top of page

Getting the Best from ArgoCD: Proven Tips for Improved Productivity

Jānis Orlovs


Are you looking for the ultimate productivity tips for ArgoCD? Check out our proven techniques to get the most out of ArgoCD.


For many ArgoCD is the definition of a modern GitOps tool. Created by Inuit a financial services company, donated to the open source community. It is extensively used across many industries, especially regulated ones. At CWISE we early majority adopters of ArgoCD, since 2019. Since then we have gained a lot of experience being effective operators. Here we will share some tips and tricks


Application Deployment Ordering using SyncWaves and InitContainers

Complexity to implement: medium

Let's assume your application consists of multiple app deployments or even multiple helm charts. In order to successfully to deploy, there is needed to orchestrate deployment order.

In these cases, there are two techniques that we at CWISE use extensively:

  • Using ArgoCD Syncwaves and phases, to orchestrate resource creation within the same context (such as an application)

  • Using initContainers, to test if desired internal Kubernetes cluster endpoints (like application for backend) or external (like database is available)

        - name: wait-backend
          image: busybox
          command: ['sh', '-c', 'echo -e "Checking backend port availability"; while ! nc -z {{ .Values.appBackend.url }} 443; do sleep 1; printf "-"; done; echo -e "  >> Backend port available";']

Linking External URLs from ArgoCD

Complexity to implement: easy

Imagine a situation when you need to do fast troubleshooting for a gone-wrong deployment. Have you counted how many unnecessary steps you need to take before an appropriate monitoring dashboard or logging data set is found?

ArgoCD provides the ability to embed external links in resources via annotation


Scenarios where we find this functionality is valuable:

  • Linking directly to application logging data sets;

  • Connecting to application monitoring dashboards and alert manager;

  • Links to knowledge base articles and runbooks about the application;

  • Links to other external systems like CI/CD systems or service mesh management like Kiali


How to use this functionality: 1. Add annotation for resource:


  annotations:
    link.argocd.argoproj.io/external-link: http://my-grafana.example.com/pre-generated-link
  1. Redeploy and access link




Web-based Terminal in ArgoCD UI

Complexity to implement: easy-medium

You are a DevOps or platform engineer. Your supported development team needs access to the Kubernetes pods in the test environment. You can go the hard route by configuring Kubernetes credentials, roles, and rolebindings. Or use ArgoCD. that provides out-of-the-box with a web-based terminal available, to access the pod via UI


Scenarios where we find this functionality is valuable:

  • Enabling access to preview and dev environments for troubleshooting connectivity and functionality. However, we advise not to turn on this functionality in the production environment, as it can pose security risks if not locked down.


How to enable web terminal in ArgoCD:

  1. Via configuration map for non-helm or manual install LINK

  2. Via HELM values: LINK

configs:
  cm:
    exec.enabled: true
  1. [Optional] Prepare ArgoCD permissions for group to use terminal

p, role:myrole, exec, create, */*, allow
  1. [Optional] Assign roles to dev team



Extending ArgoCD via Custom Resource Actions and Resource Health

Complexity to implement: medium-hard

Let's say that you want to free up your time from small and safe operational tasks, but repetitive tasks, by providing self-service for your colleagues. Or improve application health checks to detect failures before it happen. ArgoCD provides an option to extend it functionality

Scenarios where we find this functionality is valuable:

  • Better alerting and detection via custom application health scripting.

  • Providing self-service options for other teams. Such as creating one-off Kubernetes jobs from a cronjob or refreshing external secrets object



  • Reducing exposure to low-level access to Kubernetes for standard operations tasks such as restart of deployment


How to implement custom actions and resource health:

  1. Custom resources actions: LINK

  2. Custom resources for application health: LINK

Useful resources:


ArgoCD Infrastructure As A Code Configuration

Complexity to implement: medium

Managing one ArgoCD or one central is pretty easy, but when there are more than x instances, complexity grows rapidly. Like managing at multiple instances, backups, and change tracking.

Configuration as A Code is a first-class citizen for ArgoCD, as it was designed as a stateless system.

Scenarios where we find this functionality is valuable:

  • General configuration such as configuring RBAC and SSO

dex.config: |
  connectors:
- type: ${platform}
  id: ${platform}
  name: ${platform == "github" ? "GitHub" : "bitbucket"}
  config:
   clientID: ${clientID}
   clientSecret: ${clientSecret}
   redirectURI: https://${subdomain}.${domain}/api/dex/callback
  scopes:
  - email
  - account
  orgs:
  - name: ${github_org} 
  • Repository configs and all other related things (this example is done via Terraform):

resource "kubernetes_secret" "argoproj-https-creds-github-template" {
  metadata {
    name      = "argoproj-https-creds-bitbucket-template"
    namespace = var.argocd_namespace
    labels = {
      "argocd.argoproj.io/secret-type" = "repo-creds"
    }
  }
  data = {
    url                     = "https://bitbucket.org/nctek"
    type                    = "git"
    username                = var.argocd_bitbucket_repo_creds_user
    password                = var.argocd_bitbucket_repo_creds_pass
  }
}
  • Providing backup and recovery for ArgoCD server fleets



Automatic Deployment/StatefulSet Restart Orchestration via Reloader

Complexity to implement: medium

Consider a scenario in ArgoCD where we need to restart applications deployed via DeploymentConfigs, Deployments, DaemonSets, and StatefulSets when the secret or config map is changed.

We use Reloader to provide such capabilities. Available community and enterprise version

Scenarios where we find this functionality is valuable:

  • Orchestrating DeploymentConfigs, Deployments, DaemonSets, and StatefulSets restarts after config map or secret changes

How to implement reloader:

  1. Install reloader via helm chart LINK

  2. Add annotations to objects within the deployment scope


Thank you for reading! Let us know if we can help you with your GitOps implementation

Recent Posts

See All
bottom of page