- Overview
- Architecture
- Quick Start
- Repository Structure
- Cluster Management
- Components & Features
- Development Environment
- ArgoCD Plugins
- Troubleshooting
- Contributing
- Resources
This repository provides a production-ready, declarative approach to managing multiple OpenShift clusters using GitOps principles with ArgoCD. It enables:
- Multi-cluster orchestration with Red Hat Advanced Cluster Management (ACM)
- Consistent configuration across development, staging, and production environments
- Automated deployments and synchronization using ArgoCD
- Secure secret management with External Secrets Operator and 1Password
- Infrastructure as Code with Helm charts and Kustomize overlays
- Policy-based governance and compliance automation
This setup follows the GitOps Standards Repository Template from Red Hat Communities of Practice.
graph TB
subgraph "Management Hub Cluster"
ACM[Red Hat ACM]
ArgoCD[ArgoCD GitOps]
Vault[HashiCorp Vault]
ESO[External Secrets Operator]
end
subgraph "Target Clusters"
Proxmox[Proxmox Cluster]
VSphere[vSphere Cluster]
HCP[Hosted Control Planes]
end
subgraph "GitOps Repository"
Components[Components]
Clusters[Cluster Configs]
Helm[Helm Charts]
Policies[ACM Policies]
end
ArgoCD --> Components
ArgoCD --> Clusters
ArgoCD --> Helm
ACM --> Policies
ACM --> Proxmox
ACM --> VSphere
ACM --> HCP
ESO --> Vault
style ACM fill:#e1f5fe
style ArgoCD fill:#f3e5f5
style Vault fill:#fff3e0
- π― ArgoCD: Continuous deployment and GitOps orchestration
- π Red Hat ACM: Multi-cluster management and governance
- π External Secrets: Secure secret injection from external systems
- π Cert Manager: Automated TLS certificate management
- π§ Operators: 50+ OpenShift operators for various capabilities
- π Observability: Integrated monitoring, logging, and alerting
- OpenShift cluster with cluster-admin privileges
ocCLI tool installed and configured- Git repository access and credentials
# Clone the repository
git clone https://github.com/Vikaspogu/openshift-multicluster.git
cd openshift-multicluster
# Generate installation ISO
rm -rf installer/proxmox
cp -r installer/cluster installer/proxmox
./openshift-install agent create image --dir installer/proxmox
# Wait for installation to complete
export KUBECONFIG=installer/proxmox/auth/kubeconfig
./openshift-install agent wait-for install-complete --dir installer/proxmox --log-level=debugUse the automated workflow for hands-off deployment.
# Login to your OpenShift cluster
oc login --server=https://api.cluster.example.com:6443
# Bootstrap ArgoCD and initial applications
oc apply -k components/root-application/
# Verify ArgoCD deployment
oc get applications -n openshift-gitopsUpdate the cluster configuration in clusters/<cluster-name>/kustomization.yaml to match your environment:
helmCharts:
- name: argocd-app-of-app
valuesInline:
default:
source:
repoURL: https://github.com/YOUR-USERNAME/openshift-multicluster.gitopenshift-multicluster/
βββ apps/ # Application-specific configurations
βββ clusters/ # Cluster-specific configurations
β βββ proxmox/ # Proxmox cluster configuration
β βββ vsphere/ # vSphere cluster configuration
βββ components/ # Reusable component definitions
β βββ operators/ # OpenShift operators
β βββ configs/ # Configuration components
β βββ charts/ # Custom Helm charts
βββ groups/ # Common configurations by environment
β βββ all/ # Applied to all clusters
β βββ dev/ # Development environment specific
βββ helm/charts/ # Custom Helm charts
βββ installer/ # Cluster installation files
βββ scripts/ # Utility scripts
- Groups (
groups/) - Environment-wide defaults - Clusters (
clusters/) - Cluster-specific overrides - Components (
components/) - Individual service configurations - Apps (
apps/) - Application deployments
| Platform | Status | Features |
|---|---|---|
| Proxmox | β Production | VM management, storage integration |
| vSphere | β Production | vCenter integration, DRS/HA support |
| Hosted Control Planes | π§ Beta | Cost-effective multi-tenancy |
-
Create cluster directory:
mkdir clusters/new-cluster cp clusters/proxmox/kustomization.yaml clusters/new-cluster/
-
Customize configuration:
# Edit cluster-specific values vim clusters/new-cluster/kustomization.yaml -
Deploy via ArgoCD:
# ArgoCD will automatically detect and sync the new cluster oc get applications -n openshift-gitops
- π OpenShift GitOps - ArgoCD for continuous deployment
- π Red Hat ACM - Multi-cluster management hub
- π External Secrets - Secret management with 1Password/Vault integration
- π Cert Manager - Automated TLS certificates via Let's Encrypt/Cloudflare
- π§ Patch Operator - Dynamic cluster configuration updates
- π‘οΈ Red Hat ACS - Advanced Cluster Security for Kubernetes
- π Kyverno - Policy engine for security and best practices
- π LDAP Sync - Automated user and group synchronization
- π OAuth - External identity provider integration
- ποΈ Red Hat Developer Hub - Internal developer platform (Backstage)
- π» OpenShift Dev Spaces - Cloud-native development workspaces
- π OpenShift Pipelines - Tekton-based CI/CD with Pipeline-as-Code
- π₯οΈ Web Terminal - Browser-based cluster access
- πΎ LVM Storage - Local volume management for persistent storage
- π CloudNative-PG - PostgreSQL operator for databases
- π VolSync - Volume replication and backup
- ποΈ Synology CSI - Network-attached storage integration
- π Alertmanager - Alert routing and management
- π OpenShift Logging - Centralized log aggregation
- π Log Forwarder - External log shipping configuration
- βοΈ MetalLB - Load balancer for bare-metal clusters
- π NMState - Declarative network configuration
- βοΈ Cloudflared - Secure tunnel management
This repository includes a pre-configured development environment using OpenShift Dev Spaces:
# devfile.yaml
components:
- name: dev-tools
container:
image: quay.io/rhn_gps_vpogu/devspaces-fedora40-tooling:2.0.0
memoryLimit: 4GiUse the included Task runner for common operations:
# List all available tasks
task --list
# Example tasks (extend as needed)
task volsync:snapshot # Create volume snapshots
task validate # Validate YAML configurations
task test # Run integration testsThe ArgoCD Lovely Plugin enhances Kustomize capabilities:
- Environment Variable Substitution: Replace variables across multiple files
- Dynamic Patching: Apply patches based on cluster context
- Channel Management: Update operator channels dynamically
Operator Channel Patching:
# clusters/proxmox/cert-manager.yaml
spec:
source:
plugin:
parameters:
- name: channel
value: "stable-v1.13"Variable Replacement with sed:
parameters:
- name: sed
value: "s/CLUSTER_NAME/proxmox-cluster/g **/*.yaml"YAML Path Updates with yq:
parameters:
- name: yq
value: '.spec.domain = "apps.cluster.example.com" ingress.yaml'Additional plugins are configured in components/openshift-gitops-config/.
ArgoCD Application Sync Failures:
# Check application status
oc get applications -n openshift-gitops
# View detailed sync status
oc describe application <app-name> -n openshift-gitops
# Force sync
argocd app sync <app-name> --forceExternal Secrets Not Syncing:
# Check External Secrets operator logs
oc logs deployment/external-secrets -n external-secrets-operator
# Verify ClusterSecretStore connectivity
oc get clustersecretstore vault-backend -o yamlCert Manager Certificate Issues:
# Check certificate status
oc get certificates -A
# Review cert-manager logs
oc logs deployment/cert-manager -n cert-manager# Validate all YAML files
find . -name "*.yaml" -exec yamllint {} \;
# Check Kubernetes resource validity
scripts/kubeconform.sh- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
- Follow the established directory structure
- Use meaningful commit messages
- Update documentation for new features
- Test changes in a development cluster first
- Ensure all YAML files pass validation
- Homelab Orchestrator - Ansible automation for infrastructure
Made with β€οΈ for the OpenShift community