Kubernetes GitOps with ArgoCD: A 2021 Deep Dive

Posted byRamasankarPosted inUncategorizedTags:, , , ,

Introduction

2021 saw GitOps emerge as a leading practice for Kubernetes deployments, with ArgoCD becoming the de facto tool for implementation. Let’s explore how to implement GitOps effectively using ArgoCD in Kubernetes.

What is GitOps?

GitOps is a declarative approach to Kubernetes cluster management and application delivery where:

  • Git repository is the single source of truth
  • Desired state is described in YAML manifests
  • Changes are automatically synchronized
  • Drift detection and remediation are automated

Setting Up ArgoCD

1. Installation

# Install ArgoCD in k8s cluster
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.1.0/manifests/install.yaml

2. Basic Application Deployment

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: my-app
  namespace: argocd
spec:
  project: default
  source:
    repoURL: https://github.com/my-org/my-app.git
    targetRevision: HEAD
    path: k8s
  destination:
    server: https://kubernetes.default.svc
    namespace: my-app
  syncPolicy:
    automated:
      prune: true
      selfHeal: true

GitOps Best Practices

1. Repository Structure

├── base
│   ├── deployment.yaml
│   ├── service.yaml
│   └── kustomization.yaml
├── overlays
│   ├── development
│   │   └── kustomization.yaml
│   └── production
│       └── kustomization.yaml

2. Environment Management with Kustomize

# base/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
  - deployment.yaml
  - service.yaml

# overlays/production/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
bases:
  - ../../base
patches:
  - path: production-values.yaml

Advanced Features

1. Sync Strategies

syncPolicy:
  automated:
    prune: true
    selfHeal: true
  syncOptions:
    - CreateNamespace=true
    - PrunePropagationPolicy=foreground
    - PruneLast=true

2. Health Checks

spec:
  health:
    healthCheckPath: /health
    healthCheckTimeout: 60s
    healthyThreshold: 1
    unhealthyThreshold: 3

Security Considerations

1. RBAC Configuration

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: argocd-role
rules:
- apiGroups: ["apps"]
  resources: ["deployments"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]

2. Secrets Management

apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
  name: mysecret
spec:
  encryptedData:
    API_KEY: AgBy8hCK8...

Monitoring and Observability

1. Prometheus Integration

apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  name: argocd-metrics
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: argocd-metrics
  endpoints:
  - port: metrics

2. Logging Configuration

apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-cm
data:
  logging.level: debug
  logging.format: json

Performance Optimization

1. Resource Management

spec:
  template:
    spec:
      containers:
      - name: application
        resources:
          requests:
            memory: "64Mi"
            cpu: "250m"
          limits:
            memory: "128Mi"
            cpu: "500m"

2. Sync Wave Control

metadata:
  annotations:
    argocd.argoproj.io/sync-wave: "2"

Disaster Recovery

1. Backup Configuration

apiVersion: velero.io/v1
kind: Backup
metadata:
  name: argocd-backup
spec:
  includedNamespaces:
  - argocd
  storageLocation: default
  volumeSnapshotLocations:
  - default

Best Practices for Production

  1. Version Control:
    • Use semantic versioning
    • Tag releases properly
    • Maintain changelog
  2. Application Structure:
    • Separate config from code
    • Use Helm or Kustomize
    • Implement progressive delivery
  3. Security:
    • Implement RBAC
    • Use sealed secrets
    • Regular security audits
  4. Monitoring:
    • Set up alerts
    • Monitor sync status
    • Track deployment metrics

Common Challenges and Solutions

  1. Multi-Cluster Management:
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
  name: multi-cluster
spec:
  destinations:
  - namespace: '*'
    server: https://cluster1.example.com
  - namespace: '*'
    server: https://cluster2.example.com

2. Private Repository Access:

apiVersion: v1
kind: Secret
metadata:
  name: private-repo
  namespace: argocd
stringData:
  url: https://github.com/my-org/private-repo
  password: <token>

79 words

clearHumanize AI

Conclusion
GitOps with ArgoCD in 2021 marked a radical shift in organizations’ way of handling their Kubernetes deployments. The key takeaways include:

  • Improved security through declarative configuration
  • Better auditing and compliance
  • Automated drift detection and correction
  • Simplified rollback procedures
  • Enhanced collaboration through Git workflows

For organizations looking to implement GitOps:

  1. Start with a simple application
  2. Gradually expand to more complex scenarios
  3. Implement proper security measures
  4. Set up comprehensive monitoring
  5. Train teams on GitOps practices

The future of Kubernetes deployments is increasingly GitOps-driven, and the tooling and best practices will be led by ArgoCD.

Hope you enjoyed the post.

Cheers

Ramasankar Molleti

LinkedIn

Published by Ramasankar

As a Principal Cloud Architect with over 18 years of experience, I am dedicated to revolutionizing IT landscapes through cutting-edge cloud solutions. My expertise spans Cloud Architecture, Security Architecture, Solution Design, Cloud Migration, Database Transformation, Development, and Big Data Analytics.Currently, I spearhead cloud initiatives with a focus on Infrastructure, Containerization, Security, Big Data, Machine Learning, and Artificial Intelligence. I collaborate closely with development teams to architect, build, and manage robust cloud ecosystems that drive business growth and technological advancement.Core Competencies: • Cloud Platforms: AWS, Google Cloud Platform, Microsoft Azure • Technologies: Kubernetes, Serverless Computing, Microservices • Databases: MS SQL Server, PostgreSQL, Oracle, MongoDB, Amazon Redshift, DynamoDB, Aurora • Industries: Finance, Retail, Manufacturing. Throughout my career, I’ve had the privilege of working with industry leaders such as OCC, Gate Gourmet, Walgreens, and Johnson Controls, gaining invaluable insights across diverse sectors.As a lifelong learner and knowledge sharer, I take pride in being the first in my organization to complete all major AWS certifications. I am passionate about mentoring and guiding fellow professionals in their cloud journey, fostering a culture of continuous learning and innovation.Let’s connect and explore how we can leverage cloud technologies to transform your business: • LinkedIn: https://www.linkedin.com/in/ramasankar-molleti-23b13218/ • Book a mentorship session: [1:1] Together, let’s architect the future of cloud computing and drive technological excellence. Disclaimer The views expressed on this website/blog are mine alone and do not reflect the views of my company. All postings on this blog are provided “AS IS” with no warranties, and confers no rights. The owner of https://ramasankarmolleti.com will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information.

Leave a comment