Skip to main content
Version: 1.5.x

GitOps

This document describes how to configure the GitOps integration for Tetrate Service Bridge (TSB). GitOps integration in TSB allows you to integrate with the lifecycle of application packaging and deployment and the different Continuous Deployment (CD) Systems.

This document assumes that you already have working knowledge of configuring GitOps CD systems, such as FluxCD or ArgoCD.

How it works

Once enabled in an Application cluster, the CD System will be able to apply the TSB configurations in it, which then will be pushed to the TSB Management Plane.

Enabling GitOps

The GitOps component can be configured through Control Plane custom resources in each cluster.

Following is an example of custom resource YAML that enables GitOps for a demo cluster, which Control Plane is deployed in the istio-system namespace.

$ kubectl edit -n istio-system controlplane/controlplane
apiVersion: install.tetrate.io/v1alpha1
kind: ControlPlane
metadata:
name: controlplane
namespace: istio-system
...
spec:
components:
...
gitops:
enabled: true
reconcileInterval: 600s

Setting enabled: true is what activates GitOps for that cluster.

Every time resources are applied by the CD system to the application cluster, the TSB GitOps component will push them to the Management Plane. Additionally, there is a periodic reconciliation process that ensures the application cluster remains the source of truth, and periodically pushes the information in it. The reconcileInterval attribute can be used to customize the interval at which the background reconciliation process runs. Further details and additional configuration options can be found in the GitOps component reference.

In order to allow the Application cluster push the configurations to the Management Plane, permissions need to be granted to the cluster service account. This can be easily done as follows:

$ tctl x gitops grant demo
note

When enabling GitOps, it is highly recommended to configure user permissions in a way that regular users only have READ access to the TSB configurations. This will help ensure that only the configured cluster service account can manage configuration.

This will grant permission to push configurations to the entire organization. If you want to further constrain where the cluster service account can push configurations, please take a look at the command documentation:

$ tctl x gitops grant --help

After applying the changes to the Control Plane CR, the TSB operator will activate the feature for the cluster and it will start reacting to the applied TSB K8s resources.

Monitoring GitOps health

The GitOps integration provides metrics and detailed logs that can be used to monitor the health of the different components involved in the GitOps process:

  • The GitOps metrics provide insights about the latency experienced when sending configurations to the Management Plane, error rates, etc.
  • The tsb-operator-control-plane provides the gitops logger that can be enabled at debug level to get detailed log messages from the different components that are part of the GitOps configuration propagation.