datadome.co Introduction to ArgoCD Xavier Krantz - SRE 2024-04-19 Kubernetes clusters and applications management

datadome.co 2 Agenda Kubernetes new paradigms How do we deploy Kubernetes applications today? Introduction to ArgoCD Q&A ? 3. 2. 1.

datadome.co datadome.co Kubernetes new paradigms 3 1

datadome.co 1 - Kubernetes new paradigms 4

datadome.co 1 - Kubernetes new paradigms 5

datadome.co 1 - Kubernetes new paradigms 6 https://kubernetes.io/docs/concepts/

datadome.co 1 - Kubernetes new paradigms https://kubernetes.io/docs/concepts/ 7

datadome.co 1 - Kubernetes new paradigms https://kubernetes.io/docs/concepts/ 8

datadome.co datadome.co How do we deploy Kubernetes applications today? 9 2

datadome.co 2 - How do we deploy today? 10

datadome.co 2 - How do we deploy today? 11

datadome.co 2 - How do we deploy today? 12

datadome.co 2 - How do we deploy today? 13

datadome.co 2 - How do we deploy today? 14

datadome.co 2 - How do we deploy today? 15

datadome.co 2 - How do we deploy today? 16

datadome.co 2 - How do we deploy today? 17 Challenges and pain points ● Deployment of Helm releases through Terraform’s Helm provider ● 5 level of nested code 1. Terraform “stack” 2. DataDome Terraform Module 3. Upstream Terraform module 4. DataDome Helm charts 5. Upstream Helm charts ● Change propagation flow seems complex and restrictive ● Due to the nesting of the code-base ● Terraform changes are driven by Atlantis Workflow (does not fit every team)

datadome.co datadome.co ArgoCD introduction 18 3

datadome.co 3 - ArgoCD 19

datadome.co 3 - ArgoCD 20

datadome.co https://argo-cd.readthedocs.io/en/stable/ 3 - ArgoCD 21

datadome.co https://argo-cd.readthedocs.io/en/stable/ A declarative, GitOps continuous delivery tool for Kubernetes. 3 - ArgoCD 22

datadome.co https://argo-cd.readthedocs.io/en/stable/ Features 3 - ArgoCD 23 ● Automated deployment of applications to specified target environments ● Support for multiple config management/templating tools ● Ability to manage and deploy to multiple clusters ● SSO Integration (OIDC, OAuth2, LDAP, SAML 2.0, GitHub, …) ● Multi-tenancy and RBAC policies for authorization ● Rollback/Roll-anywhere to any application configuration committed in Git repository ● Health status analysis of application resources ● Automated configuration drift detection and visualization ● Automated or manual syncing of applications to its desired state ● Web UI which provides real-time view of application activity ● CLI for automation and CI integration ● Webhook integration (GitHub, BitBucket, GitLab) ● Access tokens for automation ● PreSync, Sync, PostSync hooks to support complex application rollouts (e.g.blue/green & canary upgrades) ● Audit trails for application events and API calls ● Prometheus metrics ● Parameter overrides for overriding helm parameters in Git ● …

datadome.co How it can help? ● Provides a better “view” and control of Kubernetes-specific resources ○ Using ArgoCD UI ○ Using ArgoCD GitOps functionalities for Kubernetes applications deployment ● Allows a clear separation of concerns between ○ the infrastructure resources (AWS), ○ the “platform components” (Kubernetes applications), ○ and the business applications (Kubernetes applications) ● Simplifies the Kubernetes Clusters management (from SRE point of view) ● Simplifies the Kubernetes Applications deployment and management (from Non-SRE point of view) 3 - ArgoCD 24

datadome.co datadome.co Demo 25

datadome.co 26

datadome.co 27

datadome.co 28

datadome.co 29

datadome.co 30

datadome.co 31

datadome.co 32

datadome.co 33

datadome.co 34

datadome.co 35

datadome.co datadome.co Any questions? Thank you! 36

datadome.co Miscellaneous 37 ArgoCD topology

datadome.co Miscellaneous 38 ArgoCD topology (2)

datadome.co Miscellaneous 39 Kustomize.io

datadome.co Miscellaneous 40 Deployment promotion workflow