ArgoCD Applications for  the `infrastructure`, `services` and `application` layers.  Each ArgoCD Application will reference a specific K8s resource (yaml resides in a separate git repository), contain the configuration of the K8s resource, and determine where it will be deployed into the cluster.\n    - Infrastructure GitOps repository ([https://github.com/cloud-native-toolkit/multi-tenancy-gitops-infra](https://github.com/cloud-native-toolkit/multi-tenancy-gitops-infra)): Contains the YAMLs for cluster-wide and/or infrastructure related K8s resources managed by a cluster administrator.  This would include `namespaces`, `clusterroles`, `clusterrolebindings`, `machinesets` to name a few.\n    - Services GitOps repository ([https://github.com/cloud-native-toolkit/multi-tenancy-gitops-services](https://github.com/cloud-native-toolkit/multi-tenancy-gitops-services)): Contains the YAMLs for K8s resources which will be used by the `application` layer.  This could include `subscriptions` for Operators, YAMLs of custom resources provided, or Helm Charts for tools provided by a third party.  These resource would usually be managed by the Administrator(s) and/or a DevOps team supporting application developers.\n\n### Tasks:\n1. Create a new GitHub Organization using instructions from this [GitHub documentation](https://docs.github.com/en/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch).\n2. From each template repository, click the `Use this template` button and create a copy of the repository in your new GitHub Organization.\n    ![Create repository from a template](doc/images/git-repo-template-button.png)\n3. Clone the repositories locally.\n    ```bash\n    mkdir -p gitops-repos\n    cd gitops-repos\n    # Clone using SSH\n    git clone git@github.com:\u003cGIT_ORG\u003e/multi-tenancy-gitops.git\n    git clone git@github.com:\u003cGIT_ORG\u003e/multi-tenancy-gitops-infra.git\n    git clone git@github.com:\u003cGIT_ORG\u003e/multi-tenancy-gitops-services.git\n    ```\n3. Update the default Git URl and branch references in your `multi-tenancy-gitops` repository by running the provided script `./scripts/set-git-source.sh` script.\n    ```bash\n    cd multi-tenancy-gitops\n    GIT_ORG=\u003cGIT_ORG\u003e GIT_BRANCH=master ./scripts/set-git-source.sh\n    git commit -m \"Update Git URl and branch references\"\n    git push origin master\n    ```\n\n\n## Install and configure OpenShift GitOps\n- [Red Hat OpenShift GitOps](https://docs.openshift.com/container-platform/4.7/cicd/gitops/understanding-openshift-gitops.html) uses [Argo CD](https://argoproj.github.io/argo-cd/), an open-source declarative tool, to maintain and reconcile cluster resources.\n\n### Tasks:\n1. Install the OpenShift GitOps Operator, create a `ClusterRole` and deploy a default instance of ArgoCD.\n    ```bash\n    oc apply -f setup/ocp47/\n    while ! oc wait crd applications.argoproj.io --timeout=-1s --for=condition=Established  2\u003e/dev/null; do sleep 30; done\n    while ! oc wait pod --timeout=-1s --for=condition=Ready -l '!job-name' -n openshift-gitops \u003e /dev/null; do sleep 30; done\n    ```\n1. Delete the default ArgoCD instance\n    ```bash\n    oc delete gitopsservice cluster -n openshift-gitops || true\n    oc delete argocd openshift-gitops -n openshift-gitops || true\n    ```\n1. Create a custom ArgoCD instance with custom checks\n    ```bash\n    oc apply -f setup/ocp47/argocd-instance/ -n openshift-gitops\n    while ! oc wait pod --timeout=-1s --for=condition=ContainersReady -l app.kubernetes.io/name=openshift-gitops-cntk-server -n openshift-gitops \u003e /dev/null; do sleep 30; done\n    ```\n\n\n## Bootstrap the OpenShift cluster\n- The bootstrap YAML follows the [app of apps pattern](https://argoproj.github.io/argo-cd/operator-manual/cluster-bootstrapping/#app-of-apps-pattern).\n\n### Tasks:\n1. Select a profile and delete the others from the `0-bootstrap` directory.  If this is your first usage of the gitops workflow, use the `single-cluster` profile and deploy the ArgoCD Bootstrap Application.\n    ```bash\n    GITOPS_PROFILE=\"0-bootstrap/single-cluster\"\n    oc apply -f ${GITOPS_PROFILE}/bootstrap.yaml\n    ```\n2. Retrieve the ArgoCD/GitOps URL and admin password:\n    ```bash\n    oc get route -n openshift-gitops openshift-gitops-cntk-server -o template --template='https://{{.spec.host}}'\n    oc extract secrets/openshift-gitops-cntk-cluster --keys=admin.password -n openshift-gitops --to=-\n    ```\n\n\n## Select resources to deploy\n- Clone the `multi-tenancy-gitops` repository in your Git Organization if you have not already done so and select the K8s resources to deploy in the [infrastructure](0-bootstrap/single-cluster/1-infra/kustomization.yaml) and [services](0-bootstrap/single-cluster/2-services/kustomization.yaml) layers.\n- Existing recipes are available and additional ones will be made available in the **doc** directory.\n    - [Cloud Native Toolkit](doc/cloud-native-toolkit-recipe.md)\n    - [App Connect Enterprise recipe](doc/ace-recipe.md)\n    - [MQ recipe](doc/mq-recipe.md)\n    - [API Connect recipe](doc/apic-recipe.md)\n    - [Process Mining recipe](doc/process-mining-recipe.md)\n    - [Cloud Pak for Business Automation + Business Automation Workflow](doc/cp4ba-baw-recipe.md)\n    - [Cloud Pak for Data](doc/cp4d-platform-recipe.md)\n    - [Cloud Pak for Data + Watson Studio](doc/cp4d-ws-recipe.md)\n    - [Cloud Pak for Data + Watson Knowledge Catalog](doc/cp4d-wkc-recipe.md)\n    - [Cloud Pak for Data + DataStage](doc/cp4d-ds-recipe.md)\n    - [Cloud Pak for Data + Analytics Engine Powered by Apache Spark](doc/cp4d-aespark-recipe.md)\n    - [Cloud Pak for Data + Watson OpenScale](doc/cp4d-wos-recipe.md)\n    - [Cloud Pak for Data + Data Virtualization](doc/cp4d-dv-recipe.md)\n    - [Cloud Pak for Data + Watson Machine Learning](doc/cp4d-wml-recipe.md)\n    - [Cloud Pak for Security](doc/cp4s-recipe.md)\n    - [Instana Agent](doc/instana-recipe.md)\n    - [Spectrum Protect Plus](doc/spp-recipe.md)\n    - [Sterling File Gateway](doc/sfg-recipe.md)\n\n### Tasks:\n1. Select a profile and delete the others from the `0-bootstrap` directory.  If this is your first usage of the gitops workflow, Use the `single-cluster` profile.\n    ```bash\n    GITOPS_PROFILE=\"0-bootstrap/single-cluster\"\n    ```\n2. Review the `Infrastructure` layer [kustomization.yaml](0-bootstrap/single-cluster/1-infra/kustomization.yaml) and un-comment the resources to deploy.\n3. Review the `Services` layer [kustomization.yaml](0-bootstrap/single-cluster/2-services/kustomization.yaml) and un-comment the resources to deploy.\n4. Commit and push changes to your git repository\n    ```bash\n    git add .\n    git commit -m \"initial bootstrap setup\"\n    git push origin\n    ```\n5. Validate the recipe was deployed correctly following the `Validation` section in the recipe.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloud-native-toolkit%2Fmulti-tenancy-gitops","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcloud-native-toolkit%2Fmulti-tenancy-gitops","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloud-native-toolkit%2Fmulti-tenancy-gitops/lists"}