~/g/multicloud-gitops on main ◦ tree -L 2
.
├── ansible
├── ansible.cfg
├── charts
│ └── all
│ └── region
├── common
│ ├── acm
| ├── ansible
| ├── Changes.md
│ ├── clustergroup
│ ├── common -> .
│ ├── examples
│ ├── golang-external-secrets
│ ├── hashicorp-vault
│ ├── letsencrypt
| ├── LICENSE
| ├── Makefile
| ├── operator-install
| ├── README.md
│ ├── reference-output.yaml
│ ├── scripts
│ ├── tests
│ └── values-global.yaml
├── LICENSE
├── Makefile
├── overrides
│ ├── values-AWS.yaml
│ └── values-IBMCloud.yaml
├── pattern.sh -> ./common/scripts/pattern-util.sh
├── README.md
├── tests
├── values-global.yaml
├── values-global-one.yaml
├── values-hub.yaml
├── values-secret-multicloud-gitops.yaml
└── values-secret.yaml.template
20 directories, 77 filesOpenShift framework fundamentals
The OpenShift validated patterns framework uses OpenShift GitOps (ArgoCD) as the primary driver for deploying patterns and keeping them up to date. Validated patterns use Helm charts as the primary artifacts for GitOps. Helm charts provide a mechanism for templating that is powerful when building repeatable, automated deployments across different deployment environments (i.e. clouds, data-centers, edge, etc.)
The framework provides consistency across any cloud provider - public or private. So while you could automate the handling for each of the cloud providers, the framework utilizes one Kubernetes distribution that runs on public or private clouds - the hybrid and/or multi cloud model.
Many Cloud Native Computing Foundation (CNCF) projects use Operators to manage the lifecycle of their service. Whenever possible, validated patterns will make use of these Operators to deploy the application service.
Red Hat Advanced Cluster Management (ACM) is primarily used to automate the deployment of edge clusters. It provides subscription information for specific deployment sites.
OpenShift Pipelines is used to automate builds and keep image repositories up to date.
Pattern directories tour
Examining any of the existing patterns reveals the important organizational part of the validated patterns framework. Let’s take a look at a couple of the existing validated patterns: Multicluster GitOps and Industrial Edge.
Multicloud GitOps
The Multicloud GitOps approach enables centralized management of multiple cloud deployments across both public and private clouds, including workloads and the secure handling of secrets across environments. This approach is built on patterns that consist of two key components: a "common" element, which serves as a foundational framework shared by nearly all patterns, and a pattern-specific element that builds on the common framework with tailored content. This section focuses on the standardized directory structure used in Multicloud GitOps repositories for validated patterns in multicloud setups. By following the well-structured directory layout illustrated here, teams can streamline deployment processes across clouds, reduce configuration drift, enhance automation, and maintain a single source of truth for both infrastructure and application code.
First we notice some subdirectories: charts and common, along with values- yaml files.
Industrial edge
~/g/industrial-edge on stable-2.0 ◦ tree -L 2
.
├── ansible
├── ansible.cfg
├── Changes.md
├── charts
│ ├── datacenter
│ └─ factory
| └── secrets
├── common
│ ├── acm
| ├── ansible
| ├── Changes.md
│ ├── clustergroup
│ ├── common -> .
│ ├── examples
│ ├── golang-external-secrets
│ ├── hashicorp-vault
│ ├── letsencrypt
| ├── LICENSE
| ├── Makefile
| ├── operator-install
│ ├── scripts
│ ├── tests
│ └── values-global.yaml
├── docs
│ ├── images
│ └── old-deployment-map.txt
├── images
│ ├── import-cluster.png
│ ├── import-with-kubeconfig.png
│ └── launch-acm-console.png
├── LICENSE
├── Makefile
├── overrides
| ├── values-prod-imagedata.yaml
│ └── values-test-imagedata.yaml
├── README.md
|── pattern.sh -> ./common/scripts/pattern-util.sh
├── scripts
│ ├── secret.sh
│ └── sleep-seed.sh
├── SUPPORT_AGREEMENT.md
├── tests
├── values-datacenter.yaml
├── values-factory.yaml
├── values-global.yaml
├── values-hub.yaml -> values-datacenter.yaml
└── values-secret.yaml.template
25 directories, 98 filesWe see the same or similar files in the both patterns directories.
The common directory
The core components that make the Validated Patterns framework are contained in the common repository. These include:
OpenShift GitOps configuration
Supports our clusterGroup and GitOps policies
Validated Pattern framework build scripts and Makefiles
Secrets Management with HashiCorp Vault
Operator CRDs and other assets
Various utility scripts
The common repository contains all the shared manifests for the Validated Patterns Framework. These components are configured to work together within the GitOps framework. Instead of duplicating configurations across patterns, shared technologies are centralized in this common directory. Pattern-specific post-deployment configurations, if needed, should be added to the Helm charts in the charts directory. Typically, you won’t need to modify the common directory unless working on the framework itself.
Breakdown of common repository
This table details the key components of the common repository:
| Component | Description |
|---|---|
acm | Contains the helm charts which contains policies and is used to configure the deployment of the Advance Cluster Manager. |
ansible | This directory contains the ansible roles and modules that support the secrets management for a pattern. |
clustergroup | Contains the helm chart used to create namespace, subscriptions, projects, and applications described in the values files. This is the seed for all patterns. |
golang-external-secrets | Helm chart for External Secrets Operator that integrates external secret management systems like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault, IBM Cloud Secrets Manager, Akeyless. |
hashicorp-vault | Contains the helm chart for HashiCorp Vault. |
operator-install | Contains the helm chart used by the Validated Patterns Operator to create the openshift-gitops component and create the initial ArgoCD applications for the Validated Pattern. |
scripts | Directory which contains utility scripts used by the Validated Pattern Framework. |
The charts directory
This is where validated patterns keep the helm charts for a pattern. The helm charts are used to deploy and manage the various components of the applications deployed at a site. By convention, the charts are broken out by site location. You may see datacenter, hub, factory, or other site names in there.
The site naming convention is flexible, allowing users to modify it to suit their environment. |
Each site has sub-directories based on application or library component groupings.
From Helm documentation: Application charts are a collection of templates that can be packaged into versioned archives to be deployed.
Library charts provide useful utilities or functions for the chart developer. They’re included as a dependency of application charts to inject those utilities and functions into the rendering pipeline. Library charts do not define any templates and therefore cannot be deployed.
These groupings are used by OpenShift GitOps to deploy into the cluster. The configurations for each of the components inside an application are synced every three minutes by OpenShift GitOps to make sure that the site is up to date. The configuration can also be synced manually if you do not wish to wait up to three minutes.
.
├── datacenter
│ ├── external-secrets
│ ├── manuela-data-lake
│ ├── manuela-tst
│ ├── opendatahub
│ └── pipelines
├── factory
│ └── manuela-stormshift
└── secrets
└── pipeline-setupThe configuration YAML for each component of the application is stored in the templates subdirectory.
.
├── external-secrets
│ ├── Chart.yaml
│ ├── templates
│ └── values.yaml
├── manuela-data-lake
│ ├── Chart.yaml
│ ├── templates
│ └── values.yaml
├── manuela-tst
│ ├── Chart.yaml
│ ├── templates
│ └── values.yaml
├── opendatahub
│ ├── Chart.yaml
│ ├── templates
│ └── values.yaml
└── pipelines
├── Chart.yaml
├── extra
├── images
├── README.md
├── templates
└── values.yamlThe scripts directory
In some cases, an Operator or Helm chart may require additional configuration. When extra code is needed for deployment, it should be placed in the scripts directory. Typically, consumers of a validated pattern won’t interact directly with these scripts, as they are executed by the existing automation (for example through the Makefile or OpenShift GitOps). If extra adjustments are required for your application, place the scripts here and run them through automation. The scripts directory should generally be treated as off-limits unless you’re modifying the framework itself.
Applications and values- files
Helm uses values.yaml files to pass variables into charts. Variables in the values.yaml file can be overridden in the following ways:
By a
values.yamlfile in the parent directoryBy a values file passed into the
helm <install/upgrade>command using-fBy specifying an override individual value in the the
helmcommand with--set
For more information on values files and their usage see the values files section of the Helm documentation.
This section is meant as an introduction to the values- files that the framework uses to override values in the chart templates. In the Getting Started pages there will be more specific usage details.
There are three types of value- files.
values-global.yaml: This is used to set variables for helm charts across the pattern. It contains the name of the pattern and sets some other variables for artifacts like, image registry, Git repositories, GitOps syncPolicy etc.values-<site>.yaml: Each specific site requires information regarding what applications and subscriptions are required for that site. This file contains a list of namespaces, applications, subscriptions, the operator versions etc. for that site.values-secret.yaml.template: All patterns require some secrets for artifacts included in the pattern. For example credentials for GitHub, AWS, or Quay.io. The framework provides a safe way to load those secrets into a vault for consumption by the pattern. This template file can be copied to your home directory, the secret values applied, and the validated pattern will go look forvalues-secrets.yamlin your home directory. Do not leave avalues-secrets.yamlfile in your cloned git directory or it may end up in your (often public) Git repository, like GitHub.This file has nothing to do with helm and can be copied either to your home directory or to the
~/.config/validatedpatterns/folder. The naming should bevalues-secret-<pattern-name>.yaml. Ideally it should be encrypted with the ansible-vault.
Values files can have some overrides.
Version overrides can be used to set specific values for OCP versions. For example
values-hub-4.16.yamlallows you to tweak a specific value for OCP 4.16 on the Hub cluster.Version overrides can be used to set specific values for specific cloud providers. For example
values-AWS.yamlwould allow you to tweak a specific value for all cluster groups deployed on AWS.
Environment values and Helm
The purpose of the values files is to leverage Helm’s templating capabilities, allowing you to dynamically substitute values into your charts. This makes the pattern very portable.
The following messaging-route.yaml example shows how the AMQ messaging service is using values set in the values-global.yaml file for Industrial Edge.
apiVersion: route.openshift.io/v1
kind: Route
metadata:
labels:
app: messaging
name: messaging
spec:
host: messaging-manuela-tst-all.apps.{{ .Values.global.datacenter.clustername }}.{{ .Values.global.datacenter.domain }}
port:
targetPort: 3000-tcp
to:
kind: Service
name: messaging
weight: 100
wildcardPolicy: NoneThe values in the values-global.yaml will be substituted when the YAML is applied to the cluster.
global:
pattern: industrial-edge
...
datacenter:
clustername: ipbabble-dc
domain: blueprints.rhecoeng.com
edge:
clustername: ipbabble-f1
domain: blueprints.rhecoeng.com