From 5fa5533de3883f6b86d0e188bb76727450f00f92 Mon Sep 17 00:00:00 2001 From: Juliano Mohr <1110178+juliaaano@users.noreply.github.com> Date: Mon, 16 Mar 2026 15:29:32 +0000 Subject: [PATCH 1/4] ocp4_workload_gitops_bootstrap: Simplify multi-tenancy config --- .../defaults/main.yml | 21 +++---------- .../tasks/remove_workload.yml | 6 ++-- .../tasks/set_application_paths.yml | 31 ------------------- .../tasks/workload.yml | 21 ++++++++++--- .../templates/application.yaml.j2 | 4 +-- 5 files changed, 25 insertions(+), 58 deletions(-) delete mode 100644 roles/ocp4_workload_gitops_bootstrap/tasks/set_application_paths.yml diff --git a/roles/ocp4_workload_gitops_bootstrap/defaults/main.yml b/roles/ocp4_workload_gitops_bootstrap/defaults/main.yml index e9e661d..54e84ad 100644 --- a/roles/ocp4_workload_gitops_bootstrap/defaults/main.yml +++ b/roles/ocp4_workload_gitops_bootstrap/defaults/main.yml @@ -2,26 +2,13 @@ ocp4_workload_gitops_bootstrap_repo_url: http://gitea:3000/user/bootstrap ocp4_workload_gitops_bootstrap_repo_revision: main -# Examples to support multi-tenancy: -# -# Example 1: Backwards compatibility. Deploys INFRA and N number of tenants -# ocp4_workload_gitops_bootstrap_application_name: 'bootstrap' -# ocp4_workload_gitops_bootstrap_repo_path: "" -# ocp4_workload_gitops_bootstrap_helm_values: -# user: -# count: 3 -# -# Example 2: Deploy ONLY the infra: -# ocp4_workload_gitops_bootstrap_application_name: 'bootstrap-infra' -# ocp4_workload_gitops_bootstrap_repo_path: infra -# -# Example 3: Deploy ONE tenant -# ocp4_workload_gitops_bootstrap_application_name: 'bootstrap-tenant-{{ guid }}' -# ocp4_workload_gitops_bootstrap_repo_path: tenant +ocp4_workload_gitops_bootstrap_tenant: false +ocp4_workload_gitops_bootstrap_tenant_name: "" ocp4_workload_gitops_bootstrap_application_name: bootstrap ocp4_workload_gitops_bootstrap_repo_path: "" -#'bootstrap-tenant-{{ guid }}' or 'bootstrap-infra' or 'bootstrap' + +ocp4_workload_gitops_bootstrap_application_project: default # We cannot do k8s_info on annotations, # so when deploying openshift_gitops, diff --git a/roles/ocp4_workload_gitops_bootstrap/tasks/remove_workload.yml b/roles/ocp4_workload_gitops_bootstrap/tasks/remove_workload.yml index 573d4e4..b65c81c 100644 --- a/roles/ocp4_workload_gitops_bootstrap/tasks/remove_workload.yml +++ b/roles/ocp4_workload_gitops_bootstrap/tasks/remove_workload.yml @@ -1,11 +1,9 @@ --- -- name: Set application paths and final application name - ansible.builtin.include_tasks: set_application_paths.yml - name: Remove bootstrap ArgoCD application kubernetes.core.k8s: api_version: argoproj.io/v1alpha1 kind: Application - name: "{{ ocp4_workload_gitops_bootstrap_final_application_name }}" + name: "{{ ocp4_workload_gitops_bootstrap_application_name }}" namespace: "{{ ocp4_workload_gitops_bootstrap_namespace }}" - state: absent \ No newline at end of file + state: absent diff --git a/roles/ocp4_workload_gitops_bootstrap/tasks/set_application_paths.yml b/roles/ocp4_workload_gitops_bootstrap/tasks/set_application_paths.yml deleted file mode 100644 index 8249e3f..0000000 --- a/roles/ocp4_workload_gitops_bootstrap/tasks/set_application_paths.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -- name: Set App paths for 'bootstrap', infra + tenants deployment scenario - when: ocp4_workload_gitops_bootstrap_application_name == 'bootstrap' - ansible.builtin.set_fact: - ocp4_workload_gitops_bootstrap_repo_path: "bootstrap" - -- name: Set App path for 'bootstrap-platform', platform only deployment scenario - when: ocp4_workload_gitops_bootstrap_application_name == 'bootstrap-platform' - ansible.builtin.set_fact: - ocp4_workload_gitops_bootstrap_repo_path: "platform/bootstrap" - -- name: Set App path for 'bootstrap-infra', infra only deployment scenario - when: ocp4_workload_gitops_bootstrap_application_name == 'bootstrap-infra' - ansible.builtin.set_fact: - ocp4_workload_gitops_bootstrap_repo_path: "infra/bootstrap" - -- name: "Set App path and name for 'bootstrap-tenant', infra only deployment scenario" - when: ocp4_workload_gitops_bootstrap_application_name == 'bootstrap-tenant' - ansible.builtin.set_fact: - ocp4_workload_gitops_bootstrap_repo_path: "tenant/bootstrap" - ocp4_workload_gitops_bootstrap_final_application_name: "bootstrap-tenant-{{ guid }}" - ocp4_workload_gitops_bootstrap_application_project_name: "tenants" - -- name: Set final_application_name to application_name if final_application_name is not set - when: ocp4_workload_gitops_bootstrap_final_application_name is not defined - ansible.builtin.set_fact: - ocp4_workload_gitops_bootstrap_final_application_name: "{{ ocp4_workload_gitops_bootstrap_application_name }}" - -- name: Report bootstrap final application name - ansible.builtin.debug: - msg: "Bootstrap final application name: {{ ocp4_workload_gitops_bootstrap_final_application_name }}" \ No newline at end of file diff --git a/roles/ocp4_workload_gitops_bootstrap/tasks/workload.yml b/roles/ocp4_workload_gitops_bootstrap/tasks/workload.yml index 3fd6963..df8c78c 100644 --- a/roles/ocp4_workload_gitops_bootstrap/tasks/workload.yml +++ b/roles/ocp4_workload_gitops_bootstrap/tasks/workload.yml @@ -13,8 +13,21 @@ ansible.builtin.debug: msg: "{{ _ocp4_workload_gitops_bootstrap_deployer_values | to_yaml }}" -- name: Set application paths and final application name - ansible.builtin.include_tasks: set_application_paths.yml +- name: Check if ArgoCD application already exists + kubernetes.core.k8s_info: + api_version: argoproj.io/v1alpha1 + kind: Application + name: "{{ ocp4_workload_gitops_bootstrap_application_name }}" + namespace: "{{ ocp4_workload_gitops_bootstrap_namespace }}" + register: _existing_application + +- name: Fail if ArgoCD application already exists + ansible.builtin.fail: + msg: >- + ArgoCD Application '{{ ocp4_workload_gitops_bootstrap_application_name }}' + already exists in namespace '{{ ocp4_workload_gitops_bootstrap_namespace }}'). + If you are running a tenant application, set a unique name. + when: _existing_application.resources | length > 0 - name: Create bootstrap ArgoCD application kubernetes.core.k8s: @@ -36,7 +49,7 @@ kubernetes.core.k8s_info: api_version: argoproj.io/v1alpha1 kind: Application - name: "{{ ocp4_workload_gitops_bootstrap_final_application_name }}" + name: "{{ ocp4_workload_gitops_bootstrap_application_name }}" namespace: openshift-gitops register: argocd_bootstrap retries: "{{ ocp4_workload_gitops_bootstrap_health_retries }}" @@ -62,7 +75,7 @@ api_version: argoproj.io/v1alpha1 kind: Application label_selectors: - - "app.kubernetes.io/instance={{ ocp4_workload_gitops_bootstrap_final_application_name }}" + - "app.kubernetes.io/instance={{ ocp4_workload_gitops_bootstrap_application_name }}" register: _all_apps delay: 10 retries: "{{ ocp4_workload_gitops_bootstrap_application_health_retries }}" diff --git a/roles/ocp4_workload_gitops_bootstrap/templates/application.yaml.j2 b/roles/ocp4_workload_gitops_bootstrap/templates/application.yaml.j2 index d2602d4..81a1360 100644 --- a/roles/ocp4_workload_gitops_bootstrap/templates/application.yaml.j2 +++ b/roles/ocp4_workload_gitops_bootstrap/templates/application.yaml.j2 @@ -2,12 +2,12 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: "{{ ocp4_workload_gitops_bootstrap_final_application_name }}" + name: "{{ ocp4_workload_gitops_bootstrap_application_name }}" namespace: {{ ocp4_workload_gitops_bootstrap_namespace }} finalizers: - resources-finalizer.argocd.argoproj.io spec: - project: "{{ ocp4_workload_gitops_bootstrap_application_project_name | default('default') }}" + project: "{{ ocp4_workload_gitops_bootstrap_application_project }}" source: repoURL: {{ ocp4_workload_gitops_bootstrap_repo_url }} targetRevision: {{ ocp4_workload_gitops_bootstrap_repo_revision }} From 03f26e9c0ff521c9046967065cfc19e23ccf2098 Mon Sep 17 00:00:00 2001 From: Juliano Mohr <1110178+juliaaano@users.noreply.github.com> Date: Mon, 16 Mar 2026 15:36:39 +0000 Subject: [PATCH 2/4] Remove tenant variables from gitops_bootstrap defaults --- roles/ocp4_workload_gitops_bootstrap/defaults/main.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/roles/ocp4_workload_gitops_bootstrap/defaults/main.yml b/roles/ocp4_workload_gitops_bootstrap/defaults/main.yml index 54e84ad..cedc4d5 100644 --- a/roles/ocp4_workload_gitops_bootstrap/defaults/main.yml +++ b/roles/ocp4_workload_gitops_bootstrap/defaults/main.yml @@ -2,9 +2,6 @@ ocp4_workload_gitops_bootstrap_repo_url: http://gitea:3000/user/bootstrap ocp4_workload_gitops_bootstrap_repo_revision: main -ocp4_workload_gitops_bootstrap_tenant: false -ocp4_workload_gitops_bootstrap_tenant_name: "" - ocp4_workload_gitops_bootstrap_application_name: bootstrap ocp4_workload_gitops_bootstrap_repo_path: "" From f161d05595ac1ef428f48a8a746ad0145d904e48 Mon Sep 17 00:00:00 2001 From: Juliano Mohr <1110178+juliaaano@users.noreply.github.com> Date: Mon, 16 Mar 2026 20:37:23 +0000 Subject: [PATCH 3/4] Add documentation to gitops_bootstrap application defaults --- roles/ocp4_workload_gitops_bootstrap/defaults/main.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/roles/ocp4_workload_gitops_bootstrap/defaults/main.yml b/roles/ocp4_workload_gitops_bootstrap/defaults/main.yml index cedc4d5..b5a3791 100644 --- a/roles/ocp4_workload_gitops_bootstrap/defaults/main.yml +++ b/roles/ocp4_workload_gitops_bootstrap/defaults/main.yml @@ -2,9 +2,17 @@ ocp4_workload_gitops_bootstrap_repo_url: http://gitea:3000/user/bootstrap ocp4_workload_gitops_bootstrap_repo_revision: main +# The name of the ArgoCD application to create for bootstrapping. +# If you are deploying a tenant application, this should be unique across all tenants. +# You should use "bootstrap-{{ guid }}" ocp4_workload_gitops_bootstrap_application_name: bootstrap + +# The path within the git repository where the ArgoCD application manifests are located. ocp4_workload_gitops_bootstrap_repo_path: "" +# The ArgoCD project to deploy the bootstrap application into. +# This is not the same as the git repo path. +# You should use "tenants" if deploying a tenant application. ocp4_workload_gitops_bootstrap_application_project: default # We cannot do k8s_info on annotations, From b3f25e356eb657af046ae58477dc757369a7a8df Mon Sep 17 00:00:00 2001 From: Juliano Mohr <1110178+juliaaano@users.noreply.github.com> Date: Tue, 17 Mar 2026 09:42:39 +0000 Subject: [PATCH 4/4] Add ArgoCD AppProject auto-creation for gitops_bootstrap --- .../tasks/workload.yml | 17 +++++++++++++++++ .../templates/appproject.yaml.j2 | 19 +++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 roles/ocp4_workload_gitops_bootstrap/templates/appproject.yaml.j2 diff --git a/roles/ocp4_workload_gitops_bootstrap/tasks/workload.yml b/roles/ocp4_workload_gitops_bootstrap/tasks/workload.yml index df8c78c..d340ab8 100644 --- a/roles/ocp4_workload_gitops_bootstrap/tasks/workload.yml +++ b/roles/ocp4_workload_gitops_bootstrap/tasks/workload.yml @@ -29,6 +29,23 @@ If you are running a tenant application, set a unique name. when: _existing_application.resources | length > 0 +- name: Ensure ArgoCD AppProject exists + when: ocp4_workload_gitops_bootstrap_application_project != 'default' + block: + - name: Check if ArgoCD AppProject exists + kubernetes.core.k8s_info: + api_version: argoproj.io/v1alpha1 + kind: AppProject + name: "{{ ocp4_workload_gitops_bootstrap_application_project }}" + namespace: openshift-gitops + register: _existing_appproject + + - name: Create ArgoCD AppProject + when: _existing_appproject.resources | length == 0 + kubernetes.core.k8s: + state: present + template: appproject.yaml.j2 + - name: Create bootstrap ArgoCD application kubernetes.core.k8s: state: present diff --git a/roles/ocp4_workload_gitops_bootstrap/templates/appproject.yaml.j2 b/roles/ocp4_workload_gitops_bootstrap/templates/appproject.yaml.j2 new file mode 100644 index 0000000..f72d163 --- /dev/null +++ b/roles/ocp4_workload_gitops_bootstrap/templates/appproject.yaml.j2 @@ -0,0 +1,19 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + name: "{{ ocp4_workload_gitops_bootstrap_application_project }}" + namespace: openshift-gitops +spec: + description: "Auto-created project for {{ ocp4_workload_gitops_bootstrap_application_project }}" + sourceRepos: + - '*' + destinations: + - namespace: '*' + server: '*' + clusterResourceWhitelist: + - group: '*' + kind: '*' + namespaceResourceWhitelist: + - group: '*' + kind: '*'