×

You can use infrastructure nodes to prevent additional billing cost against subscription counts.

You can use the OpenShift Container Platform to run certain workloads on infrastructure nodes installed by the Red Hat OpenShift GitOps Operator. This comprises the workloads that are installed by the Red Hat OpenShift GitOps Operator by default in the openshift-gitops namespace, including the default Argo CD instance in that namespace.

Any other Argo CD instances installed to user namespaces are not eligible to run on infrastructure nodes.

Moving GitOps workloads to infrastructure nodes

You can move the default workloads installed by the Red Hat OpenShift GitOps to the infrastructure nodes. The workloads that can be moved are:

  • kam deployment

  • cluster deployment (backend service)

  • openshift-gitops-applicationset-controller deployment

  • openshift-gitops-dex-server deployment

  • openshift-gitops-redis deployment

  • openshift-gitops-redis-ha-haproxy deployment

  • openshift-gitops-repo-sever deployment

  • openshift-gitops-server deployment

  • openshift-gitops-application-controller statefulset

  • openshift-gitops-redis-server statefulset

Procedure
  1. Label existing nodes as infrastructure by running the following command:

    $ oc label node <node-name> node-role.kubernetes.io/infra=
  2. Edit the GitOpsService custom resource (CR) to add the infrastructure node selector:

    $ oc edit gitopsservice -n openshift-gitops
  3. In the GitOpsService CR file, add runOnInfra field to the spec section and set it to true. This field moves the workloads in openshift-gitops namespace to the infrastructure nodes:

    apiVersion: pipelines.openshift.io/v1alpha1
    kind: GitopsService
    metadata:
      name: cluster
    spec:
      runOnInfra: true
  4. Optional: Apply taints and isolate the workloads on infrastructure nodes and prevent other workloads from scheduling on these nodes.

    $ oc adm taint nodes -l node-role.kubernetes.io/infra
    infra=reserved:NoSchedule infra=reserved:NoExecute
  5. Optional: If you apply taints to the nodes, you can add tolerations in the GitOpsService CR:

    spec:
      runOnInfra: true
      tolerations:
      - effect: NoSchedule
        key: infra
        value: reserved
      - effect: NoExecute
        key: infra
        value: reserved

To verify that the workloads are scheduled on infrastructure nodes in the Red Hat OpenShift GitOps namespace, click any of the pod names and ensure that the Node selector and Tolerations have been added.

Any manually added Node selectors and Tolerations in the default Argo CD CR will be overwritten by the toggle and the tolerations in the GitOpsService CR.

Additional resources