CD with Argo CD

By Raj Marni. March 28, 2025. Revised. Version: 0.0.04

1. Introduction

K8s software development demands rapid, reliable, and repeatable delivery of code into production. In the k8or Orbit ecosystem, Continuous Delivery is achieved through a tightly integrated pipeline that combines:

  • Source Code and Docker Image Management (via CodeSource: Components C100 – GitLab App Repo and C96 – Docker Hub),

  • Automated Deployment (via Argo CD, Component C108),

  • Secure and Governed Access to Clusters (via AccessPoint, Component C52),

  • User Interaction through a Central Portal (Component C8), and

  • Additional Orchestration and Logging provided by other supporting components (e.g., SyncMaster, K8Rngr, Transfer).

This document details how these components interact to ensure that every code change is built, tested, and deployed with high levels of security, traceability, and consistency across environments.

2. Overview of the Continuous Delivery Process

In k8or Orbit, the CD pipeline begins with code and container image updates in the CodeSource meta-component. Once new code is committed to GitLab (C100) and corresponding Docker images are built and stored in Docker Hub (C96), the process moves seamlessly into deployment:

  • Argo CD (C108) monitors these repositories, pulls the latest manifests (generated via automated processes, often updated in ChartStore or via Kustomize), and synchronizes the desired state with the target Kubernetes clusters.

  • AccessPoint (C52) provides a secure, central gateway ensuring that all deployment requests are authenticated and authorized before reaching the cluster.

  • The Portal (C8) serves as the primary interface for users to trigger and monitor the CD process, while backend services coordinate the heavy lifting.

3. Key Components in the CD Process

3.1 CodeSource Meta-Component (C100 & C96)

  • C100 – GitLab App Repo

    • Acts as the version control system where source code, Kubernetes manifests, and configuration files are stored.

    • Changes in GitLab trigger CI/CD pipelines to build new Docker images.

  • C96 – Docker Hub

    • Stores the Docker images produced by the CI process.

    • Maintains versioned images that Argo CD uses for deployments.

Together, these components ensure that all artifacts are version-controlled, auditable, and available for deployment.

3.2 Argo CD Controller (C108)

  • Continuous Synchronization

    • Argo CD continuously monitors the Git repositories (from C100) and detects any configuration changes.

    • When changes occur, Argo CD fetches the updated manifests (Helm charts, Kustomize overlays) and applies them to the target Kubernetes clusters.

  • Deployment Automation

    • Supports advanced deployment strategies (rolling updates, blue-green, canary).

    • Provides real-time feedback on deployment status, integrating with monitoring tools for health checks and alerts.

3.3 AccessPoint (C52)

  • Secure Gateway

    • All deployment requests pass through AccessPoint, which enforces strict authentication and authorization using RBAC and TLS.

    • Ensures that only trusted, verified requests from the orbit-plane are allowed to modify cluster states in the cluster plane.

3.4 Additional Supporting Components

  • Portal (C8):

    • Provides a user-friendly interface to initiate deployments, monitor statuses, and view logs.

  • K8Rngr (C128):

    • Although focused on cluster creation, it also plays a role by ensuring that clusters are provisioned with standard configurations and integrated into the CD pipeline.

  • SyncMaster & Others:

    • Coordinate updates, propagate events across multiple clusters, and ensure overall system consistency.

4. Detailed Workflow

4.1 Artifact Generation and Storage

  1. Source Code Commit:

    • A developer commits code changes to a GitLab repository (C100).

    • Automated CI/CD pipelines (e.g., GitLab CI or Jenkins) build the new Docker image.

  2. Docker Image Build:

    • The built image is pushed to Docker Hub (C96) and tagged with a version number corresponding to the commit or release cycle.

  3. Manifest Generation:

    • The CI/CD pipeline or a dedicated microservice generates/updats Kubernetes manifests (Helm charts, Kustomize overlays) that reference the new Docker image.

    • These manifests may be stored in a ChartStore (C20) or directly committed to a Git repository monitored by Argo CD.

4.2 Deployment via Argo CD

  1. Monitoring for Changes:

    • Argo CD (C108) continuously polls the Git repository or ChartStore for changes.

  2. Synchronization:

    • Once a change is detected, Argo CD calculates the delta between the desired state (from the repo) and the current state in the target Kubernetes cluster.

  3. ApplicationSet & Deployment:

    • Argo CD uses its ApplicationSet feature to deploy these updated manifests across the specified clusters, applying deployment strategies such as rolling updates.

  4. Feedback and Verification:

    • The successful deployment is communicated back to the Portal (C8) and logged through SyncMaster, with AccessPoint (C52) ensuring secure communication.

    • Health checks and performance metrics are monitored (potentially by InsightHub) to verify that the new version is running as expected.

4.3 Continuous Delivery Cycle

  • Ongoing Updates:

    • Every new commit triggers the CI/CD process, ensuring the continuous delivery pipeline remains active.

  • Rollback Mechanism:

    • In the event of a failure, Argo CD can roll back to a previous, stable version based on stored chart versions or Git history.

  • Audit Trails:

    • All actions (build, deploy, error events) are logged in centralized logging systems (ChartStore, user-event logs) to ensure traceability and compliance.

5. Security and Compliance

  • Access Controls:

    • Each deployment request is authenticated via AccessPoint and validated against RBAC policies.

  • Encrypted Communication:

    • All data in transit between components (GitLab, Docker Hub, Argo CD, K3s clusters) is encrypted using TLS.

  • Audit Logging:

    • Detailed logs of every deployment, including build success, deployment state, and rollback events, are maintained to support compliance and forensics.

6. Benefits & Impact

  1. Automated, Continuous Deployments:

    • The integration of CodeSource and Argo CD allows for fully automated deployments, reducing manual intervention and speeding up the release cycle.

  2. Improved Reliability and Rollback:

    • Real-time synchronization and automated health checks ensure that deployments are reliable. In case of failures, rollback mechanisms can quickly restore previous stable states.

  3. Security & Compliance:

    • Centralized access control and logging provide robust security and help meet regulatory compliance.

  4. Scalability:

    • The pipeline is designed to handle multiple clusters and environments, enabling seamless scaling as the organization grows.

PreviousCluster Bootstrap with Argo CDNextCluster Matrix with K8rix

Last updated