Argocd
Pull-based CD for K8S
Best practice
-
- Separate your Git repositories (source code, configs)
- Create a directory structure to enable a multi-application system for your Argo CD deployments
- Do: We suggest modeling your environments or clusters using different folders instead of branches in your configuration repository (e.g., prod, staging, testing, etc.).
- Do: Make sure your cluster and environment configurations repositories are separated (i.e., separate your prod configuration in a different repository from staging).
- Do: Create an ‘argocd’ folder in your configuration repository for each cluster and create an Argo CD Application manifest for each app in the cluster’s repository.
- Do: Leverage a multi-folder or a multi-repo structure instead of a multi-branch approach. You should NOT have permanent branches for your clusters or environments.
- Don’t: Never put any independent applications or applications managed by different teams in the same repository.
- Determine a promotion strategy (ApplicationSet, Generator)
- Manage your secrets securely
- Mozilla SOPS - Key with encrypted value in YAML
- Argo HC Vault Plugin - inject/mouth secret from Vault into K8S. like using ansible-jinja template