GitOps integration
Turbonomic integrates with Git-based software through
Argo
CD, a GitOps continuous delivery tool that manages ArgoCD
Application
resources using Custom Resources (CRs). With this integration, Turbonomic can identify the container platform cluster resources managed by
Argo CD, and then execute resize actions against the Git-based version control software
serving as Argo CD's 'source of truth'. Argo CD completes the action by synchronizing
changes onto the running environment.
Turbonomic currently supports the following definitions:
Workload definition - path to version control software | Version control software (Git source) | Application packaging |
---|---|---|
ArgoCD Application CR in the cluster |
GitHub or GitLab | None (straight YAMLs only). Operators and Helm are not supported. |
ArgoCD ApplicationSet CR in the cluster |
Configurations
It is assumed that Argo CD is installed and active in the cluster managed by Turbonomic. Although Turbonomic discvoers comprehensive information from the Argo CD applications that manage the resources, some details (such as Git credentials) must be configured in Kubeturbo running in the same cluster. The following sections describe these configurations.
Creating a developer access token in Git
-
In Settings, select Developer Settings.
-
Select Personal Access Tokens.
-
Generate a new token and grant the following permissions:
-
delete:packages
-
gist
-
notifications
-
repo
-
write:discussion
-
write:packages
-
-
Copy the token. You will need it in the next task.
Creating a secret to store the developer access token
Create a new secret in the namespace where Kubeturbo is deployed.
kind: Secret
apiVersion: v1
metadata:
name: github
namespace: turbo
data:
token: {your_token_in_Base64}
type: Opaque
You will need to add a rule to your existing Kubeturbo service account role to grant permissions to get the secrets resource.
rules:
# Existing rules
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
Configuring Kubeturbo deployed through YAML
The following snippet shows the settings to configure in the Kubeturbo deployment. These settings will be used for all Argo CD apps deployed in the cluster.
--git-email string The email to be used to push changes to git.
--git-secret-name string The name of the secret which holds the git credentials.
--git-secret-namespace string The namespace of the secret which holds the git credentials.
--git-username string The user name to be used to push changes to git.
--git-commit-mode The commit mode that should be used for git action executions. One of request|direct. Defaults to direct.
Specify these settings in the args
section of the YAML file, as shown in
the following example.
apiVersion: apps/v1
kind: Deployment
metadata:
name: kubeturbo-test
....
....
spec:
replicas: 1
selector:
matchLabels:
app: kubeturbo-test
template:
metadata:
annotations:
kubeturbo.io/monitored: "false"
labels:
app: kubeturbo-test
spec:
containers:
- args:
- --turboconfig=/etc/kubeturbo/turbo.config
- --v=2
- --kubelet-https=true
- --kubelet-port=10237
- --git-email=youremail@gmail.com
- --git-secret-name=your-github-secret-name
- --git-secret-namespace=turbo
- --git-username=yourusername
- --git-commit-mode=direct
image: turbonomic/kubeturbo:latest
imagePullPolicy: Always
name: kubeturbo-test
resources: {}
...
...
Configuring Kubeturbo deployed through an operator
In the operator's CR spec, find the args
section and configure the
following settings. These settings will be used for all Argo CD apps deployed in the
cluster.
apiVersion: charts.helm.k8s.io/v1
kind: Kubeturbo
metadata:
name: kubeturbo-sample
spec:
HANodeConfig:
nodeRoles: '"master"'
args:
kubelethttps: true
kubeletport: 10250
...
...
# [ArgoCD integration] The email to be used to push changes to git.
gitEmail: "youremail@gmail.com"
# [ArgoCD integration] The username to be used to push changes to git.
gitUsername: "yourusername"
# [ArgoCD integration] The name of the secret which holds the git credentials.
gitSecretName: "your-github-secret-name"
# [ArgoCD integration] The namespace of the secret which holds the git credentials.
gitSecretNamespace: "turbo"
# [ArgoCD integration] The commit mode that should be used for git action executions. One of {request|direct}. Defaults to direct.
gitCommitMode: "direct"
(Optional) Fine grained app specific configurations
It is possible for Argo CD apps to sync with different sources of truth (such as different GitHub
repositories) within the same cluster. It is also possible that the credentials for these
sources of truth are different. The app specific fine grained configuration uses a
config
Custom Resource to support different configuration information for
different apps.
If you use plane YAML, first install the CRD that you can download here.
To deploy the CRD, run the following command:
kubectl apply -f https://raw.githubusercontent.com/turbonomic/turbo-gitops/main/config/crd/bases/gitops.turbonomic.io_gitops.yaml
When the type definition is available, use a configuration similar to the following example.
apiVersion: gitops.turbonomic.io/v1alpha1
kind: GitOps
metadata:
name: gitops-sample
spec:
config:
- commitMode: direct
credentials:
email: test@turbonomic.comm
secretName: gitops-secret
secretNamespace: gitops
username: turbo
selector: '^turbo.*$'
whitelist:
- app-name-1
- app-name-2
This resource is name spaced. You can specify one or several non-conflicting configurations for
each namespace. If an app is selected as per the whitelist
or the
selector
, the credentials
and
commitMode
listed in the GitOps resource spec will be used instead of the
global specs configured in Kubeturbo.
(Optional) Cluster local resource update
You may want Turbonomic to update the resources locally and directly in the cluster, rather then pushing the changes to the source of truth.
-
Security
You may want to minimize access to the credentials and the source of truth.
-
Faster optimization
If the update must be pushed to the source of truth, the turnaround time for the update is longer because of the number of systems involved and the possibility of failures and retries. Turbonomic must also push a commit or a pull request (approvals might be required) to the source of truth. Even if Argo CD runs in auto-sync mode, it must pull and sync the resource into the cluster.
For faster optimization, you may want to update a resource locally in the cluster.
Note:Argo CD has a default interval of 3 minutes to discover changes in the source of truth. Changes in Turbonomic can take 10 minutes or longer to apply.
-
Multi-cluster scenarios
It is possible for multiple clusters to use a unified app definition and sync from a base definition. Optimizations from one cluster might not apply to another cluster. If the updates are applied to the source of truth, then the change applies to all the clusters.
-
Newer or unsupported tooling in the pipeline
It is possible that Turbonomic does not have the capability to understand the pipeline or directly interact with the GitOps system.
To update the resources locally, configure the Argo CD app to skip the syncing of some fields from the child resources.
-
spec.ignoreDifferences
prevents out-of-sync prompts when the cluster local value changes. For details, see the Argo CD documentation. -
If the sync happened because of other field changes (as described in the Argo CD documentation),
RespectIgnoreDifferences
ignores the copying of original values into the cluster local resources.
Use both options in the Argo CD applications.