GitOps in practice, deploying Kubernetes applications with ArgoCD

GitOps is a set of methods for deploying applications using Git. Application definitions, configurations and connections should be stored in a version control software such as Git. Git then acts as the single source of truth for the declarative infrastructure and its hosted applications.

Using GitOps means that all changes to the implementation must be committed in a git commit. A continuous delivery operator then separates the commit and synchronizes the state between the repository and the target environment.

The biggest advantage of GitOps is how every change is versioned and verifiable. Versioning makes it easy to revert to a previous state in the event of an error. Disaster recovery is also simplified. The source of truth remains unchanged and you only need to change the target environment.

The article shows how we use ArgoCD to synchronize our state Kubernetes cluster. It covers its installation and usage using a simple example application hosted on GitHub.

Since Kubernetes manifests are declarative, it fits perfectly CI/CD patterns and most GitOps tools focus on Kubernetes.

In practice

It is a good practice to isolate your application source code from your deployment state definitions between two distinct Git repositories. YAML files are used to describe the Kubernetes cluster, including Deployments, ConfigMap, Secrets, …

The development permit archive is organized with the layout:

./myapp-ops
├── base
│   ├── deployment.yaml
│   ├── kustomization.yaml
│   └── service.yaml
├── dev
│   ├── deployment-patch.yaml
│   └── kustomization.yaml
└── prod
    ├── deployment-patch.yaml
    └── kustomization.yaml

Here we use customize for our declarative configuration customization. dev and prod directory defines the state of our application and shares a common base. Dev and Prod can be deployed in the same or different Kubernetes clusters according to our needs.

The typical workflow for a new feature in an application using GitOPs is as follows:

1. The code is pushed to the code repository.
2. The code is built and tested in the CI platform.
3. The code is sent: a docker image is built and sent to a registry.
4. The CI pipeline commits and pushes a new version to the distribution repository.
5. This push triggers a synchronization: the new code is automatically deployed to the target infrastructure.

Users are free to commit to the distribution repository themselves, for example they can set the number of ReplicaSets for a distribution.

ArgoCD

ArgoCD is a GitOps operator that synchronizes the state described in a Git repository with a deployment in one or more Kubernetes clusters.

ArgoCD supports several formats for declarative definitions (Adapt, Rudder, Ksonnet or plain-YAML).

It is implemented as a Kubernetes controller that monitors the Git repository and the live deployment. If for any reason the live status deviates from the target (waiting for user input, deployment failed, manual reset…), the application is considered OutOfSync.

ArgoCD installation

A simple ArgoCD installation is simple:

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml



kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d && echo


kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "LoadBalancer"}}'

kubectl port-forward svc/argocd-server -n argocd 8080:443

The next step is to install argocd-cli command after the officer ArgoCD CLI installation.

More documentation about the installation (User Management, High Availability, Observability…) is available here.

ArgoCD usage

Now let's create an ArgoCD app using the CLI. It can be easily done via the web interface.

argocd login $myargocd:8443
argocd app create demo-app-dev --repo https://github.com/PACordonnier/demo-cicd-ops.git --path dev --dest-server https://kubernetes.default.svc --dest-namespace dev

argocd app get demo-app-dev
Name:               demo-app-dev
Project:            default
Server:             https://kubernetes.default.svc
Namespace:          dev
URL:                https://192.168.39.5/applications/demo-app-dev
Repo:               https://github.com/PACordonnier/demo-cicd-ops.git
Target:             
Path:               dev
SyncWindow:         Sync Allowed
Sync Policy:        Automated
Sync Status:        Synced to  (babc0df)
Health Status:      Healthy


$ argocd app set demo-app --sync-policy auto

By navigating the web interface, we can see all objects managed by ArgoCD as well as their current state:

Conclusion

If you use Kubernetes for your deployment and struggle to be aware of what is deployed in your environments, GitOps is for you. Implementing it is not rocket science and can only benefit your DevOps compliance.

ArgoCD is a fantastic product. It solves a real problem while being convenient and easy to use.