Large enterprises in retail, tech, and finance space, whose business depends mainly on advanced IT infrastructure, have been using multicluster Kubernetes for their applications for some time. Implementing multicluster has several motivations, such as workload isolation, reducing blast radius by splitting services over multiple clusters, confident upgrades through canary or blue-green deployment, etc. A few examples of advanced use cases can be Mercedes using 900+ clusters for its tech innovation projects and CERN using 666 Kubernetes clusters for running data analysis applications.
For cluster-wide deployments, enterprises choose Argo CD because it is lightweight and uses GitOps deployment methodology. While it is easy to run and deploy these clusters, achieving 100% visibility and controls for cluster-wide deployment is no picnic to operate. It is not the learning curve of implementing the visibility and management in Argo CD but the newness of the problem at scale. In this article, we will discuss a few challenges and solutions wrt visibility and controls while deploying into multiple clusters using Argo CD.
Argo CD challenges with multicluster deployments
In the software delivery process, multiple instances of Argo CD can be used for deploying into numerous clusters. The below image (Fig A), a simple example of multi-cluster deployment, depicts how two instances of Argo CD are used to deploy four applications into different clusters of Kubernetes (both on-premises and AWS EKS and Azure Kubernetes). App1, 2, and 3 are developed as one module, and app4 is developed as another module. Each module has a different significance to the business and can have smaller developers teams under them. Though both modules are other, the application deliveries are managed by project managers and product owners and are monitored and maintained in production by SREs.
DevOps team and platform engineers are the central teams in enterprise IT that aid all the developers with a self-service platform for deployment.
There can be a few challenges regarding visibility and controls while managing Argo and delivering software using Argo. We will discuss the list of challenges related to software delivery in the next series and will continue to discuss the obstacles while managing multiple Argo instances.
Lack of visibility of all Argo CD instances in a single pane
Initially, any new project will start with less adoption, but as the load increases, there will be more complexities and challenges. Today, in most cases where Argo is adopted project-wide, if not enterprise-wide, developers deploy their changes using GitOps methods daily.
The SREs and Ops team have to ensure Argo always provides top-notch and highly available services to developers. However, they often need more visibility of the cargo instance in a single pane to troubleshoot any issues quickly.
E.g., to get the visibility health of Argo, SRE or Ops team has to login into clusters where Argo instances are running and manually gather the health status. They would require a centralized tool to give them a holistic idea of Argo instances running enterprise for better support.
Operation and maintaining Argo is challenging
Many enterprises handle the operation and maintenance of Argo instances themselves. But as the number of cases of Argo, to deploy into multiple clusters, grows across various infrastructures, the initial plan to do it yourself (DIY) begins to show cracks that may dampen the company’s ability to scale efficiently and effectively.
Below are the three major operations challenges enterprises face on day 2 when adopting Argo as their main GitOps platform.
- Ensuring 100% security for production-grade Argo is essential. However, due to a learning curve, the Ops team often needs help to harden Argo by removing vulnerabilities, applying timely patches of functionality issues, or implementing upgrades.
- Implementing multi-tenancy using RBAC is vital to prevent Argo users from unnecessary access to resources and avoid wrong deployments. However, onboarding many developers or project managers with the least privileges to multiple Argo resources can take time and effort.
- Finally, integrating Argo with existing tools in a CI/CD process will require a lot of integration to automatically get holistic data on the software delivery process. Without connecting various CI/CD tools, it will result in little islands of data where DevOps engineers have to log into each Argo and fetch the data manually. As integrating disjointed software solutions in the software delivery takes developers’ focus away from the core work, it is one of the most common challenges IT enterprises are currently facing.
To avoid all the challenges mentioned above and help enterprises adopt Argo faster, OpsMx has launched Intelligent Software Delivery (ISD) for Argo.
Intelligent Software Delivery (ISD) for Controlling Argo
OpsMx Intelligent Software Delivery for Argo offers the power of GitOps-based deployments with ease and minimal learning curve, along with AI/ML-driven automation for approvals, verification, security checks, and compliances for comprehensive visibility, audibility, and fine-grained control on your continuous delivery (CD) process, with no vendor lock-in.
The OpsMx ISD Platform augments the enterprise platform team through a broad range of services needed to support and maintain Argo CD instances. ISD delivers the following services to the platform, DevOps, and Ops/SRE teams on Argo CD infrastructure.
A single administrative pane of glass for multiple Argo instances
Suppose you have multiple Argo instances helping developers across various teams in an enterprise. In that case, ISD provides a single pane of glass (refer Fig B) to provide the health status of numerous Argo instances. With ISD, SREs and Ops will promptly understand Argo’s performance and behaviour. A single pane of visibility will help them to troubleshoot faster, bring down the MTTR, and maintain a highly available and resilient Argo infrastructure for production deliveries.
Zero trust access of Argo infrastructure
ISD offers enterprise Argo, which comes with bells and whistles to ensure your applications’ security. It provides hardened Argo and gives tools to apply patches and upgrades on time to all the Argo instances in one go. ISD Argo provides integrations to major SAML, LDAP, and RBAC providers to enable authentication and authorization of Argo infrastructure to your team members- developers and project managers. (Refer Fig C & D)
For e.g., the Ops team can provide project managers and developers access to cluster-wide deployment, deployment audits reports, and software delivery processes without giving access to Argo instances. (We will talk more about this in the next blog)
Easy management of Argo CD lifecycle
ISD provides a holistic approach to managing modern infrastructure by dramatically simplifying the lifecycle management of Argo located in data centers or public clouds. With ISD, you get all the value of enterprise-grade Argo services combined with peace of mind provided by OpsMx 24×7 customer service and support.
Whether you’re new to Argo CD or an expert, you’ll appreciate enterprise Argo’s easy-to-implement and easy-to-use services.
Out-of-the-box DevOps tool Integrations for Argo CD
ISD provides more than 50+ integrations with common CI/CD tools to enable you to automate application delivery using Argo, verify the performance of your deployments before they move into production, and continuously apply compliance checks to comply with SDLC regulations and industry standards.
Check out the list of integrations for Argo CD.
As organizations continue to adopt and scale modern applications and GitOps methodology, operational complexity around Kubernetes deployment increases. Deploy into Kubernetes clusters at scale while efficiently operating and managing the lifecycle of Argo with a comprehensive set of enterprise-grade features by OpsMx Intelligent Software Delivery (ISD) for Argo. The platform delivers the essential services- visibility and control, delivery intelligence, deployment dashboard and audit- to ensure day-2 operations in software delivery have the consistency and reliability you expect at any scale.
OpsMx also provides Argo Center of Excellence (COE) for enterprises needing expert services or consultation on Argo CD and Argo Rollout implementation to expedite their GitOps journey.
Founded with the vision of “delivering software without human intervention,” OpsMx enables customers to transform and automate their software delivery processes. OpsMx builds on open-source Spinnaker and Argo with services and software that helps DevOps teams SHIP BETTER SOFTWARE FASTER.