Argo CD
GitOps continuous delivery tool for Kubernetes
Argo CD is a declarative continuous delivery tool for Kubernetes applications. It uses the GitOps style to create and manage Kubernetes clusters. When any changes are made to the application configuration in Git, Argo CD will compare it with the configurations of the running application and notify users to bring the desired and live state into sync.Argo is a graduated CD project of Cloud Native Computing Foundation (CNCF).
Architecture of Argo CD
Argo CD is implemented as a kubernetes controller which continuously monitors running applications and compares the current, live state against the desired target state (as specified in the Git repo). A deployed application whose live state deviates from the target state is considered OutOfSync. Argo CD reports & visualizes the differences, while providing facilities to automatically or manually sync the live state back to the desired target state. Any modifications made to the desired target state in the Git repo can be automatically applied and reflected in the specified target environments.Argo CD control plane consists of three essential components- Application Controller, API Server, and Repository Service.
Application Controller
The application controller is a Kubernetes controller responsible for monitoring applications in the running environment with the desired state configured in Git. It detects out-of-sync status between the running environment and Git and notifies DevOps engineers.
Repository Server
The repository server of Argo CD is an internal service that maintains a local cache of the Git repo. On providing the input, such as repository URL, Git revisions( branch, tags), application path, and template-specific settings, the server generates Kubernetes manifests.
API Server
The API server is the gRPC/REST server, which provides API endpoints to Argo web UI and CLI, and other CI/CD systems. The APIs are primarily used to carry out functionalities such as application deployment and management, executing rollback or any user-defined actions, storing K8S cluster credentials, handling AuthN/Z for security and compliance, etc.
Features
- Automated deployment of applications to specified target environments
- Support for multiple config management/templating tools (Kustomize, Helm, Jsonnet, plain-YAML)
- Ability to manage and deploy to multiple clusters
- SSO Integration (OIDC, OAuth2, LDAP, SAML 2.0, GitHub, GitLab, Microsoft, LinkedIn)
- Multi-tenancy and RBAC policies for authorization
- Rollback/Roll-anywhere to any application configuration committed in Git repository
- Health status analysis of application resources
- Automated configuration drift detection and visualization
- Automated or manual syncing of applications to its desired state
- Web UI which provides real-time view of application activity
- CLI for automation and CI integration
- Webhook integration (GitHub, BitBucket, GitLab)
- Access tokens for automation
- PreSync, Sync, PostSync hooks to support complex application rollouts (e.g.blue/green & canary upgrades)
- Audit trails for application events and API calls
- Prometheus metrics
- Parameter overrides for overriding helm parameters in Git.
Advantages Of Using ArgoCD With Kubernetes
Faster Update Directly in Cluster : ArgoCD compares the desired configuration in the Git repo with the actual state in the K8S cluster. Unlike other tools where kubectl changes are untrackable, Argo CD provides a single interface, version-controlled changes, and a history of changes of what and who made changes in the cluster. It further offers better team collaboration.
Cluster Disaster Recovery: GitOps principles state that your entire system (including cluster specifications, components, and workloads) is described declaratively and versioned in Git. For example, if you have an EKS cluster in region 1-a and if this cluster completely crashes, ArgoCD can create a new cluster — point it to the git repository where the complete cluster configuration is defined. It will recreate the same state as the previous one without any intervention from your side.
Security:ArgoCD is a relatively lightweight and highly secure approach to K8s deployments. This continuous delivery tool pulls changes from a remote Git repo. Therefore, you don’t need to define firewall rules and VPC peering connections to get deployment servers to connect with the cluster, which is one less entry point. It significantly reduces the attack surface area for dev/QA/prod servers.