Argo CD is a flexible GitOps controller that solves various use cases. It might be used as a platform operator tool that performs cluster bootstrapping, as well as a GitOps-as-a-Service for hundreds of application developer teams. Depending on your requirements, you might choose different ways to deploy Argo CD components to achieve better scalability and save resources.
The most common way to deploy Argo CD is to use a single instance of Argo CD that manages all the clusters and applications. Argo CD was designed with this installation type in mind and provided the best user experience. Application developers get a single management tool to manage the applications they are responsible for, and the platform team gets a single pane of glass to see the whole infrastructure state. The main drawback is this approach introduces some management burden and security implications since now Argo CD needs to have access to all managed clusters as well as scalability challenges.
Another way to deploy Argo CD is to deploy it per cluster. This approach is more scalable and allows to reduce the management burden. However, it introduces some challenges for application developers as of now they must jump between different Argo CD instances to manage their applications. Also, the platform team loses the single dashboard where they can see the entire infrastructure state and must take care of multiple Argo CD instances instead.
Argo CD per business unit is a good compromise that mitigates scalability challenges and limits the blast radius in case of an outage. The user experience is still good because, typically, engineers of one business unit work with the same set of clusters and rarely need to jump between different Argo CD instances. Platform team loses the single pane of glass, but still can get the state of a particular business unit infrastructure.
So is there an architecture that works for everyone? It is hard to say since, so far, we've looked only at scalability and security considerations. In real life, there are a lot more factors that might affect architecture decisions:
Git Access. The most common concern we've learned is related to Git access. The 100% pull model when the Argo CD application controller and repo server reside inside the managed cluster is very attractive. The caveat is this approach assumes access to Git from every infrastructure node. Given that the Git server typically holds valuable code and this is a security concern. The perfect solution would be to host the repo server component in one dedicated cluster and use it as a proxy for Git access.
Image Updater. Image updater is a component that watches the image container registry and updates the deployment manifests in Git when a new image is available. It represents a similar example to the Git access problem, except the image updater might need to be deployed to a different location than the repo server with elevated privileges.
Application Set. ApplicationSet is an Argo CD component that automates Argo CD applications managed based on data available from various sources. Same as the image updater and repo server it might need to be deployed to the special cluster with elevated privileges.
After working with many customers, we've learned that there is no one size fits all solution. Each organization has its own requirements and constraints. That's why we've taken a different approach and allowed our customers to choose the architecture that works for them. Akuity Platform provides hosted Argo CD and lets users choose where each component should be hosted, and takes care of connectivity between them. This approach allows us to achieve the best scalability and security while keeping the user experience at the same level.
Changing the dedicated cluster for a particular component is as easy as clicking a button or changing a single line in the configuration file if you prefer a declarative management style.
Use the following steps to change the location of the desired component:
To learn more, go to the Argo CD flexible architecture documentation section.
At Akuity, we've recognized that it's impossible to predict all the requirements and constraints of Argo CD users. That's why we've built a platform that allows them to choose the architecture that works for their specific use cases. This approach allows users to provision Argo CD instances and manage every cluster inside their entire organization utilizing the pull model without sacrificing security and without introducing scalability challenges and the management overhead.
Do you have a use case that the Akuity Platform does not cover? We are genuinely interested in learning more about it. Please reach out! We will be happy to help you solve your problem.
GitOps is rapidly becoming the standard for managing cloud-native ecosystems with Kubernetes. Traditional IaC tools fell short with the rise of Kubernetes…...October 19, 2023
Kargo is a next-generation continuous delivery and application lifecycle orchestration platform for Kubernetes. It builds upon GitOps principles and integrates...October 10, 2023
GitOps principles exist to address the genuine problems of visibility and collaboration when working with a complex system like Kubernetes. They stress the…...