Akuity May 2023 Update

May welcomes a lot of new and exciting features inside the Akuity Platform. We're introducing Sync History reports both in Akuity and Argo and much more. Find out for yourself 👇

Declarative Management

Argo CD supports declarative management for the resources it deploys; it's a GitOps agent after all. But what if you could have declarative management for your declarative management tooling?

The Akuity Platform now supports declarative management of Argo CD instances. By creating a Kubernetes-like manifest describing the specs and passing it to the akuity CLI, you can have a production-ready Argo CD instance in minutes without worrying about the infrastructure to host it.

# production-argocd.yaml
apiVersion: argocd.akuity.io/v1alpha1
kind: ArgoCD
metadata:
  name: production
spec:
  version: v2.7.2
  description: production Argo CD instance
  instanceSpec:
    declarativeManagementEnabled: true

akuity argocd apply \
  --organization-name=my-org \
  -f production-argocd.yaml

Once the instance is up and running, you can use the same akuity CLI to provision an agent for your managed cluster and deploy the manifests to connect it. No need to expose the managed cluster's API server or pass cluster admin credentials to the Argo CD instance.

akuity argocd cluster create \
  --organization-name=my-org \
  --instance-name=production \
  gke-01

akuity argocd cluster get-agent-manifests \
  --organization-name=my-org \
  --instance-name=production \
  gke-01 | kubectl apply -f -

You can even integrate this workflow into GitHub actions! Check out the akuity/akp-declarative repository for a working example. For more information, check out the using declarative management section of the Akuity Docs.

Sync History Reports

When you go to the Argo CD dashboard it's usually to sync an Application or to view the result of a recent Application sync. But it can be difficult to visualize and understand when and why an Application synced.

That's why, in addition to the top-level Application metrics, the Akuity Platform now provides powerful sync history reports. The reports are available in the Akuity Platform dashboard and in the Application details page of the Argo CD dashboard, using an extension exclusive to the Akuity Platform.

Agent State Replication

A common question we get is: “What happens if the Akuity Platform is unavailable?”. Something that is unlikely to happen given the amount of work we've put into making the platform highly available and reliable. But we get it, it's a fair question. With the State Replication feature enabled, the Akuity Agent installed into a managed cluster will continue to operate even if it can not reach the Akuity Platform.

During regular operation, you can take advantage of a centralized Argo CD interface and the many other features of the Akuity Platform. But during an outage, it's like having a core installation of Argo CD in each managed cluster. The agent will have everything it needs to continue functioning. Any changes to an Application's source will still be applied to the cluster.

% k get pods -n akuity
NAME                                               READY   STATUS    RESTARTS      AGE
akuity-agent-86678845cb-2kzl9                      1/1     Running   0             101s
akuity-agent-86678845cb-l5jqq                      1/1     Running   0             101s
argocd-application-controller-f9f4869d4-pldwd      2/2     Running   0             101s
argocd-notifications-controller-5fff485c74-g9n5z   1/1     Running   0             101s
argocd-redis-7bbd6b7bf-l4gq2                       1/1     Running   0             101s
argocd-repo-server-847c564d78-5q224                1/1     Running   0             101s
argocd-repo-server-847c564d78-wxmzq                1/1     Running   0             101s

% kubectl get crds
NAME                       CREATED AT
applications.argoproj.io   2023-05-16T14:26:55Z
appprojects.argoproj.io    2023-05-16T14:26:55Z

% kubectl get Application -n akuity
NAME     SYNC STATUS   HEALTH STATUS
repo-a   Synced        Healthy
repo-b   Synced        Healthy

If you require access to the Argo CD dashboard during the outage, you can spin one up locally using the argocd CLI.

% kubectl config set-context --current --namespace=akuity
% argocd admin dashboard
Argo CD UI is available at http://localhost:8080

Flexible Argo CD Architecture

The advantage of an agent-based architecture is the amount of control you have over where components run. The Akuity Platform allows you to specify a host cluster for some Argo CD components, including the ApplicationSet controller, Repo Server, or Image Updater. The best part is that it's completely transparent to the end-user of Argo CD.

The ApplicationSet controller will run on the control plane (i.e. the Akuity Platform) by default, or you can choose a managed cluster to host it.

The Repo Server and Image Updater run in every managed cluster by default. You can delegate responsibility for these components to a specific cluster. This is great when you are running a private container registry or Git server, and only want to provide access to it from one of your clusters.

CVE Detection for Argo CD

When running a version of Argo CD, it's not obvious if there are any known CVEs for it. To simplify this, the Akuity Platform dashboard now alerts you when a newer Argo CD release contains a CVE patch.

Agent Token Rotation

Long-lived credentials serve as a potential threat to the security of your infrastructure. The longer a credential exists, the more likely it will be compromised and used to gain access to your system.

The Akuity Platform has added a way to rotate the credentials used by the agent in a managed cluster. This eliminates the maintenance and security burden associated with long-lived credentials, decreasing your organization's attack surface.

In cases where credentials were compromised and should no longer be used, or security policies do not allow for long-lived/permanent credentials, you can painlessly rotate the agent credentials from the Akuity Platform with a click of a button. Then the agents will be automatically updated across all of your managed clusters.

Config Management Plugins

Config Management Plugins (CMPs) are an extremely useful feature of Argo CD that allows you to customize the manifest generation for Applications using whatever tooling suits your needs. For example, Argo CD has built-in support for Kustomize and Helm, but what if you use Helmfile? Creating a CMP solves this problem.

The feedback we've heard is that CMPs are challenging to get started with. That's why we've added support for creating Argo CD Config Management plugins using the Akuity Platform dashboard. In a matter of minutes, you can create a new CMP and add it to Argo CD using the convenient wizard, or copy the YAML from your existing CMP to start using it on the Akuity Platform.

Try it Out

To try out all the new features, log in to your user account or start a free trial and have a fully-managed instance of Argo CD in minutes.

If you want to learn how to manage the deployment of the Helm charts in a declarative fashion using Argo CD and Github, take a look at our tutorial.

Completely new to Argo CD and GitOps? Take our free online course on CD and GitOps using Argo CD.

Help and Support

If you want any insights on where to start with Akuity or Argo CD, please reach out to me (Nicholas Morey) on the the CNCF Slack. You can find me on the #argo-* channels, and don't hesitate to send me a direct message.

You can also schedule a technical demo with our team or go through the “Getting started” manual on the Akuity Documentation website.