How to Centrally Manage and Maintain Distributed Argo Instances

Managing Argo instances for distributed teams within a large enterprise is a major concern especially when there is no unified dashboard for central teams to obtain insights into the activity of teams virtually working in silos. For the central team, getting insights into all Argo instances (in different regions) running K8 deployments is practically tough considering that they need to login into each Argo instance separately unless they have a tool that offers them complete visibility, insights and control over all their active Argo instances.

Let’s look into why this is needed and what are the benefits of implementing centrally managing and monitoring all distributed Argo instances running in different regions, while leveraging existing devops tools integrations.

Let’s understand why this is needed in the first place.

Drivers for Centrally Managing and Maintaining Argo Instances and Associated Benefits

Why would anyone care about managing the Argo instances centrally as opposed to doing it in a distributed manner? I guess we know some of the answers already but just to double click on the need and associated benefits; Any business need is typically derived from two objectives, 1. Need to make more money, or 2. The need to save more money. As we speak with Argo users, we found that it is the mix of both objectives. How specific business / tech requirements translate to achieving those two objectives is as below.

1. Improve DevOps and Developer Productivity
   1. Get real-time visibility and insights into all your distributed Argo instances,
   2. Manage and maintain all Argo instances centrally,
   3. Manage applications for each Argo instances, while continuing with the self-service model for each distributed teams / applications and improve their productivity,
   4. Upgrade Argo instances centrally, without having the need to login into each individual instance.
2. Secure GitOps
   1. Enable guardrails with complete visibility and insights into user activity,
   2. Enable RBAC and capture user login activity from a security perspective.
3. Audit Trails
   1. Complete audit trails / proof-points with dashboard and reports around workflow execution, application / deployment audit, as well as user audit.
4. Reduced Cost of Operations
   1. Save significant time and effort on managing and maintaining individual Argo instances.
5. Derive Actionable intelligence in real-time
   1. Orchestrate data-driven policies for compliance and security controls,
   2. Automate data-driven verification / canary analysis leveraging logs and metrics.

How to Implement the Managing and Maintaining of Argo Instances Centrally

This can be implemented in the form of a 2 step process.

1. Install OpsMx Intelligent Software Delivery (now, OpsMx Secure CD for Argo) at a central location, and
2. Install OpsMx Agent at each Argo instance

Install OpsMx Secure CD for Argo

OpsMx offers multiple solutions on Argo to meet the ever changing technical or the business requirements of an enterprise. OpsMx Secure CD for Argo acts as the central controller which facilitates management and maintenance of distributed Argo instances from a central console, while enabling the distributed teams to manage and execute their workflows for their specific applications to ensure productivity.

Installation steps for OpsMx Secure CD for Argo can be obtained from the publicly available documentation on our website.

Once OpsMx Secure CD for Argo has been installed the next step is to establish connection with all distributed Argo instances in order to monitor, manage and maintain them.

The above architecture diagram explains how this actually works. 

The agents can be installed using the central console itself that provides the agent manifest files in the downloadable form for specific Argo instances.

Connect with any / many Argo instances

Whether your Argo CD instances are within the same namespace as that of OpsMx or on different clusters, you’ll be easily able to connect with them.

Unified Dashboards for Insights and Operational Status of Distributed Argo Instances

OpsMx Secure CD for Argo offers multiple dashboards specifically for executive insights as well as end user insights and audit reporting.

Below illustration depicts an executive view of distributed Argo instances catering to specific applications / teams, with their current status along with drill-down capabilities.

Quick access to distributed distributed Argo instances centrally from a single console

OpMx allows users to centrally access each Argo instance without the need of separately logging into each instance individually.

Performance insights with DORA metrics for deployments using Argo

The insights dashboard provides performance details around deployments using Argo on numerous parameters.

Audit Reports for all enterprise Argo Instances

The inbuilt datastore within OpsMx Secure CD for Argo provides audit reports with proof points that auditor and compliance teams can use to save significant time. Below screen illustrates deployment audit for all Argo instances.

Maintain and Upgrade your existing open source Argo Instances centrally

This feature has been specifically developed on demand from our existing customers.

I highly recommend you to talk to one of our top Argo CD experts to get more insights. However, in short, the OpsMx central console provides central teams the ability to maintain the distributed Argo instances along with upgrading these open source Argo instances to the desired version. 

Automated Canary Analysis (Metrics + Logs) with Argo Rollout

In addition to centrally managing existing Argo instances, OpsMx comes bundled with enterprise Argo flavor as well as Argo Rollouts. Argo rollouts are particularly useful for implementing advanced deployment strategies like blue-green, canary and progressive delivery, along with automated deployment verification. Using the central console, automated analysis can be configured for all application deployments. 

OpsMx enables automated verification leveraging canary analysis using both metrics and logs (log analysis is not available out of the box with open source Argo Rollouts).

User Activity Audit Report

While it is important to audit deployments and workflow activities, for enterprises, user activity audits are equally important. OpsMx provisions these reports out of the box to not only maintain the track record of users across Argo instances but also on OpsMx Secure CD for Argo.

Enforcing Compliance or Policies Centrally for all Argo Deployments

OpsMx enables users to enforce policies for compliance and security controls using a Deployment Firewall. Deployment Firewall works on three parameters – Policies or deployment / release rules, Data from your devops tools, and the enforcement layer where the policy gets orchestrated using the data that is feeded into the policy. Learn more about Deployment Firewall.  

I highly recommend you to talk to one of our top Argo Experts to get more insights and get to see a demonstration of OpsMx Solutions for Argo.