Skip to content
/ platform_automation_hcp_rhos Public

Automate e2e platform config and app deployments of VM or containers using desired state gitops

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mwright-pivotal/platform_automation_hcp_rhos

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

108 Commits
apps
apps
 
 
infra
infra
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 

Repository files navigation

E2E Platform GitOps with ILM and SLM on bare metal infra

This repository explores an alternative platform for managing, operating a VM and Container platform along with automation to manage the App workloads using a Windows VM example, and an AI/Computer Vision container based workload with dependence on GPU resources.

The method of delivery intends to highlight Infrastructure Lifecycle Management (ILM) and Security Lifecycle Management (SLM) right from the beginning. Also we want to not just focus on modern custom applications as it assumes some enterprises have built up methodologies for modern custom apps already, but legacy and COTs VM based workloads are often left behind.

If we are to consider investing in alternative virtualization platforms for private datacenter, then we want to drive better business outcomes than what has been achieved with the incumbent platform. Examples of business outcomes to improve upon are addressing Cyber Materiality, Reduction of monolithic vendor/Concentration Risk, Policy Driven Private Cloud Cost Containment.

This process leverages desired state, GitOps to apply infrastructure as code for Day 0 - Day 2 platform operations as well as basics of DevSecOps for managing application deployments.

High level recipe

  1. 3 on-prem, physical hosts with NVidia GPU (optional), 2 disk partitions
  2. Basic flat network, with egress outbound only to public internet
  3. Access to Redhat Hybrid Cloud Console and Hashicorp Cloud Platform
    a. console.redhat.com
    b. portal.cloud.hashicorp.com
  4. Use Redhat Hybrid Cloud to define a new, vanilla Openshift Cluster and generate bootstrap images for bare metal hosts
  5. Onboard newly discovered hosts and assign to cluster with dual role, Controlplane and Worker roles
  6. Deploy HCP Terraform Operator into newly formed Cluster from Redhat console
  7. Configure HCP org and workspace to leverage new TF Agent Pool by default
  8. Configure HCP Terraform workspace to trigger from VCS, referencing a fork of this repo.
    a. deploys clustered filesystem using Rook Ceph
    b. adds NVidia GPU Operator and drivers
  9. Use Packer and HCP Packer registry to manage VM image build pipelines and Vulerability Patch Management
  10. Use HCP Vault Radar to ensure no secrets are leaked
  11. Use HCP Vault to manage platform secrets
  12. Use HCP Vault to manage credentials in a Windows VM

Screenshots image
image
image
image

About

Automate e2e platform config and app deployments of VM or containers using desired state gitops

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages