Intro to CD
Adopting containers is a common strategy for enterprises today to roll out new application changes quickly, deploy efficiently and run applications securely.
To achieve those goals, many enterprises are now adopting continuous delivery (CD) in order to deploy changes into production quickly, frequently, and safely.
Many CD tools are used to deliver software to production. Some of the most common tools in the market are:
- Argo CD
- Tekton CD
- Git Lab
- Azure DevOps
Spinnaker and Argo CD are favourite tools for transforming software delivery processes, and so we are often asked to describe the difference between Argo and Spinnaker and to assess which one is better. The short answer has been “it depends” on the specific situation and requirements for each customer. But that’s not a satisfying answer, so let’s dig deeper into when Spinnaker and Argo CD make sense.
A quick introduction to Spinnaker and Argo CD
Spinnaker is an open-source, multi-cloud continuous delivery platform for releasing software changes with high velocity and confidence.
Spinnaker offers a powerful and flexible pipeline management system which is used by many Fortune 500 companies to deploy millions of changes per year. Read more on What is Spinnaker
Refer the Spinnaker UI:
ArgoCD is a declarative continuous delivery tool for Kubernetes applications that uses GitOps style to manage cluster resources. Argo CD monitors the application configuration defined in your Git repository and compares it with the live state in the cluster. When a developer changes the app definition in Git, Argo CD detects and notifies administrators about the out-of-sync status. If the administrator approves the change, ArgoCD creates resources in Kubernetes clusters with the newly defined configuration. (Read more on What is Argo CD?)
Refer the Argo CD UI:
Installation and Implementation
One of the top parameters that any enterprise visualizes is Day1 operation, which includes prerequisites, installation, configuration, and architecture.
Argo CD is very lightweight and can be installed in minikube using manifest or HELM charts (with 2GB memory and 2 CPUs), whereas Spinnaker is feature-rich, making it pretty heavy. Installation of Halyard- lifecycle manager for Spinnaker- takes at least 12 GB of memory (though it can be run in 1 GB for small setup). Besides, Spinnaker needs a K8s cluster with four cores and 16GB of RAM.
From an installation perspective, both Spinnaker and Argo CD are well documented and easily installed with a few commands and in a few minutes. Both CD tools offer fault-tolerant, highly available architecture to minimize service disruption during software deployment.
Spinnaker and Argo are open-source software offering only on-prem deployment models. But to kickstart your deployment process without any hassle, OpsMx provides a SaaS version for both tools. You can start with Spinnaker SaaS or Argo SaaS based on your requirements.
Learning curve and enterprise-wide adoption
Another factor that certainly helps enterprises scale the adoption of a CD solution is the learning curve.
As Spinnaker is feature-rich and has many features and components, the DevOps team has to learn and train to configure pipelines or deploy them into multi-cloud, etc. Many Spinnaker resources, documentation, videos, and enterprise Spinnaker plugins are available for the DevOps team to shorten their learning curve and adopt it gradually in production. ISD for Spinnaker helps reduce that learning curve by offering an intuitive UI that supports self-service models.
On the other hand, Argo is a lightweight CD solution limited to Kubernetes app deployment. If you need a CD solution for Kubernetes, you can get-set-go with Argo. However, in production deployment, Argo CD may not qualify all the security and compliance checks put by DevSecOps managers for production deployments.
Every organization wants a centralized and production-ready CD solution to handle various application types and deployment targets. OpsMx provides production-ready Spinnaker and production-ready Argo CD that are secured, scalable, extensible, hardened, and Fedramp compliant, per your organization’s requirements.
Argo CD follows GitOps style deployment, i.e., it treats Git as a source of truth and monitors the repository for any changes in the manifest file for app deployment in Kubernetes. Manifest can be specified in a text file or JSON file, Kustomize applications, helm charts, or ksonnet applications, or jsonnet files.
Argo CD is meant to be used with Kubernetes applications and services only. Argo CD tracks updates to branches, tags, or pinned to a specific version of manifests at a Git commit and deploys the changes into Kubernetes. Kubernetes manifests from a Git repository are applied to your cluster configuration, and Argo will strive to ensure that your repository and clusters are always in sync.
Argo CD can also re-issue the Git state to the target environment if there is a change in the target environment for any reason.
Argo CD provides a UI to showcase the deployment status of a change (and depends on sync with Git change). Refer to the image below:
For detailed visibility into the status of a deployment or into metrics across deployments one can use Intelligent Software Delivery (ISD) for Argo ( refer the image below)
On the other hand, Spinnaker runs a little differently. It does not support GitOps delivery style, however there is an alternate way to achieve it using OpsMx ISD for Spinnaker.
It offers declarative pipelines for app delivery. DevOps engineers who are deploying to the public cloud or Kubernetes choose Spinnaker pipelines. By using pipelines, Spinnaker can deploy apps into any on-premise VMs or cloud data centers like AWS, GCP, Azure, and Kubernetes. The best part of Spinnaker pipelines is you can configure stages for the sequential process of the release process.
Refer to the below screenshot where a Spinnaker pipeline ( for AWS deployment) is executed:
Developers who want to use GitOps-style delivery models with Spinnaker can use a hack with the pipelines. They need to configure triggers in Git to execute a pipeline on any commit to any code in Git. Such a hack to achieve GitOps is called managed delivery.
Manifest files can be specified in a text file or JSON file, or Kustomize applications, HELM charts, or Spring Spel templates. Any change to the manifest file in Git will trigger Spinnaker pipelines for deployment. Application deployment tracks updates to branches, tags, or pinned to a specific version of manifests at a Git commit. Spinnaker API can be called to create and manage infrastructure (security groups, load balancers, firewalls) and process deployments.
Refer to the below screenshot where a Spinnaker pipeline is called based on Git changes:
For large organizations, Spinnaker comes in handy to construct an end-to-end delivery workflow by configuring a series of stages in Spinnaker pipelines. Webhooks in those stages can automatically execute many activities of a release process, such as Jenkins build jobs, deployment into test environments, triggering automated test cases, or deploying into staging and production environments, etc. Manual judgment and verification gates can also be configured as a part of the same pipeline to ensure an automated and risk-free release process. Below figures- Fig A represents the orchestration of an enterprise software delivery process using Spinnaker, and Fig B represents a sample Spinnaker pipeline automating various delivery stages- build, test, deploy and prod:
For safe deployment, both the Spinnaker and Argo (Argo Rollouts) offer in-built deployment strategies like highlander, blue-green, rolling updates, and canary deployment.
Both tools support on-prem and managed Kubernetes. Argo CD and Spinnaker support application deployment into the managed K8s (EKS/GKE/AKS). The former deploys directly based on the configuration change, whereas the latter uses a delivery pipeline for deployment.
If you have a few applications hosted on on-prem or managed K8s, and are still undergoing some cloud transformation, then Argo CD can be well suited for you. However, if you want to construct a seamless workflow to automate a delivery process that includes test integration, approval gates (manual or automatic), integrated image builds and visibility into deployments to hybrid or multicloud environment, then choose Spinnaker for continuous delivery.
VM based deployments
Every enterprise deploys applications to VMs – either to the cloud – GCP, AWS, or a different cloud – or to an on-prem datacenter VMs. It is standard practice to create a specification for the environment that is required for an application – the OS version, binaries, storage, networking, libraries, applications, compressed files, etc to create a VM. This is also called VM bakery, where the infrastructure team makes a snapshot of the overall environment and persists it in something like an AMI store. And once that image is ready, creating multiple images – even up to tens of thousands of images – can be created to match the requirements of the application. The process is also known as Immutable infrastructure, and it is practiced to avoid configuration drift.
Spinnaker uses HELM charts to bake K8s manifest files, similarly it uses a packer template (under the hood) to bake VM images. Once a delivery pipeline is completed, Spinnaker can provision those VMs (along with load balancers, firewalls, etc) in the target environment (from the cloud to on-prem VMs to bare metal servers). This helps infrastructure teams to leverage Spinnaker to orchestrate VM based deployments. This ability to deploy updates to K8s services and VM-based applications is one of the important reasons that many organizations choose to standardize on Spinnaker for software deployments.
In addition to that, Spinnaker provides a single pane of glass from where you can see and control your resources. Developer and operation teams don’t need to log into a different UI or public cloud to understand the status of resources.
Argo CD does not include provisioning infrastructure currently. But the hack here is to use an external open-source software like Crossplane to be able to assemble and manage the infrastructure of any public cloud.
Scaling Enterprise-Wide with Complex workflows
Stability and Performance
When handling multiple application deployments and scaling a CD solution enterprise-wide, Argo CD and Spinnaker may have a few performance issues.
For example, according to the Argo documentation in their roadmap section, Argo becomes very slow when handling more than 1000 Kubernetes applications. Further, to take more than 100 Kubernetes clusters, you must increase the number of replicas of Argo CD controllers (i.e., scale horizontally) and configure Argo for automated sharding (to distribute the workload among all the Argo CD controllers). Argo CD has issues (specifically, it may not be able to generate manifests properly) when configured to handle 50+ applications in a single repository.
Making the Argo CD software fit for production is tricky, like making it highly available. Argo releases metrics (both counter and gauge type) for Prometheus to measure performance issues of the Argo CD system performance issues. But the challenge starts to appear when developing Argo CD support for other monitoring systems such as Datadog, NewRelic, Dynatrace, etc.
OpsMx provides managed Argo, which comes with all the bells and whistles, such as scaling support, 24*7 Argo support, immediate patch fixes of vulnerabilities, performance checks, and 99.9% SLA. The enterprise Argo can deploy to any number of applications into different clusters spread across multicloud and can support the scale you need.
Like Argo, the DevOps team also faces scaling and performance issues with Spinnaker. OpsMx has helped many clients, such as Cisco, to achieve scale in their application delivery using enterprise Spinnaker. Today OpsMx Enterprise Spinnaker at Cisco IT handles over 1000 applications for nearly 2000 developers, performing 10,000 deployments per year.
Feedback and notifications are an essential part of the CI/CD process. Any CD tool needs to have extensive coverage of various tools used to communicate in a DevOps setting. Both Argo CD and Spinnaker provide integrations with 3rd party collaboration tools.
Argo CD provides notifications through Email, GitHub, Slack, Mattermost, OpsGenie, Telegram, and Microsoft Teams. To enable notifications, one has to install Argo Notification. You can use Argo Notification with other products like Argo Rollout to get real-time information about deployment status.
Spinnaker supports notifications through email and provides integrations with many collaboration and service management tools such as Slack, ServiceNow, JIRA, Twilio, PagerDuty, Microsoft Teams, and others.
Argo CD enables administrators to approve a deployment immediately after a change in Git has been recognized. Manual judgment steps at various stages in the software delivery require substantial configuration and scripting in Argo CD.
Similarly, manual judgment stages can be configured in Spinnaker pipelines. Still, it needs a lot of effort to set up advanced judgment, such as automatic approvals based on various CI/CD data or the risk of a new release.
OpsMx Intelligent software delivery (ISD), which brings the best of the CD software, enables administrators to quickly approve the promotion of an update at any stage in the overall process, typically before integration testing, staging, and production. OpsMx ISD takes this step further and allows the project or release managers to take informed approvals by providing 360-degree information about the build, test, ticket status, etc. Release managers can make quick and informed decisions to progress a pipeline (refer to the image below). Deployments done via OpsMx ISD pipelines are safer as there is more visibility on the various stages involved and data-driven approvals to approve a deployment to production confidently.
Spinnaker and Argo CD get support from the open source community support for upgrades and patch fixes. OpsMx is one of the major contributors these projects and offers enterprise supports to mitigate vulnerabilities and compliance issues.
If you are an enthusiast, you can stay tuned and attend ArgoCon and Spinnaker Summit to meet like-minded DevOps folks working on CI/CD projects.
OpsMx provides “no-excuses” Spinnaker support and Argo CD support on a 24×7 basis.
Enterprises are adopting a new DevSecOps culture to enforce security in the CI/CD pipelines. This shift-left mentality requires organizations to consider requirements from security teams like proper authentication, authorization, secure connections, and many others. Spinnaker and Argo offer authentication with support for LDAP and SAML protocols and authorization through RBAC.
Argo CD has undergone security reviews and penetration testing and removed all vulnerabilities from the product itself.
Argo CD provides authentication through JSON Web token and authorization through RBAC policies. The communication among different services (argoCD-server, argocd-repo-server, argoCD-application-controller) is secured through TLS. Argo CD also provides secret management by storing credentials of external clusters in Kubernetes secrets. Argo CD is un-opinionated on how to manage secrets.
Like Argo CD, Spinnaker also offers high-security standards for enterprises to prohibit internal or external threats. It supports various protocols like RBAC, LDAP, OAuth, and MFA for proper authorization and authentication. With support for mTLS and X.509 certificate-based communication, Spinnaker is considered one of the most secure CD tools. Furthermore, Spinnaker directly discourages you from storing secrets, tokens, passwords, and similar sensitive information in plain text and instead offers integration with Git, S3, and Vault to keep such information.
Policy and Compliance
Argo CD does not provide any support for policy checks during software deployment. For software delivery policy enforcement and compliance, you can use OpsMx Intelligence software delivery(ISD) for Argo.
Open source Spinnaker facilitates automated policy enforcement with integration with OPA (Open Policy Agent)- a standard for specifying policies. Policy managers can now easily define policies using declarative language and enforce rules, wrt deployment or release process, in pipelines. This helps organizations ensure 100% adherence to industry standards like HIPAA, GDPR, SOX, and internal best practices.
Both Argo CD and Spinnaker offer auditing capabilities.
To audit deployment activities, you need to connect external tools like Event Exporter, Event Router, or ElasticSearch within Argo CD. The DevOps team will need configuration to fetch audit logs and store all the event logs to troubleshoot issues.
Similarly, Spinnaker has a mechanism to store log information about pipeline runs and deployments. With Spinnaker, auditors can quickly investigate all activities regarding deployments.
Organizations that are mature in DevOps frequently seek to minimize the risk of new releases in production by properly assessing quality and performance for every change. This is called continuous verification. Open source Argo CD and Spinnaker do not offer any out-of-the-box feature to fetch logs or metrics data from external sources or to provide you with information that helps you make go/no-go decisions for deployment.
The intelligent software delivery(ISD) platform for Argo and Spinnaker allows verification of new releases in various delivery stages. Many customers coanfigure verification gates in ISD to perform automated risk assessment and roll forward or roll back their releases in production.
We evaluated Argo CD and Spinnaker based on four broad dimensions that enterprises care about –
- Installation & Implementation,
- Maintenance and Scalability,
In some cases, such as implementation, Argo CD can be used faster than Spinnaker. In other criteria, like deployment capabilities, Spinnaker offers comprehensive capabilities for DevOps and security managers.
Both Argo CD and Spinnaker are designed for different purposes. Argo is primarily intended for a DevOps team deploying to Kubernetes only. At the same time, Spinnaker is designed as an enterprise platform that can handle deployment into all types of targets and simply and automate broken software release processes.
If you want to start Argo or Spinnaker to quickly transform your deployment and delivery process while ensuring 100% security, compliance, and visibility begin with the OpsMx ISD platform. ISD makes Argo and Spinnaker reliable, scalable, extensible and secure.