Root app
Root application on hub-dc reconciles the platform repo and ApplicationSets.
GitOps
Desired-state ownership and update flow
Use GitOps as the fleet contract. Live edits should either be deliberate break-glass fixes or short-lived remediation that is reconciled back into desired state.
Repositories
Boundaries
| Path | Role | Notes |
|---|---|---|
lab-gitops-full/ | Platform desired state | Operators, storage, ACM, OADP, service mesh, policies, dashboards, cluster overlays, and platform cleanup commits. |
lab-workloads/ | Application workload source | Non-platform app bases. Source-only bases are inert until a cluster overlay references them. |
lab-gitops/ | Bootstrap context | Bootstrap-only reference copied from ocp-bootstrap. Do not treat it as the live desired-state source. |
Argo CD
Recorded app model
Cluster config apps
Each cluster has a cluster-config Application. Local spoke Argo status is authoritative for managed-pull spoke apps.
Workload app
hub-dc-workloads points at lab-workloads and deploys only referenced workload overlays.
Current repo facts
Recent boundaries enforced
demo-orderswas removed fromlab-workloadsand inactive Kafka fixtures were removed fromlab-gitops-full.- AMQ Streams, Streams Console, and Apicurio Registry were removed from live spoke desired state.
- Hub storage-light work removed ODF/NooBaa, Pipelines, logging, tracing, MinIO/Loki/Tempo, and observability stacks from hubs while retaining LVMS and RHACS.
lab-gitops-full/CHANGELOG.mdmust be updated when desired-state changes occur.
Validation
Expected checks after changes
oc kustomize lab-gitops-full/clusters/hub-dc
oc kustomize lab-gitops-full/clusters/hub-dr
oc kustomize lab-gitops-full/clusters/spoke-dc
oc kustomize lab-gitops-full/clusters/spoke-dr
oc kustomize lab-workloads/clusters/spoke-dc
oc kustomize lab-workloads/clusters/spoke-drFor live validation, check Argo CD sync and health on the specific cluster that owns the Application. Avoid assuming the hub-side status artifact is authoritative for managed-pull spokes.