At the moment, not a single organization can escape the trends in the CI/CD & DevOps era. Many organizations put these concepts into practice. CI/CD pipelines quickly became the standard to deploy software applications and infrastructure resources. Kubernetes remains at the top of deployment platforms to run cloud-native applications. Argo CD is the tool of choice for a lot of companies to deliver new application features. In this article, we’ll explore the most interesting features of Argo CD to push your Continuous Deployment initiatives. Useful features of Argo CD to streamline your deployments.
A quick introduction – GitOps
First of all, it’s good to know that Argo CD implements the most important aspects of GitOps. Source code repositories (in Git) are at the heart of every action in which Argo CD plays a role. It all starts with a Pull Request from anyone who wishes a change to an application. Or the other way around: someone who makes a change in a running environment. Argo CD hooks in here to visualize the reflected changes. If a change in the running system cannot be matched with the actual source code, the change is discarded. From a DevOps practitioner, all is source code driven.
Good to know, Argo CD focuses on Kubernetes-based deployments. The tool itself should also be installed in the Kubernetes cluster of your choice. Both on-premises as well as in any cloud which offers Kubernetes (as a service).
Automation automation automation
Automation is one of the key features of Argo CD. Without automation, the tool would not provide many benefits for you to invest your time in. So, the following aspects are automated in some way or the other:
- Automated deployments of applications. Argo CD hooks into existing CI/CD pipelines where it can be used to automatically push out new application versions to your Kubernetes cluster.
- Automated synchronization. Sync applications based on the desired deployment manifest with the actual state of the running application in the Kubernetes cluster. This gives the option to revoke the permissions of the CI/CD pipeline to the Argo CD API server. The sync option can be turned on by setting a parameter or in the deployment manifest itself.
- Automatic pruning. In addition to the aspect above, applications can be automatically pruned if they’re out of sync. For safety reasons, this is switched off by default, but it can be enabled using the same methods as automated synchronization.
- Drift detection is a built-in feature of Argo CD. It can visualize the differences between the desired state versus the actual state of the running application. DevOps practitioners are helped with a helpful (Grafana) dashboard.
It’s the completeness and accuracy of the automation-related features which makes Argo CD a powerful tool to speed up application delivery.
Production Grade
Back in the day, Argo CD started as an incubator project at the CNCF landscape and quickly became graduated. This makes it an ideal candidate for production-grade workloads. Argo CD can be deployed as a standalone application or it can be deployed in High Availability mode. It offers a clear GUI to help developers visualize the deployment status of their Pods, Deployments, Services, Custom Resource Definitions, etc.
Basically, you can use the Argo CD GUI to define an application and create the subsequent Kubernetes configuration files. This should not be confused with actually controlling the cluster (s) since it’s only a helper to create declarative configuration files.
It’s also great to mention that you do not have to learn a new language to write your configuration files. More and more developers and other infrastructure specialists consider this a burden. Argo CD supports native Kubernetes Yaml files but also Helm charts and Kustomize-based templates. This also speeds up the implementation and avoids learning new things which do not add any business value at all.
Security aspects
While being separated by so-called projects, multiple teams can work together in the same Kubernetes environment. This frees the way to isolate applications in their respective sections of the cluster.
Besides workload isolation on a namespace level, RBAC (Role Based Access Control) can also be applied on an application level. On the other hand, it’s also possible to deploy to multiple Kubernetes clusters to keep workloads even stricter and separated from each other.
When it comes to security, Argo CD is extremely transparent in terms of security advisories. At the time of writing 24 security issues are listed ranging from low risk to critical. Every advisory (example here) comes with a detailed description of the impact, the available patches (which apply to different versions of Argo CD), and any workarounds. Besides security advisories, there is a great overview of security results based on the well-trusted party Snyk. Not only for the latest container images but also for alternatives and all other major releases. Container images are signed by Cosign to guarantee their integrity.
A lot of great names put their trust in Argo CD. Names include RedHat, Google, Tesla, and Nvidia to name a few. It underscores the robustness of the tool as well as the ability to support high-demanding companies for their production-grade workloads.
While this all might sound obvious, it’s vital to keep security-related aspects on top of the agenda. Since every organization needs to pay attention to this, especially large ones that have a lot of security and compliance rules and regulations they must adhere to.
Various integration points
Integration is a key aspect to automate workflows and other tasks. Without integration points such as webhooks, connections to the CI part of the pipeline, or SSO, a lot of manual steps still remain.
In terms of SSO, Argo CD integrates with LDAP, SAML 2.0, OAuth2, GitLab, and GitHub just to name a few. The developer documentation contains a lot of walk-through manuals on how to set up user management on various systems. One of the great examples is the configuration of Azure AD SAML Enterprise App Auth. It comes with crystal clear examples and source code snippets to quickly copy and paste these into your own source code repository.
Webhooks with Git providers offer a way to directly let Argo CD react on changes in the Git repositories. This way, you don’t have to wait for Argo itself to poll your favorite Git repository. Sometimes, you want to eliminate the delay which should otherwise take into account. Configuring the webhooks enables you to select which type of events should trigger Argo CD. This makes it possible to hook in here with your current developer workflow.
CLI
Furthermore, the CLI of Argo CD helps to automate stuff and to integrate Argo CD with any other tool that requires interactions with Argo CD. Some of the most important features of the CLI are:
- Maintaining the configuration of Argo CD itself by using the admin subcommands.
- Use the Argo CD CLI to generate Kubernetes deployment files and actually deploy your resources to a cluster.
- Managing Argo CD projects and applications to logically group them.
- Setting up account-related aspects to determine who is able to do what on Argo CD.
All of these aspects can be triggered from a CI pipeline which helps to automate and standardize Argo CD a simple yet powerful activity.
API server
Argo CD comes with its own API server that is responsible to handle requests of various tasks. These include enforcing RBAC policies, listening to the (above-mentioned) webhooks, authentication & authorization, handling Kubernetes’ secrets as well as managing applications and invoking operations upon them. Since the API can be used for such a wide number of aspects, it’s very powerful to use it as an integration point from the perspective of other tools.
Final words
There is a lot more to tell about Argo CD, even more than we can cover in this article. Argo CD is heavily being developed by a large user community. It helps you to streamline your Kubernetes-based deployments and it has a major focus on automation. In this article, we have covered a lot of aspects that help you to speed up and standardize your deployments. A true GitOps experience. Various integration points, the robustness of the components, and the focus on security make it a great tool for companies of any size.
