Managing the delivery and deployment of your applications can become a complex soup when CI (Continuous Integration) and CD (Continuous Delivery) are mixed together. Deployment configuration, if not managed properly, can cause real-time application disruptions. The management of application configuration in a traditional approach requires a multitude of steps. There is a way to make this easier, by splitting up the CI and the CD parts, which you can do with ArgoCD.
Why split up CI and CD?
The split provides a clear separation of code and configuration, which then can also be worked on separately. The images being built are input to the CD, which you can then configure per environment. All the configuration is in Version Control, making collaboration easier because the information is stored in plain sight. It also makes it easier to roll back versions, since that is also stored in Git.
What is GitOps?
Before talking about ArgoCD, let’s first understand GitOps. GitOps is a modern approach to software delivery and operational management that is implemented by tools like ArgoCD and Flux. At its core, GitOps makes use of the power of Git to drive the entire deployment and configuration process. The desired state of the application infrastructure is declared and stored in a Git repository. GitOps tools continuously monitor this repository, ensuring that the deployed resources match the intended state. This approach enables teams to track changes efficiently, collaborate effectively, and maintain a reliable record of infrastructure updates.
What is ArgoCD?
ArgoCD is one of the most popular tools within GitOps, with a Kubernetes-native approach. It is a Graduated project at CNCF and is continuously being developed. ArgoCD is a controller that monitors your environment and compares it with the git repositories connected. It helps you manage the deployments on your environment with Git as the source of truth. It has support for the most common Kubernetes manifests such as HELM, Kustomize and Plain Yaml/JSOn files. On top of that, ArgoCD has an intuitive UI where you can check the status of the deployments.
What can you do with ArgoCD?
Aside from monitoring your environment and syncing the state of your environment with your repository, ArgoCD can also be configured to enforce a deployment strategy. You can do this with sync-windows and sync-policies for example. By utilizing these tools, ArgoCD enables users to synchronize their environments based on specific requirements and timing that best suit their environment.
Compliance is another aspect for which ArgoCD can be used. Since ArgoCD monitors and overwrites manual changes, your cluster will be in a state that is approved via your Git flow. This involves a four-eyes principle on all changes on the cluster, as well as protection from someone (internal or external) changing configurations without your knowledge.
ArgoCD also offers an Image Updater tool (not yet ready for production), which can sync an image based on semver, digest or tag. Deploying on development environments then is directly connected to the CI, once the image is pushed, ArgoCD will verify and update if a new image is available.
Let’s start with an example, the team works with the CI/CD split and deploys with ArgoCD. Someone commits code, it triggers the pipeline and builds an image, which ends the flow. Someone else commits configuration, which is picked up by ArgoCD and synced to the respective environment. You can either deal with environments via branches (not recommended by ArgoCD) or via directories in your repository. At Devoteam, we have an internal project called Project Unox (not related to the soup or sausage), where we deploy applications (one of them Backstage) with ArgoCD on our AKS cluster like below.
Things to consider
It is important to note that GitOps and ArgoCD are not suitable for every scenario. Whenever working with a complex branching strategy, implementing GitOps might add extra complexity. ArgoCD also recommends trunk based development when using their tool. It is built as a Kubernetes-native tool, and therefore works best on Kubernetes or Openshift-like environments. Another point to note is that secret-management in Git is not best practice. You can mitigate this with Kube-Seals or use a Vaulting strategy to manage your secrets outside of Git.
ArgoCD is a great tool to use when it fits the strategy of your organization. If you are looking to implement GitOps and introduce transparency, speed and compliance, then ArgoCD can be the way to go. However, it is important to evaluate if your environment and work process will get all the benefits out of ArgoCD.