ArgoCD: Kubernetes native GitOps continuous delivery system
What is Argo CD?
Argo CD is a Kubernetes-native open source project that provides a declarative, GitOps continuous delivery (CD) system. Argo CD was created by the Argo community and Intuit and it supports a variety of configuration management tools, including Kustomize and Helm. Now, Argo CD is a CNCF project.
Argo CD was born out of the need to create a tool and an environment that would allow development teams to become productive rapidly, without having to become Kubernetes experts and without needing full access to the Kubernetes system. Since Argo CD addresses a common problem in the industry, Inuit decided to make the project open source.
It can be implemented as a Kubernetes controller for monitoring running applications to verify that the live state matches the desired state, as defined in Git version control.
Argo CD makes running applications in Kubernetes easier and helps developers to increase their productivity.
Argo CD’s key features
- Manual or automatic deployment of applications to a Kubernetes cluster.
- Automatic or manual syncing of applications to its desired state.
- Web user interface and command-line interface (CLI).
- CLI for automation and CI integration.
- Ability to visualize deployment issues, detect and remediate configuration drift.
- Role-based access control (RBAC) enabling multi-cluster management.
- Single sign-on (SSO) with providers such as GitLab, GitHub, OAuth2, OIDC, LDAP, and SAML 2.0.
- Webhook integration with GitHub, BitBucket or GitLab
- Automated deployment of applications to specified target environments
- Support for multiple config management/templating tools (Kustomize, Helm, Ksonnet, Jsonnet, plain-YAML)
- Ability to manage and deploy to multiple clusters
- Rollback/Roll- anywhere to any application configuration committed in Git repository
- Health status analysis of application resources
- Access tokens for automation
- PreSync, Sync, PostSync hooks to support complex application rollouts (e.g. blue/green & canary upgrades)
- Audit trails for application events and API calls
- Prometheus integration
- Parameter overrides for overriding ksonnet/helm parameters in Git
How does Argo CD work?
Argo CD follows the GitOps pattern of using Git repositories as the source of truth for defining the desired application state. You can specify application configuration using several types of Kubernetes manifests such as:
- kustomize applications
- helm charts
- ksonnet applications
- jsonnet files
- plain directory of YAML/json manifests
- any custom configuration management tool as a plugin
Argo CD automates the deployment of the desired state of an application in a specified target environment. Updates are traceable as tags, branches, or pinned specific versions of a manifest at Git commits.
Argo CD acts as a Kubernetes controller that monitors all running applications comparing the live state with the desired state, as defined in Git.
When an application’s live state and the desired state differ, the app is identified as OutOfSync and the differences are reported allowing for the live state to be synced automatically or manually in order to match the desired state. Furthermore, any changes made to the “single source of truth” can automatically be applied to the target environments. It enables developers to manage both infrastructure configuration and application updates in one system.
Two ways of doing declarative continuous delivery are the Pull model and the Push model.
The CD system (Argo CD) continuously monitors and updates the application’s state on the Kubernetes cluster to the target state defined in Git.
A user initiates the update from an external system using a CI pipeline.
Argo CD supports both GitOps models to sync target environments with desired application state.
GitOps with Argo CD
GitOps is an operating model for Cloud Native technologies that is built around the developer experience. It takes DevOps best practices (e.g. version control, collaboration, compliance, CI/CD) to automate infrastructure and management of application configurations.
GitOps uses a Git repository as its single source of truth. Teams commit declarative configurations into Git, and these configurations are used to create environments needed for the continuous delivery process.
The need to manage Kubernetes clusters and application delivery declaratively is what is driving GitOps on Kubernetes. And the lack of a purpose-built enterprise toolset for GitOps on Kubernetes is what led to the development of ArgoCD.
GitOps uses Git pull requests to manage infrastructure provisioning and deployment automatically. When a new version of a configuration is introduced via pull request, this is merged with the main branch in the Git repository, and then the new version is deployed automatically.
Kubernetes controllers resolve the changes required to cluster resources, until the desired configuration is reached. Argo CD monitors progress and reports that the application is in sync, when the Kubernetes cluster is ready. It also monitors changes in the Kubernetes cluster and discards them if they are not a match to the current configuration in Git.
The latest release of OpenShift GitOps offers the powerful pull request generator. Whenever there is a pull request in the GitHub repository associated with this generator, it creates an Argo CD application reflecting the changes in the pull request. This automation is especially useful to help you check how the change looks in your environment before merging the change into the parent branch.
The Git repository contains a full record of all changes, including all details of the environment at every stage of the process.
Argo CD handles the latter stages of the GitOps process, ensuring that new configurations are correctly deployed onto a Kubernetes cluster.
Argo CD - Components
A gRPC/REST API server exposes the API that components such as the CLI and Web UI consume. It is responsible for:
- Managing applications and reports status
- Invoking app operations such as user-specified actions, sync, and rollback
- Managing cluster and repository credentials stored as Kubernetes secrets
- Authenticating and delegating authorization to third-party identity providers
- Enforcing RBAC policies
- Listening and forwarding Git webhook events
Internal Repository Service:
This component caches the Git repository locally, storing the application manifests. The repository server generates Kubernetes manifests and returns them based on inputs such as the repository URL, application path, revisions (i.e., commits, tags, branches), and any template-specific settings (i.e., Helm values, Ksonnet environments, etc.).
A Kubernetes controller that is constantly monitoring applications, comparing the desired state specified in the Git repository with the current state of each application. It identifies when an application is OutOfSync and is able to correct it where specified. It invokes hooks defined by the user for application lifecycle events such as PreSync, Sync, and PostSync.
Argo CD has a variety of features that “traditional” CI/CD systems don’t as well as native integration with Kubernetes making it an ultimate GitOps tool for modern infrastructure.
One thing worth mentioning is that with ArgoCD you cannot run regular pipelines that execute tests or arbitrary scripts. For that purpose there is Argo Workflows which can be just as easily installed onto Kubernetes.
To conclude, Argo CD is perhaps the best solution if you want to build GitOps for multiple Cloud Native applications with Kubernetes and maintain control over users’ access and application synchronization settings. Its Multi-tenancy and multi-cluster features come very handy, especially for larger companies. Last but not least, Argo has a modern web UI allowing users to see the status of application deployments in real time and administrators to manage projects and access.