WRITELOOP

NOTES ON ARGOCD

2021 December 21

  • On Jenkins, e.g., you would have to configure kubectl and credentials to allow to do a kubectl apply on a k8s cluster. That is a ginormous work, and may result in security holes. That way, you would also have to think on how to make Jenkins understand the deploy ran successfully on the cluster.

  • ArgoCD is installed on the cluster. ArgoCD is installed on the cluster, listens to a github repository, and when a change occurs, it applies it to the cluster (this is the “gitops” concept).

  • Application code and configuration as a best practice should be on separate repositories.

  • ArgoCD supports k8s yaml files, helm charts, kustomize and template files that generate k8s manifests.

  • ArgoCD allows separation from the CI and CD pipelines. The CI pipeline can build an image, upload it to a registry and update a k8s manifest file on a gitops repo. That way, ArgoCD can detect the gitops repo change and trigger the CD pipeline.

  • Whatever is done manually on kubectl gets reverted, since the git repository Argo listens is the single source of truth. ALTHOUGH you can configure ArgoCD to not override manual changes, but to send an alert and stay out-of-sync until the manual changes are applied to the gitops repository.

  • Benefits:

    • You indirectly manage cluster permissions through git.
    • You don’t have to manage cluster permissions outside the cluster (Jenkins etc. do not need permissions on the cluster)
    • ArgoCD uses existing k8s components, so, it has visibility on the cluster
    • The git repository contains the cluster desired state, k8s has the cluster actual state. ArgoCD is the agent that make sure that both (git repository state and k8s cluster state) are always in sync.

  • ArgoCD is deployed on the cluster.

  • ArgoCD is configured on the cluster with k8s YAML file.

  • You can group applications into “AppProjects”.

  • TODO: Ver o conceito de “CRD” no k8s (ArgoCD is installed as a CRD on the cluster)

  • 1 ArgoCD instance is able to sync more than one (a “fleet”) of k8s clusters

  • Best practice to work with multiple clusters:

  • 1 Git repository,

  • do not deploy to all environments at once (1st development, then staging, then production). How?

    • one branch per environment
    • OR “using overlays with kustomize”

  • ArgoCD is specific for k8s. You will need a CI tool, and another CD tool if you are not on k8s.

  • (this video has a practical HOWTO on how to install and configure ArgoCD)

  • ArgoCD features that are not enabled by default (probably as a safety measure):

    • Automatic sync
    • Automatic pruning
    • Automatic self-healing They can be enabled on the application.yaml, which has the ArgoCD configuration, under the section “syncPolicy”

  • By default, ArgoCD will poll the git repository every 3 minutes for changes. If you want it sooner, you can configure a git webhook.

TAGS

ARGOCD GITOPS KUBERNETES
NOTE: The original content(s) that inspired this one can be found at:
https://www.youtube.com/watch?v=MeU5_k9ssrs
All copyright and intellectual property of each one belongs to its' original author.