You can use infrastructure nodes to isolate infrastructure workloads for two primary purposes:

  • Prevent incurring billing costs against subscription counts.

  • Separate maintenance and management.

Adding infrastructure nodes

  1. Label existing nodes as infrastructure by running the following command:

    $ oc label node <node-name> node-role.kubernetes.io/infra=
  2. Edit the GitOpsService Custom Resource (CR) to add the infrastructure node selector:

    $ oc edit gitopsservice -n openshift-gitops
  3. In the GitOpsService CR file, add runOnInfra toggle to the spec section and set it to true:

    apiVersion: pipelines.openshift.io/v1alpha1
    kind: GitopsService
      name: cluster
      runOnInfra: true
  4. Optional: Apply taints and isolate the workloads on infrastructure nodes and prevent other workloads from scheduling on these nodes.

    $ oc adm taint nodes -l node-role.kubernetes.io/infra
    infra=reserved:NoSchedule infra=reserved:NoExecute
  5. Optional: If you apply taints to the nodes, you can add tolerations in the GitOpsService CR:

      runOnInfra: true
      - effect: NoSchedule
        key: infra
        value: reserved
      - effect: NoExecute
        key: infra
        value: reserved

To verify that the workloads are scheduled on infrastructure nodes in the Red Hat OpenShift GitOps namespace, click any of the pod names and ensure that the Node selector and Tolerations have been added.

Any manually added Node selectors and Tolerations in the default Argo CD CR will be overwritten by the toggle and the tolerations in the GitOpsService CR.