Tetrate Service BridgeVersion: 1.6.xGitOps
This document describes how to configure the GitOps integration for Tetrate Service Bridge (TSB). GitOps integration in TSB allows you to integrate with the lifecycle of application packaging and deployment and the different Continuous Deployment (CD) Systems.
This document assumes that you already have working knowledge of configuring GitOps CD systems, such as FluxCD or ArgoCD.
How it works
Once enabled in an Application cluster, the CD System will be able to apply the TSB configurations in it, which then will be pushed to the TSB Management Plane.
Enabling GitOps
The GitOps component can be configured through ControlPlane CR or Helm values for each cluster.
Following is an example of custom resource YAML that enables GitOps for a
demo cluster, which Control Plane is deployed in the istio-system
namespace. If you use Helm, you can update spec section of the control plane Helm values.
kubectl edit -n istio-system controlplane/controlplane
spec:
components:
...
gitops:
enabled: true
reconcileInterval: 600s
Setting enabled: true is what activates GitOps for that cluster.
Every time resources are applied by the CD system to the application cluster,
the TSB GitOps component will push them to the Management Plane. Additionally,
there is a periodic reconciliation process that ensures the application cluster
remains the source of truth, and periodically pushes the information in it. The
reconcileInterval attribute can be used to customize the interval at which
the background reconciliation process runs. Further details and additional configuration
options can be found in the GitOps component reference.
In order to allow the Application cluster push the configurations to the Management Plane, permissions need to be granted to the cluster service account. This can be easily done as follows:
tctl x gitops grant <cluster-name>
When enabling GitOps, it is highly recommended to configure user permissions in a way that regular users only have READ access to the TSB configurations. This will help ensure that only the configured cluster service account can manage configuration.
This will grant permission to push configurations to the entire organization. If you want to further constrain where the cluster service account can push configurations, please take a look at the command documentation:
tctl x gitops grant --help
After applying the changes to the ControlPlane CR, the TSB operator will
activate the feature for the cluster and it will start reacting to the applied
TSB K8s resources.
Monitoring GitOps health
The GitOps integration provides metrics and detailed logs that can be used to monitor the health of the different components involved in the GitOps process:
- The GitOps metrics provide insights about the latency experienced when sending configurations to the Management Plane, error rates, etc.
- The
tsb-operator-control-planeprovides thegitopslogger that can be enabled at debug level to get detailed log messages from the different components that are part of the GitOps configuration propagation.