Image
Image
Ashutosh Tamhankar
Cloud Engineer
LinkedIn Profile

An example of using GitOps for providing a modern application development platform

In the rapidly evolving landscape of software development, success is increasingly defined by flexible infrastructures and intelligent management strategies. Our expertise focuses on optimizing application development processes through advanced technologies like OpenShift GitOps and ArgoCD, enabling declarative infrastructure management.

This blog shows how we strategically leveraging Helm, Kustomize, and ArgoCD and how we create dynamic Kubernetes configurations that provide development teams with maximum agility and scalability. Our innovative approach to tenant onboarding empowers development teams with self-service processes in Kubernetes clusters, ultimately streamlining application development and accelerating digital transformation.

Flexible infrastructure: the key to optimizing application development success

We see that successful teams are more likely to take advantage of flexible infrastructure than less successful teams,” states the State of DevOps Report 2024. But for organizations to be successful, an entirely new paradigm in designing, building, deploying, and running applications has to be adopted. To enable this flexibility right in your data centers, you have decided to offer a modern application development platform to your application development teams. However, managing such an environment at scale and in the long run might be challenging if it is mutated manually and not documented. Additionally, one of the tenets of a flexible infrastructure is providing self-service to your developers to provision a virtual space to start building and deploying their microservices.

Declarative infrastructure management with OpenShift GitOps (ArgoCD)

GitOps has been pervasive in our industry. So, you might want to declaratively manage your environment. OpenShift GitOps uses the open-source project ArgoCD to implement GitOps. For example, you can declare as code that you want to configure the OpenShift cluster to use an external secret that stores a secret key.
Git Ops Schaugrafik
This means it will apply the desired state of the resource “ExternalSecret” declared in a Git repo to the cluster and can periodically synchronize it to maintain its desired state in the cluster.
HYCU External Secrets

The yaml configuration above retrieves the value for the secret key, which is stored as awsSecretAccessKey in the AWS Secrets Manager.

Now, you have documented the desired state in the Git repo, which can always be rolled back as no changes to the infrastructure are done imperatively using the CLI for the OpenShift cluster.

When building a platform for your application teams, you will be faced with two questions:

- How might the OpenShift cluster be configured declaratively?
- How might new software development teams be onboarded onto the cluster?

As per the GitOps principle, everything will be managed as code. So, Git repository permissions should be maintained to not allow changes by anyone outside the platform team. Any changes requested by developers for onboarding onto the platform should be done by opening a pull request.

Here is an illustration of how we have used GitOps principles to configure our lab OpenShift setup at Amanox.

UseCase HYCU

Dynamic Kubernetes Configuration: Mastering Helm, Kustomize, and ArgoCD

The building blocks for enabling declarative cluster configuration are as follows:

Helm-Charts: These are like a package manager for Kubernetes applications described as a set of Kubernetes resources.

Kustomize: It manages different variations of your application configuration without modifying the original YAML files.

The „App of Apps“-Pattern: A parent app deploys multiple child apps.

ArgoCD-Applications: These are Kubernetes resources that define the source (Git repository) and destination (target cluster) for automated delivery of your applications.

ArgoCD ApplicationSets: These are ArgoCD resources for automated generation of ArgoCD Applications based on templates and sources like Git repositories, cluster lists, etc.
The Helm charts are represented as shapes (squares, triangles, etc.) which configure certain parts of the cluster with certain parameters. These parameters can be customized or patched depending on the environment where these need to be installed. This is done by using overlays to patch certain base configurations to these target environments. These could, for example, be different cluster environments representing test, dev, or a prod environment, if these were to be completely isolated.

See a simplified depiction of this concept below which shows three different environments being configured differently based(color-coded) on the base configurations. The base configurations in turn contain different Kubernetes resources configured using Helm or ArgoCD applications. Imagine the overlays like pizza toppings. Your base configuration is like a pizza base and different toppings define the final type of your pizza. A margherita will have different toppings than a napolitana. Similarly, the parameters to be patched in the target environments will differ. Consequently, you can reuse the code for configuring different environments.

Overlays HYCU
The cluster configuration is triggered by an ArgoCD App of Apps pattern, which is the only ArgoCD Application deployed manually. It is like a spark you need to light fire. Similarly, it would automatically create child ArgoCD apps that are extended by the overlay using Kustomize and represent the different variations of the “base” ArgoCD Applications. For this setup to work, you need to have an OpenShift cluster running with the OpenShift GitOps and ExternalSecrets operators.

Tenant Onboarding: Self-service strategies for development teams in Kubernetes clusters

One of the things the cluster configuration also does is create namespaces in the cluster for application teams, which we call tenant onboarding. Imagine them as cubicles in a co-working space, where you get to work in them and also use other services like the pantry or the lounge that is shared by other co-workers. Similarly, the tenants will get their own namespace and use the worker nodes or the Tektin/ArgoCD instance, used to build/deploy their applications, shared with other tenants. This, in turn, enables self-service capabilities for your development teams. The workflow could look like this:

The application team will create a pull request to onboard themselves by providing information (parameters) pertaining to them like the AD group to which their team belongs, the number and names of the different environments needed, the repo for their application source code, and Kubernetes application manifests defining their CI/CD pipeline.

Upon adding a tenant parameter file to the Git repo, which could look as follows:

HYCU Terminal
We use ApplicationSets for templating ArgoCD Applications based on the parameters provided by the tenant in the cluster config repository. New namespaces are created as per the user(tenant) request, which they should be able to see upon successful creation of their ArgoCD Applications.
HYCU Terminal
Once this is set up, the new tenants can configure their CI/CD pipelines or log into their namespaces via the OpenShift console.
HYCU

Conclusion - Streamlining application development

The platform team can easily start by maintaining the cluster configuration,
perform a failover to a warm stand-by cluster and enable their application development teams to quickly start using OpenShift for developing new software. Learn more about a customer success story who adopted OpenShift to modernise their DotNet based Applications: Success Story Galliker.

Acknowledgement

This blog benefited from the feedback from Leo Schoechli (Cloud Engineer), Samuel Rothenbühler (CTO), Andreas Wenger (Presales Engineer) und Raphael Wirtz (Cloud Engineer).

Tipp: Coffeebreak with Amanox

Image
Thursday, 13 March 2025 / 27 March 2025, 10:00 – 10:30 a.m.

Coffeebreak with Amanox

In the mood for a virtual coffee break? Learn more about the topic during our webinar on our hands-on workshop on developing application platforms with OpenShift. Register now!
Register now

More Knowledge Sharing

HYCU Teaser

The way forward in the exponential technology future: Simplify your data center footprint in the hybrid cloud era

We all find ourselves in a world rapidly moving towards exponential technological advancements. It is crucial for companies to not only adapt their IT platforms but also make them future-proof.
learn more
HYCU Teaser

The way forward in the exponential technology future: HYCU Data Protection: Resilient backup management for the hybrid cloud future

Have you also had the thought in recent months that technological development is advancing at a breathtaking pace?! In this blog, you quickly realise that you are not alone.
learn more
HYCU Story Teaser

Digital transformation with HYCU and Nutanix: the path to an exponential technology future

Digital transformation is no longer an option, but a necessity. Those who don’t adapt will be left behind. But what if you don’t just want to keep pace, but actively influence it? Find out in this blog post.
learn more
Image

Fully Automated MLOps Pipeline – Part 2

In our last post, we explored training a forecasting model with SageMaker. Now, we’ll complete the journey by detailing how to monitor its performance and automate retraining, ensuring consistent and reliable predictions.
learn more