Application deployment
The deployment of application composition projects follows the GitOps framework to automate the deployment onto different deployment targets. The main components of the framework are the Git repository to store the application configuration, the OpenShift GitOps operator to manage the cluster configurations and the external secret controller to resolve external secrets into kubernetes secrets.
Deployment steps
Create application: Once the user chooses to create an application composition project, a Git repository is created for the application to maintain the application configuration for different deployment targets as part of the composite application. The configuration of each deployment target is maintained in a separate branch with branch name as deployment target name.
Selecting deployment target: Deployment is managed individually for each deployment target. Choosing deployment target results in:
Creating a branch in the Git repository of the application to manage all the configuration for this specific deployment target. A kustomization file is created in that branch which maintains the resources to be deployed.
apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - {{resource1}}.yaml - {{resource2}}.yaml patches: - target: version: v1alpha1 kind: Application labelSelector: app={{applicationAcronym}} patch: |- - op: replace path: /spec/source/helm/parameters/0/value value: {{deploymentTargetHostName}} - target: version: v1alpha1 kind: Application labelSelector: app={applicationAcronym} patch: |- - op: replace path: /spec/source/helm/parameters/4/value value: 'false' - target: version: v1alpha1 kind: Application labelSelector: app=abatest patch: |- - op: add path: /metadata/finalizers value: ['resources-finalizer.argocd.argoproj.io/foreground'] - target: version: v1alpha1 kind: Application labelSelector: app={{applicationAcronym}} patch: |- - op: add path: /spec/syncPolicy value: automated: selfHeal: true prune: true
resource.yaml: These are the yaml files which contain the configuration of a specific component or binding which is part of the application.
applicationAcronym: Acronym for the application
deploymentTargetHostName: The target hostname of the deployment target.
patches: Patches are used to add or override fields in resource configuration.
Creating (https://argo-cd.readthedocs. io/en/stable/operator-manual/declarative-setup/#applications) in the cluster to manage the state of the application in the kubernetes cluster. This application will always sync with the Git repository to look for any change in the state of the application and apply that state to the cluster.
Deploy components: After the deployment target is selected, you can add components to the deployment target. Each component is treated as individual resource of the application and has a corresponding component yaml file in the Git repository which contains the configuration of the component:
apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: {{componentDeploymentName}} namespace: argocd labels: app: {{applicationAcronym}} type: component annotations: description: {{application component description}} spec: destination: namespace: {{deploymentTarget} server: 'https://kubernetes.default.svc' project: default source: repoURL: {{helmRepoUrl}} chart: {{componentChartName}} targetRevision: {{componentChartVersion}} helm: parameters: - name: environment.host value: host - name: label.application value: {{application acronym}} - name: image.registryPath value: {{deployment target path}} - name: deployment.applicationAcronym value: {{application acronym}} - name: feature.istio value: {{istioFlag}} values: '{{customConfig}}'
componentDeploymentName: A unique application deployment resource name. Created with combination of {{applicationAcronym}}-{{componentName}}-{{targetDeployment}}
applicationAcronym: Acronym for the application
deploymentTarget: Chosen deployment target
helmRepoUrl: URL of the helm oci repository where the component's helm chart is available
componentChartName: Name of the helm chart of the component, same as component name
componentChartVersion: Version of the helm chart to use
customConfig: Stringified version of custom configuration.
Once the component is added and committed to Git, Argo CD application created in previous step will read this component yaml file and deploy the helm chart available in source spec of the file onto the target namespace of the kubernetes cluster. Also, Argo CD will apply any custom configuration specified by the user in custom configuration.
Deploy bindings: Each API binding and topic binding is treated as a single resource for deployment to the cluster. Since bindings might contain some sensitive data, in order to protect binding data being stored directly in the Git, binding resources are created in form of external secrets where only a path for the actual binding data is stored in the Git repository. When an API or topic binding is required for a component this has to be configured by user. Once the user commits these changes to the deployment target, an external secret resource yaml for each binding is created in Git:
apiVersion: k5.config/v1 kind: K5ExternalSecret metadata: name: {{externalSecretName}} namespace: {{deploymentTarget}} spec: backendType: vault data: - key: {{secretDataPath}} name: binding vaultMountPoint: kubernetes vaultRole: external-secrets-role
ArgoCD application reads these external secret resource files from Git, and adds the corresponding external secrets to the kubernetes cluster. Once the external secrets are available in the cluster, the external secret controller will use these external secrets to fetch the secret data from the external Provider (vault). The external secret controller then uses this data to create a kubernetes secret which can be accessed by pods of the application.
Similar to adding components and bindings, if the user removes any resource from the application and commits the changes to the Git, Argocd application with sync up with the Git repository and clean up the removed resources from cluster.