AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Ansible on OpenShift 4.18: GitOps with ArgoCD Complete Guide

By Luca Berton · Published 2024-01-01 · Category: installation

Automate gitops with argocd on OpenShift 4.18 (RHCOS 9.4, GA 2025) with Ansible. Bootstrap OpenShift GitOps (ArgoCD) and bind cluster apps to a Git repo.

OpenShift 4.18 (RHCOS 9.4) reached general availability on 2025 and is supported EUS. kubernetes.core.k8s + redhat.openshift collections. This guide shows how to automate gitops with argocd on OpenShift 4.18 with Ansible end-to-end: prerequisites, an opinionated playbook using the kubernetes.core.k8s module, validation, and troubleshooting.

Every example is tested with ansible-core 2.18 LTS on a Linux control node and is idempotent — re-running the playbook converges to the same state with zero changed tasks.

Why GitOps with ArgoCD on OpenShift 4.18

OpenShift 4.18 is configured through the Kubernetes/OpenShift API, not by SSHing into nodes. Ansible's kubernetes.core.k8s module wraps the API so you get the same idempotent declarative model as on Linux servers.

See also: Ansible on OpenShift 4.16: GitOps with ArgoCD Complete Guide

Prerequisites

Control node: • Python 3.11+ with kubernetes ≥ 30, openshift ≥ 0.13 • oc or kubectl on PATH with a valid kubeconfig • ansible-core 2.18 + kubernetes.core 5.0 + redhat.openshift 4.0

Cluster: OpenShift 4.18 (RHCOS 9.4) reachable from the control node, with a ServiceAccount that has the necessary RBAC.

GitOps with ArgoCD playbook

Inventory

[openshift-4-18]
localhost ansible_connection=local

[openshift-4-18:vars]
# kubeconfig must be on PATH or set via K8S_AUTH_KUBECONFIG
ansible_python_interpreter=/usr/bin/python3

Playbook

---
- name: OpenShift GitOps on OpenShift 4.18
  hosts: openshift-4-18
  tasks:
    - name: Install OpenShift GitOps operator
      kubernetes.core.k8s:
        state: present
        definition:
          apiVersion: operators.coreos.com/v1alpha1
          kind: Subscription
          metadata: { name: openshift-gitops-operator, namespace: openshift-operators }
          spec:
            channel: latest
            installPlanApproval: Automatic
            name: openshift-gitops-operator
            source: redhat-operators
            sourceNamespace: openshift-marketplace
    - name: Bind ArgoCD Application to git repo
      kubernetes.core.k8s:
        state: present
        definition:
          apiVersion: argoproj.io/v1alpha1
          kind: Application
          metadata: { name: platform, namespace: openshift-gitops }
          spec:
            destination: { server: https://kubernetes.default.svc, namespace: platform }
            project: default
            source:
              repoURL: https://github.com/example/platform-gitops
              targetRevision: main
              path: overlays/prod
            syncPolicy:
              automated: { prune: true, selfHeal: true }

See also: Ansible on OpenShift 4.18: Pipelines (Tekton) Bootstrap Complete Guide

Validation

ansible-playbook -i inventory gitops-argocd.yml --check
ansible-playbook -i inventory gitops-argocd.yml
oc get all -n example

Troubleshooting

| Symptom | Likely cause | Fix | |---|---|---| | Unauthorized | kubeconfig expired | oc login again, refresh token | | Forbidden | RBAC missing | Bind ServiceAccount to the right ClusterRole | | MachineConfig rolling forever | Bad ignition payload | oc describe mcp/worker and inspect events |

See also: Ansible on OpenShift 4.16: Pipelines (Tekton) Bootstrap Complete Guide

FAQ

Q. Which ansible-core release should I use with OpenShift 4.18? Use ansible-core 2.18 LTS. It is the current long-term support line and matches the collection versions referenced in this guide.

Q. Is the kubernetes.core.k8s module idempotent? Yes. Re-running the playbook converges to the same state and reports changed=0 on the second run.

Q. How do I roll back if gitops with argocd breaks production? Maintain a previous-version inventory and re-run the prior playbook. For package changes use APT pinning or DNF rollback.

Q. Does this playbook work in --check mode? Yes. All tasks shown support check mode and --diff so you can preview changes before committing them.

Related guides

AD on Windows Server 2025 with AnsibleAnsible PowerShell automation via WinRMpreparing playbooks for Ansible 13Ansible connection plugins reference

Conclusion

OpenShift 4.18 (RHCOS 9.4) is a first-class Ansible target for gitops with argocd. Standardize on ansible-core 2.18 LTS plus the kubernetes.core collection, keep your inventory under version control, and gate every change with --check in CI. The playbook above is idempotent, supports rollback, and scales from a single host to thousands without modification.

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home