Demo Application#
Access to the OpenShift cluster running ACM is required
Configuration#
If you wish to use the resources above to deploy an application that resides on a private git/gitlab repository, the following environment variables must be configured:
Application Config#
APP_NAME: the application’s name
GIT_PATHNAME: the URL to the git repository (used by the channel resource), e.g.:
GIT_PATHNAME='https://gitlab.com/i4q/LRT'GIT_PATH: the filepath to the relevant root directory inside the git repository set in $GIT_PATHNAME
GIT_BRANCH: the git branch to pull from
Access Config#
BASE64_USER : your user encoded in base64, e.g.:
BASE64_USER=$(echo -n "YOUR_USER_NAME" | base64)BASE64_ACCESS_TOKEN : your access token that provides at-least READ permission for the private repo/org
Note:#
If your application must pull container images from private repositories then a deployment-level/service-account level docker-configuration access secret must be deployed, and referenced in deployment/service-account
E.g., if a container in your deployment in $NAMESPACE namespace must pull from a private gitlab repository, then: 1. Its container must
reference:
imagePullSecrets: - name: {{ $SECRET_NAME }}
Access authentication secret must be deployed:
kubectl create secret docker-registry $SECRET_NAME --docker-server=registry.gitlab.com --docker-username=$GITLAB_USER --docker-password=$GITLAB_READ_TOKEN -n $NAMESPACE --dry-run=client -o yaml | kubectl apply -f -
Resources#
The resources in this directory deploy an application that is composed of:
Namespace:
The namespaces in which the resources will reside:
apiVersion: v1
kind: Namespace
metadata:
name: $APP_NAME
---
apiVersion: v1
kind: Namespace
metadata:
name: ggitlabcom-$APP_NAME
Channel:
An openshift resource that specifies connection information to a git repo / other repo sources
The name formatting follows that used when deploying an application through the ACM UI
apiVersion: apps.open-cluster-management.io/v1
kind: Channel
metadata:
annotations:
apps.open-cluster-management.io/reconcile-rate: medium
name: ggitlabcom-$APP_NAME
namespace: ggitlabcom-$APP_NAME
spec:
type: Git
pathname: $GIT_PATHNAME
secretRef:
name: ggitlabcom-$APP_NAME-auth
Application:
apiVersion: app.k8s.io/v1beta1
kind: Application
metadata:
name: $APP_NAME
namespace: $APP_NAME
spec:
componentKinds:
group: apps.open-cluster-management.io
kind: Subscription
descriptor: {}
selector:
matchExpressions:
key: app
operator: In
values: $APP_NAME
Private Repository Authentication Secret:
A secret that holds username and token for accessing a private repository to pull git-resources from
apiVersion: v1
kind: Secret
metadata:
name: ggitlabcom-$APP_NAME-auth
namespace: ggitlabcom-$APP_NAME
data:
user: $BASE64_USER
accessToken: $BASE64_ACCESS_TOKEN
Subscription:
The resource that instructs openshift controllers to watch and sync the specified repository
apiVersion: apps.open-cluster-management.io/v1
kind: Subscription
metadata:
annotations: apps.open-cluster-management.io/git-branch: $GIT_BRANCH apps.open-cluster-management.io/git-path: $GIT_PATH apps.open-cluster-management.io/reconcile-option: merge
labels:
app: $APP_NAME
name: $APP_NAME-subscription-1
namespace: $APP_NAME
spec: channel: ggitlabcom-$APP_NAME/ggitlabcom-$APP_NAME
placement:
placementRef:
kind: PlacementRule
name: $APP_NAME-placement-1
Placement:
The resource that specifies how to select which managed-cluster should deploy the application
apiVersion: apps.open-cluster-management.io/v1
kind: PlacementRule
metadata:
labels:
app: $APP_NAME
name: $APP_NAME-placement-1
namespace: $APP_NAME
spec:
clusterSelector:
matchLabels:
'env': 'lrt'
In this case, the application will be deployed on managed-cluster that have the label env=lrt