In this blog post we are going to introduce how we can get from code to production deployments with GitOps and how you can implement these patterns on OpenShift.
In the introductory blog post to GitOps we described some of the use cases that we can solve with GitOps on OpenShift. In today's blog post we are going to describe how we can leverage GitOps patterns to manage our applications life cycle on OpenShift.
We are going to explore the following use cases:
- Build and application from source using Tekton Pipelines and Git webhooks
- Deploy our application to different environments using Argo CD
NOTE: For this blog we are working with GitHub, but the same steps can be done with other Git servers, in case you decide to use a different provider, make sure you change the GitHub references on the demo files.
Environment
- One OpenShift 4.3 cluster
- ArgoCD used as the GitOps tool
- Tekton Pipelines used as the CI/CD tool
- Demo files:
Adapting demo files to your inventory
- Change user and password for Quay.io on quay-credentials.yaml
- Change references to your image/repository on
build-pipeline.yaml
: 1, 2, 3 and 4 - Change deployment image on these files: 1 and 2
Scenario
Our team is responsible of the development and deployment of a simple application that reverses words, we want that whenever a new commit hits the master branch a new Pipeline is executed, this Pipeline will take care of:
- Download the new code
- Run a code linter
- Run the tests
- Build the app on a container image
- Push the container image to our container image repository
Our application is deployed on two environments, stage
and production
, in order to deploy the application we are following a GitOps model, in this case we have one repository with three branches:
config
Branch - Has the required files for deploying our application and that are common to all environmentsstage
Branch - Has the required overlay files for deploying our application into the stage environmentprod
Branch - Has the required overlay files for deploying our application into the production environment
Whenever a new commit hits stage
or prod
branches, a webhook is sent to Argo CD and the application is synchronized by Argo CD.
GitOps Workflow
- Developers push new changes to the application repository
- The changes are tested and a new image is built automatically by a Tekton Pipeline
- Developers request the deployment of the new image by sending a PR to the
stage
branch oncode-to-prod-blog
repository - The PR is reviewed and merged
- The new image version is deployed automatically by Argo CD on
stage
- After testing the application on the
stage
environment a PR is sent to theprod
branch to deploy the application onproduction
environment - The PR is reviewed and merged
- The new image version is deployed automatically by Argo CD on
production
Pre-requisites
For this blog, we've used the following versions:
- OpenShift 4.2
- OpenShift Pipelines Operator v0.9.1
- Argo CD v1.3.6
- Quay.io Account
The deployment of this products/projects is outside of the scope of this blog post.
Forking the demo repositories
- Go to https://github.com/mvazquezc/code-to-prod-blog and make a fork of the repository.
- Go to https://github.com/mvazquezc/reverse-words and make a fork of the repository.
You will be using your forks for the demo.
Configuring Tekton Build Pipeline
As we said earlier in the post, we have a Pipeline that will take care of build new container image versions of our application whenever a code change is detected.
We will create the required Tekton objects:
NOTE: You need to provide your own credentials in
quay-credentials.yaml
file. And modify thePipelineResources
inbuild-pipeline.yaml
.
# Clone your repository fork
git clone <git_url_to_your_fork>
# Access your fork
cd code-to-prod-blog
# Checkout CI branch (contains tekton files)
git checkout ci
# Create a namespace for storing our configurations
oc create namespace tekton-reversewords
# We need the credentials for our container image registry (remember to add the your credentials to this file)
oc -n tekton-reversewords apply -f quay-credentials.yaml
# We need a ServiceAccount with access to the credentials created before
oc -n tekton-reversewords apply -f pipeline-sa.yaml
# Linter task - It will run a linter against our code
oc -n tekton-reversewords apply -f lint-task.yaml
# Test task - It will run the tests defined in our repository
oc -n tekton-reversewords apply -f test-task.yaml
# Build task - It will create and push the new container image to the container registry
oc -n tekton-reversewords apply -f build-task.yaml
# Pipeline - It defines the Build Pipeline that will execute previous defined tasks in an specific order with specific parameters (remember to point to your own repos)
oc -n tekton-reversewords apply -f build-pipeline.yaml
# Webhook - Will receive webhooks from GitHub and run the pipeline with the parameters received on the webhook
oc -n tekton-reversewords apply -f webhook.yaml
Configuring Argo CD Applications
Argo CD will take care of deploying new changes onto our cluster, we have three branches within the code-to-prod-blog
repository with the required files for Argo CD to deploy our application on each environment:
- Branch
config
- Base config files - Branch
stage
- Stage environment override files - Branch
prod
- Production environment override files
Below the required steps to configure Argo CD applications:
NOTE: We will be using the
argocd
cli, these steps can be done from the WebUI as well. The examples below use my repository, you're supossed to create your own using the demo files described on the environment section.
-
Define git repository
argocd repo add https://github.com/mvazquezc/code-to-prod-blog.git
-
Define stage application
argocd app create --project default --name reverse-words-stage \
--repo https://github.com/mvazquezc/code-to-prod-blog.git \
--path . \
--dest-server https://kubernetes.default.svc \
--dest-namespace reverse-words-stage --revision stage \
--sync-policy automated -
Define production application
argocd app create --project default --name reverse-words-production \
--repo https://github.com/mvazquezc/code-to-prod-blog.git \
--path . \
--dest-server https://kubernetes.default.svc \
--dest-namespace reverse-words-production --revision prod \
--sync-policy automated
Now we have ArgoCD configured and ready to deploy our apps, now it's time to configure the required webhooks.
Configuring Git WebHooks
We want to build our application when new commits hit the master branch on our code repository and deploy it when new commits hit the config/stage/prod branch on our config repositories.
Configuring webhook for Build trigger
-
We need to get the url where we will send the webhook
# Get the route
oc -n tekton-reversewords get route el-webhook -o jsonpath='{.spec.host}' -
Go to the Git repository for the
reverse-words
application and configure the webhook
Configuring webhook for Stage deployment
- The url for the webhook in this case will be the argocd server route/external url + "/api/webhook", e,g; https://argocd.example.com/api/webhook
- Go to the stage deployment repository and configure the webhook
Configuring webhook for Production deployment
- The url for the webhook in this case will be the argocd server route/external url + "/api/webhook", e,g; https://argocd.example.com/api/webhook
- Go to the production deployment repository and configure the webhook
You can also use the below script to define the webhooks
export GIT_WEBHOOK_URL=$(oc get route el-cicd -o jsonpath='{.spec.host}' -n $NAMESPACE)
echo "https://$GIT_WEBHOOK_URL"
export ARGOCD_WEBHOOK=$(oc get route argocd-server -n argocd -o jsonpath='{.spec.host}')/api/webhook
#Set the GIT_REPO_NAME to name of the Code Git repo like reverse-words
export GIT_REPO_NAME='code-repo'
export GIT_USERNAME='ch-stark'
export GIT_TOKEN= YOURTOKEN
#Run curl to create the webhook for the build trigger
curl -v -X POST -u $GIT_USERNAME:$GIT_TOKEN \
-d "{\"name\": \"web\",\"active\": true,\"events\": [\"push\"],\"config\": {\"url\": \"https://$GIT_WEBHOOK_URL\",\"content_type\": \"json\",\"insecure_ssl\": \"0\"}}" \
-L https://api.github.com/repos/$GIT_USERNAME/$GIT_REPO_NAME/hooks
export GIT_REPO_NAME='prod-repo/stage-repo'
curl -v -X POST -u $GIT_USERNAME:$GIT_TOKEN \
-d "{\"name\": \"web\",\"active\": true,\"events\": [\"push\"],\"config\": {\"url\": \"https://$ARGOCD_WEBHOOK\",\"content_type\": \"json\",\"insecure_ssl\": \"0\"}}" \
-L https://api.github.com/repos/$GIT_USERNAME/$GIT_REPO_NAME/hooks
Testing our Workflow
Now we have our two Argo CD apps created, the Tekton build pipeline defined and the webhooks configured.
-
Let's send a change to our application code and see what happens:
-
The build pipeline generated a new tag for our image:
-
Let's update the deployment on stage branch to use the image that was just created so Argo CD updates the deployment:
-
Now we have the image running on stage but not in production:
-
After updating production branch we will get the same version on bot environments:
About the author
Browse by channel
Automation
The latest on IT automation for tech, teams, and environments
Artificial intelligence
Updates on the platforms that free customers to run AI workloads anywhere
Open hybrid cloud
Explore how we build a more flexible future with hybrid cloud
Security
The latest on how we reduce risks across environments and technologies
Edge computing
Updates on the platforms that simplify operations at the edge
Infrastructure
The latest on the world’s leading enterprise Linux platform
Applications
Inside our solutions to the toughest application challenges
Original shows
Entertaining stories from the makers and leaders in enterprise tech
Products
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Cloud services
- See all products
Tools
- Training and certification
- My account
- Customer support
- Developer resources
- Find a partner
- Red Hat Ecosystem Catalog
- Red Hat value calculator
- Documentation
Try, buy, & sell
Communicate
About Red Hat
We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.
Select a language
Red Hat legal and privacy links
- About Red Hat
- Jobs
- Events
- Locations
- Contact Red Hat
- Red Hat Blog
- Diversity, equity, and inclusion
- Cool Stuff Store
- Red Hat Summit