Argo Declarative GitOps for Kubernetes

1. Introduction
2. Argo CD
3. Argo CD Vulnerabilities
4. Argo CD Tools and Plugins
5. Argo Rollouts
6. Argo Workflows
7. Videos

Introduction

• Cloud Native Computing Foundation Accepts Argo as an Incubator Project
• argoproj.github.io: Argo Events - The Event-driven Workflow Automation Framework Argo Events is an event-driven workflow automation framework for Kubernetes which helps you trigger K8s objects, Argo Workflows, Serverless workloads, etc. on events from a variety of sources like webhooks, S3, schedules, messaging queues, etc.
• Why and when do you need Argo CD? High-level explanation of in which cases Argo CD makes sense and what you should keep in mind if you want to use it.

Argo CD

• argoproj.github.io: Argo CD - Declarative GitOps for Kubernetes
• youtube: GitOps with Argo-CD & Kubernetes
• openshift.com: OpenShift Authentication Integration with ArgoCD
• developers.redhat.com: OpenShift joins the Argo CD community (KubeCon Europe 2020)
• thenewstack.io: Applied GitOps with ArgoCD
• thenewstack.io: Why ArgoCD Is the Lifeline of GitOps
• openshift.com: Getting Started with ApplicationSets “App of Apps” pattern.
• medium: Argo CD: A Tool for Kubernetes DevOps
• itnext.io: ArgoCD: users, access, and RBAC
• opensource.com: Automatically create multiple applications in Argo CD
• cloud.redhat.com: How to Use ArgoCD Deployments with GitHub Tokens
• blog.risingstack.com: Argo CD Kubernetes Tutorial
• wecloudpro.com: Deploying Helm Charts with ArgoCD
• thenewstack.io: GitOps on Kubernetes: Deciding Between Argo CD and Flux
• medium.com/gumgum-tech: Streamlining your Kubernetes adoption with Helmfile / ArgoCD and GitOps
• levelup.gitconnected.com: Getting Started With ArgoCD on your Kubernetes Cluster A step-by-step guide to set up ArgoCD on your Kubernetes cluster and synchronize your resources with your GitHub repository.
• digitalocean.com: How to Deploy to Kubernetes using Argo CD and GitOps
• aws.amazon.com: Cloud Native CI/CD with Tekton and ArgoCD on AWS
• blog.argoproj.io: New sync and diff strategies in ArgoCD
• igboie.medium.com: Kubernetes CI/CD with GitHub, GitHub Actions and Argo CD
• faun.pub: Manage Prometheus alerting and recording rules using GitOps
• medium.com/containers-101: Using GitOps, Multiple Argo Instances, and Environments with Argo CD at Scale
• blog.argoproj.io: Best Practices for Multi-tenancy in Argo CD
• medium.com/@ScrumPokerPro: Cloud native architecture with Kubernetes and ArgoCD
• faun.pub: Deploying Argo CD and Sealed Secrets with Helm In this tutorial, you will go over the declarative setup of Argo CD and Sealed Secrets on a Kubernetes cluster. For deploying Argo CD and Sealed Secrets you will be using Helm Charts
• amralaayassen.medium.com: How to create ArgoCD Applications Automatically using ApplicationSet? “Automation of GitOps”
• blog.getambassador.io: GitOps in Kubernetes with ArgoCD
• blog.akuity.io: Unveil the Secret Ingredients of Continuous Delivery at Enterprise Scale with Argo CD Do you know that Argo CD can support thousands of apps and hundreds of clusters? in this article you will deep dive into Argo CD, bring answers and best practices on operating it at an enterprise scale
• dev.to: Towards a Modular DevOps Stack In this article, you will learn how to modularize your infrastructure using Terraform and ArgoCD
• datree.io: ArgoCD Best Practices In this article, you’ll explore some best practices for ArgoCD:
  • Disallow providing an empty retryStrategy
  • Ensure that Workflow pods are not configured to use the default service account
  • Ensure retry on both Error and TransientError
• devops.com: The Argo Project: Making GitOps Practical
• piotrminkowski.com: Manage Kubernetes Cluster with Terraform and Argo CD. Create Kakfa Cluster using GitOps 🌟 This article shows how to create and manage Kubernetes (Kind) cluster with Terraform and Argo CD, and install Kafka on it. Terraform is very useful for automating infrastructure. On the other hand, Argo CD helps us implement GitOps and continuous delivery for our applications. It seems that we can successfully combine both these tools. Let’s consider how they can help us to work with Kubernetes in the GitOps style.
• prashant-48386.medium.com: Continuous Delivery for Kubernetes With Argo CD
• medium.com/@outlier.developer: Getting Started with ArgoCD for GitOps Kubernetes Deployments
• medium.com/@hmquan08011996: Setup Microservices on Kubernetes — Automating Kubernetes with ArgoCD

• datree.io: ArgoCD Best Practices You Should Know In this article, you’ll explore some best practices for ArgoCD:

  • Disallow providing an empty retryStrategy
  • Ensure that Workflow pods are not configured to use the default service account
  • Ensure retry on both Error and TransientError

• kamsjec.medium.com: ArgoCD Setup on Kubernetes/OpenShift Cluster ArgoCD is a declarative GitOps tool built to deploy applications to Kubernetes/OpenShift clusters. ArgoCD is a Kubernetes/OpenShift controller, responsible for continuously monitoring all running applications and comparing their live state to the desired state specified in the Git repository.

• medium.com/@versentfastforward: GitOps on Kubernetes with ArgoCD This is the first post in our series about Managing Complex Kubernetes Clusters. We introduce how we used ArgoCD to enforce GitOps by preventing any alternate means of deployment to your cluster other than through a commit in your GitOps repo.
  • medium.com/@versentfastforward: One-click Bootstrap Deployment of ArgoCD This is the second post in our series about Managing Complex Kubernetes Clusters. We describe how to create a bootstrap script that automates key prerequisites: deployment of ArgoCD and pointing it at the repo and cluster that it needs to use for deployments.
  • medium.com/@versentfastforward: Structuring Your Repo for ArgoCD, Part 1 This is the third post in our series about Managing Complex Kubernetes Clusters. We address the challenge of eliminating duplication of YAML files and reduce the amount effort required to deploy Kubernetes in multiple environments, as well as the continuous deployment (CD) of containerized workloads without developing complex imperative pipelines.
• faun.pub: Continuous Deployments of Kubernetes Applications using Argo CD GitOps & Helm Charts
• jamalshahverdiev.medium.com: ArgoCD ApplicationSet with Applications, Image Updater and Notification controller with SSO
• kubebyexample.com: Argo CD Overview 🌟
• faun.pub: Hygiene of an ArgoCD-built automation at a scale In this article, you will find a list of best practices and tips for using ArgoCD automation at scale
• blog.devgenius.io: Argo CD Introduction What is ArgoCD and why use it
• dev.to: Argo CD and Sealed Secrets is a perfect match In this article, you will learn how to configure Sealed Secrets with ArgoCD
• figments.medium.com: ArgoCD: The first step towards GitOps A core component of GitOps is enforcing the deployment of apps using Git. This means defining the app version and configuration you want in a Git repo, and using a tool like ArgoCD to sync the Git configuration to the deployment. In this article, we’ll look at how we can use ArgoCD to manage automatic Git based deployments of apps.
• medium.com/@nsfabrice2009: How to install ArgoCD on k8s cluster
• akuity.io: How many do you need? - Argo CD Architectures Explained
• piotrminkowski.com: Manage Multiple Kubernetes Clusters with ArgoCD 🌟
• medium.com/containers-101: How to Install and Upgrade Argo CD
• medium.com/containers-101: Argo CD Best Practices In this blog post, you’ll learn some best practices tied to Argo CD that allow you to leverage GitOps easily within your deployment workflow.
• github.com/crumbhole/argocd-lovely-plugin: argocd-lovely-plugin This plugin extends ArgoCD with:
  • Composing multiple things together to form a single app from multiple directories
  • Helm + Kustomize just work
  • You can chain several plugins together
  • When used with application sets, you can apply Kustomizations
• gokhan-karadas1992.medium.com: ArgoCD + Kubevela Integration
• blog.tanmaysarkar.tech: Beginners Guide to Argo CD In this guide, you will learn how to use ArgoCD by practising on a local minikube cluster
• medium.com/devops-techable: GitOps with ArgoCD running in Kubernetes for deployment processing
• seraf.dev: ArgoCD Tutorial — (with Terraform) Here we’ll be deploying ArgoCD resources with Terraform on a local Kubernetes Cluster (KIND) for a true IaC infrastructure
• medium.com/@eduard.mihai.lemnaru: Auto-update helm chart version using ArgoCD
• 53jk1.medium.com: ArgoCD: The Continuous Delivery Solution for Kubernetes
• github.com/myspotontheweb/gitops-workloads-demo This repository demonstrates how Helm based work loads can be managed by ArgoCD.
• medium.com/@jon.mclean: ArgoCD: The GitOps Way
• medium.com/@devopsrockers: Blue-Green Deployment on EKS using Argocd with Kubecost, Istio, External DNS, Grafana-Prometheus and More: “Build, Deploy a Resilient and Observability-Driven Application”
• medium.com/@samuelbagattin: Partial Helm values encryption using AWS KMS with ArgoCD In this blog post, you’ll learn how to encrypt only specific yaml fields in values.yaml, and how to configure ArgoCD to decrypt these secrets on the fly before installing a Helm release
• blog.devops.dev: GitOps at Scale Scale your Projects like a Fleet with Argo CD
• medium.com/@jerome.decoster: Create temporary environment from Pull Request with ArgoCD ApplicationSet In this post, you’ll learn how to create a new environment for each pull request with ArgoCD:
  • Creating a Pull Request creates a new environment
  • Each git push builds an image and updates the app
  • Closing the pull request terminates the environment
• piotrminkowski.com: Manage Kubernetes Operators with ArgoCD
• medium.com/@geoffrey.muselli: ArgoCD: Multi-cluster Helm charts management in mono-repo
• itnext.io: Build a Lightweight Internal Developer Platform with Argo CD and Kubernetes Labels Don’t Underestimate Labels with Kubernetes: Simplify, Don’t Overcomplicate. This article demonstrates how to create a lightweight Internal Developer Platform utilizing GitOps with Argo CD and leveraging Kubernetes labels to offer a streamlined and efficient solution for managing and deploying your infrastructure
• medium.com/otomi-platform: Helmfile and ArgoCD are better together
• overcast.blog: GitOps with ArgoCD for Kubernetes
• medium.com/globant: Using multiple sources for a Helm Chart deployment in ArgoCD
• faun.pub: ArgoCD Finalizer Shield: Protecting Your Production Clusters from Unintended Deletion This article teaches how to protect your ArgoCD clusters from accidental deletion using finalizers, a simple yet powerful mechanism that ensures the integrity of your cloud-native infrastructure
• overcast.blog: Kubernetes — ArgoCD — Gitlab Webhook Configuration
• developers.redhat.com: Enhance Kubernetes deployment efficiency with Argo CD and ApplicationSet
• dev.to: Extending GitOps: Effortless continuous integration and deployment on Kubernetes This article discusses using GitOps and Argo CD Image Updater for effortless continuous integration and deployment on Kubernetes
• dev.to/devsatasurion: Deploying Applications with GitHub Actions and ArgoCD to EKS: Best Practices and Techniques

Argo CD Vulnerabilities

• threatpost.com: Argo CD Security Bug Opens Kubernetes Cloud Apps to Attackers
• thehackernews.com: New Argo CD Bug Could Let Hackers Steal Secret Info from Kubernetes Apps
• armosec.io: CVE 2022-24348 – Argo CD High Severity Vulnerability and its impact on Kubernetes
• securityaffairs.co: Argo CD flaw could allow stealing sensitive data from Kubernetes Apps Argo CD is used by hundreds of organizations, including Alibaba Group, BMW Group, Deloitte, IBM, Intuit, Red Hat, Skyscanner, and Swisscom.
• infoworld.com: How to protect your Kubernetes infrastructure from the Argo CD vulnerability A zero-day vulnerability in Argo CD could be putting sensitive information like passwords and API keys at risk. Are you protected?
• dnastacio.medium.com: Six critical blindspots while securing Argo CD This article shows the core strategies for securing an Argo CD deployment and keeping you ahead of potential exposures:
  • Use a dedicated project for the control plane
  • Argo resources are for Argo admins only
  • …
  • Have a CVE response plan ready

Argo CD Tools and Plugins

• argoproj-labs/argocd-autopilot: Argo-CD Autopilot The Argo-CD Autopilot is a tool which offers an opinionated way of installing Argo-CD and managing GitOps epositories. New users to GitOps and Argo CD are not often sure how they should structure their repos, add applications, promote apps across environments, and manage the Argo CD installation itself using GitOps. Argo Autopilot is a project that solves that
• argoproj-labs/applicationset: Argo CD ApplicationSet Controller The ApplicationSet controller is a Kubernetes controller that adds support for a new custom ApplicationSet CustomResourceDefinition (CRD). The ApplicationSet controller manages multiple Argo CD Applications as a single ApplicationSet unit, supporting deployments to large numbers of clusters, deployments of large monorepos, and enabling secure Application self-service.
• IBM/argocd-vault-plugin An ArgoCD plugin to retrieve secrets from Hashicorp Vault and inject them into Kubernetes secrets.
• argoproj-labs/argocd-vault-plugin ArgoCD-Vault-plugin is an Argo CD plugin to retrieve secrets from various Secret Management tools (HashiCorp Vault, IBM Cloud Secrets Manager, AWS Secrets Manager, etc.) and inject them into Kubernetes resources - https://argocd-vault-plugin.readthedocs.io
• github.com/crumbhole/argocd-vault-replacer An Argo CD plugin to replace placeholders in Kubernetes manifests with secrets stored in Hashicorp Vault. Scans the current directory recursively for any YAML files and attempts to replace strings following a pattern.

Argo Rollouts

• argoproj.github.io/argo-rollouts/
• argoproj.github.io: Argo Rollouts - Kubernetes Progressive Delivery Controller Argo Rollouts is a Kubernetes controller and set of CRDs which provide advanced deployment capabilities such as blue-green, canary, canary analysis, experimentation, and progressive delivery features to Kubernetes
• jijujacob27.medium.com: Sharded applications on Kubernetes using Helm, ArgoCD, and Argo-Rollouts You will use Argo-Rollouts for deploying the app using the Blue/Green strategy.
• medium.com/@ej.sta.ana: Easy Blue-Green Deployment on Openshift Container Platform using Argo Rollouts Argo Rollouts is part of the Argo project which includes the popular ArgoCD gitops tool. Argo Rollouts can help you do blue-green deployment easily on Kubernetes/OpenShift.
• infracloud.io: Progressive Delivery with Argo Rollouts : Blue-Green Deployment In this post, you’ll learn how to perform a blue-green deployment using the Argo Rollouts controller and CRD.
• infracloud.io: Progressive Delivery with Argo Rollouts: Canary Deployment
• medium.com/everything-full-stack: Deployment Strategies: Argo Rollouts
• faun.pub: Kubernetes Practice — Automating Blue/Green Deployment with Argo Rollouts In this article, we will learn how to automate Blue/Green Deployment with Argo Rollouts.
• infracloud.io: How to Setup Blue Green Deployments with DNS Routing 🌟 This blog post will teach you how to set up blue-green deployments using Argo Rollouts with DNS routing using Azure Traffic Manager
• codefresh.io: Progressive delivery for Kubernetes Config Maps using Argo Rollouts In this tutorial, you will learn how to use Argo Rollouts for settings/ConfigMaps using the Kustomize configmap generators. This is useful during blue/green deployments where you need a (templated) copy of the ConfigMap.
• faun.pub: How Helm Subcharts Make the Transition to Argo Rollouts a Breeze

Argo Workflows

• blog.argoproj.io: What’s new in Argo Workflows v3.3
• dev.to: The three meanings of “template” in Argo Workflows

• blog.argoproj.io: Practical Argo Workflows Hardening 🌟 In this post, you’ll cover:

  • High-level best practices you should know to secure your workflows
  • The various components that make up Argo, and how to secure those components
  • Dive into operating and using Argo securely

• blog.argoproj.io: Architecting Workflows For Reliability Kubernetes is designed for stateless scalable web applications, apps where if one process dies, then another process can be dropped in its place. Kubernetes makes one promise — it will kill your pods. Kubernetes expects applications built on it to be tolerant of both any disruption— so apps must be designed with that in mind.

  Dear user,
  I will kill your pod:
  
  If I want the node for something more important.
  If I’m draining the node, or scaling down a cluster.
  If it runs out of memory (because you got the config wrong).
  If I overcommitted.
  Hardware failure (computer catches fire).
  Kernel panic.
  Absolutely any reason I feel like.
  
  I’m sorry — I am who I am.
  
  All the best,
  
  Kubernetes xx
  

• medium.com/atlantbh: Implementing CI/CD pipeline using Argo Workflows and Argo Events 🌟

Videos

Click to expand!