Forem: Unnati Mishra

GitOps: ArgoCD vs FluxCD

Unnati Mishra — Fri, 02 Aug 2024 10:12:24 +0000

Getting Started with GitOps

In the fast-paced world of software development, organizations are constantly seeking ways to streamline processes and improve efficiency through automation. The shift from waterfall models to hyper-agile methodologies, coupled with the adoption of microservices architecture, has led to much faster software releases. GitOps has emerged as a powerful approach to enable this rapid deployment cycle, implementing a control-loop pattern often seen in Kubernetes.

GitOps offers a more consistent and reliable way to handle infrastructure and deployment. In this blog, we'll explore what GitOps is, why it's gaining popularity among DevOps teams, and take a closer look at popular GitOps tools like Argo CD and Flux CD.

What is GitOps?

GitOps, a combination of 'Git' and 'Operations', is an approach to continuous deployment for cloud-native applications. It uses Git as the single source of truth for declarative infrastructure and applications. This means storing and managing all configuration files that describe how our application should be deployed and run in Git repositories.

The core principle of GitOps is treating everything - from application code to infrastructure - as code that can be version-controlled and managed using Git. When changes are needed, instead of manually executing commands or scripts, we make changes to our Git repository. A controller then detects these changes and applies them to our infrastructure.

Benefits of GitOps

Consistency and Reliability: With GitOps, the entire system configuration is stored in version control, providing a clear, auditable record of what should be deployed.
Faster Recovery and Easier Rollbacks: In case of issues, rolling back to a previous state is as simple as reverting to a previous commit in the Git history.
Security: Git's central point of control allows for strict access controls and enforced code reviews before changes are applied.
Improved Developer Experience: Developers can use familiar Git workflows to manage infrastructure, bridging the gap between development and operations.
Visibility and Traceability: All changes are recorded in Git, providing a clear record of who changed what and when.
Increased Automation: Pushing changes to Git can automatically trigger deployments, reducing manual work and speeding up processes.
Environment Consistency: GitOps makes it easier to maintain consistency between different environments (development, staging, production).
Increased Productivity: DORA's research suggests teams can ship 30-100 times more changes per day, increasing overall development output by 2-3 times.
Availability: With all configuration data in Git, organizations can easily deploy the same Kubernetes platform across different environments, leading to better availability.

Argo CD vs Flux CD

When implementing GitOps for Kubernetes, two popular tools stand out: Argo CD and Flux CD. Both are excellent choices, but they have some differences. Here's a comparison of their features:

Feature	Argo CD	Flux CD
Kubernetes-native	Yes	Yes
UI	Rich web-based UI	Capacitor GUI dashboard
Multi-tenancy	Built-in	Limited
Helm support	Native	Via Helm Operator
Kustomize support	Native	Native
Sync Mechanism	Automatic sync	Controller-based sync
Rollback capabilities	Yes	Yes
Health status	Yes	Relies on Kubernetes status
Image Updater	Add-on	Built-in
Advanced Deployment Strategies	Integrated with Argo rollouts	Supported via Flagger

Comparison between ArgoCD and FluxCD

In the next section, we will have a look at a quick demo of Argo CD and Flux CD.

Argo CD

In this quick demo of Argo CD we will go through the step-by-step process of Argo CD installation on kubernetes cluster. We will use Argo CD to deploy a sample guestbook application.

Prerequisites

Kubernetes cluster

Kubectl installed and configured.

Configuration of the git repository

Argo CD Installation

To install Argo CD, we need to have a Kubernetes cluster and kubectl installed and configured. You can check out the guide to install kubectl here.

Create a namespace for Argo CD

kubectl create namespace argocd

Install Argo CD

kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

Access the Argo CD api server

Port-forward the Argo CD server service

kubectl port-forward svc/argocd-server -n argocd 8080:443

Get the initial password of the admin user to authenticate

kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

Use this password to log into the Argo CD UI using username admin at the forwarded port on the localhost, in this example, it is http://localhost:8080

Deploy a sample application - guestbook

To deploy an app, we need to create an Application object. The spec will have information such as the source of the Kubernetes manifests to deploy the application, destination Kubernetes cluster, namespace, and sync policy. You can also provide more image updater specs via annotations. In this example, we are not using an image updater.

    apiVersion: argoproj.io/v1alpha1  
    kind: Application  
    metadata:  
    name: guestbook  
    namespace: argocd  
    spec:  
    project: default  
    source:  
    repoURL: https://github.com/argoproj/argocd-example-apps.git  
    targetRevision: HEAD  
    path: guestbook  
    destination:  
    server: https://kubernetes.default.svc  
    namespace: guestbook  
    syncPolicy:  
    automated:  
    prune: true  
    selfHeal: true  
    syncOptions:  
    -  CreateNamespace=true

Create the application

kubectl apply -f application.yaml

After applying the Argo CD application, the Argo CD controller will automatically monitor and apply the changes in the cluster. You can monitor this from the UI or

kubectl get apps -n argocd

Flux CD

In this demo of Flux CD we will understand its installation. We will use flux CD to deploy the ‘fleet-infa’ repository.

Prerequisites

Kubernetes Cluster
GitHub Personal Access Token. If you need help generating GitHub token check out this guide.

Objectives

Bootstrap Flux CD on a Kubernetes Cluster.

Deploy a sample application using Flux.

Customize the application configuration through Kustomize patches.

Install the Flux CLI

The Flux command-line interface (CLI) is used to bootstrap and interact with Flux CD

curl -s https://fluxcd.io/install.sh | sudo bash

Export Your Credentials

Export your GitHub personal access token and username.

export  GITHUB_TOKEN=<your-token>
export  GITHUB_USER=<your-username>

Check Your Kubernetes Cluster

Ensure your cluster is ready for Flux by running:

flux check --pre

Flux Installation

To bootstrap using a GitHub repository, run:

    flux bootstrap github \  
    --owner=$GITHUB_USER \  
    --repository=fleet-infra \  
    --branch=main \  
    --path=./clusters/my-cluster \  
    --personal

Clone the Git Repository

Clone the fleet-infra repository to your local machine:

    git clone https://github.com/$GITHUB_USER/fleet-infra  
    cd fleet-infra

Add podinfo Repository to Flux

Create a git repository manifest pointing to the podinfo repository’s master branch:

    flux create source git podinfo \  
    --url=https://github.com/stefanprodan/podinfo \  
    --branch=master \  
    --interval=1m \  
    --export > ./clusters/my-cluster/podinfo-source.yaml

Commit and push the podinfo-source.yaml file to the fleet-infra repository:

    git add -A && git commit -m "Add podinfo GitRepository"  
    git push

Deploy podinfo Application

Create a Kustomization manifest to deploy the podinfo application:

    flux create kustomization podinfo \  
    --target-namespace=default \  
    --source=podinfo \  
    --path="./kustomize" \  
    --prune=true \  
    --wait=true \  
    --interval=30m \  
    --retry-interval=2m \  
    --health-check-timeout=3m \  
    --export > ./clusters/my-cluster/podinfo-kustomization.yaml

Commit and push the podinfo-kustomization.yaml file to the repository:

git add -A && git commit -m "Add podinfo Kustomization"  
git push

Watch Flux Sync the Application

Use the flux get command to watch the podinfo app:

flux get kustomizations --watch

Verify the Deployment

Check if podinfo has been deployed on your cluster:

kubectl -n default get deployments,services

GitOps best practices

Git Workflows: Separate application repositories from git workflow repositories. Also, avoid using long-lived branches from different environments.
Simplify your Kubernetes files: Use tools like Kustomize and Helm to make your Kubernetes files simpler and easier to manage. Use both together to avoid repeating yourself.
Handle secrets carefully: Do not use your passwords or secrets directly in your Git files even if they are encrypted. Instead, use tools that can fetch secrets when needed.
Separate Build and Deployment Processes: Separate your build process from your deployment process. Let your CI system build and test your app and then let GitOps handle the build and put it in a server.

Ephemeral Environments using GitOps

Ephemeral environments, also known as preview environments, are short-lived environments that allow developers to test and preview changes in a production-like environment before merging them into the main branch.

These environments are typically created automatically when a pull request is opened and destroyed when the pull request is closed.

In the context of Kubernetes, tools like Argo CD and Flux CD can automate the creation and management of ephemeral environments, making it easier to implement this practice in a GitOps workflow. For more information on how to implement preview environments on Kubernetes with Argo CD, check out this guide by Piotr Minkowski.

Conclusion

GitOps is a game-changer for managing infrastructure and applications. It boosts consistency, reliability, collaboration, and workflow. Tools like Argo CD and Flux CD exemplify how GitOps streamlines deployment and enhances efficiency. Our comparison shows the strengths and specific use cases of both tools, highlighting how they make GitOps implementation seamless and effective.

K3s vs Talos Linux

Unnati Mishra — Mon, 22 Jul 2024 10:40:46 +0000

Introduction

In the world of Kubernetes, choosing the right technology can make a big difference in how smoothly and efficiently our applications run. This is where focused Kubernetes distributions like K3s and Talos Linux stand out.

From large data centers to smaller devices on the edge, Kubernetes plays an important role in managing applications across various environments. As multiple businesses are using Kubernetes at the edge to run AI nowadays, specialized versions like K3s and Talos have come to tackle various operational challenges.

K3s is known for being lightweight and easy to install, which makes it great for places with limited resources like edge computing and IoT. Meanwhile, Talos provides a more secure environment and is used for large-scale setups.

In this blog, we will discuss how K3s and Talos fit into Kubernetes deployments and the differences between the two. This will help you make the perfect choice based on your needs and goals.

What is K3s?

K3s was developed by Rancher Labs and donated to the CNCF. K3s is packaged as a single, less than 40 MB, binary that reduces the dependencies and steps needed to install, run, and auto-update a production Kubernetes cluster.

It is a lightweight yet powerful Kubernetes distribution designed for production workloads across IoT devices or resource-restrained remote locations. The main aim of K3s is to streamline the installation and management of Kubernetes clusters. It is easy to install and highly available.

How is K3s different from Kubernetes?

K3s is lightweight compared to the full distribution of Kubernetes.
It has fewer dependencies.
It is easier to deploy and manage.
It uses fewer resources (i.e. CPU, RAM, etc).
It has fewer built-in features and extensions.

K3s is ideal for smaller resource-constrained deployments, edge computing, and IoT while Kubernetes is more suited for large, complex deployments that have high resource requirements such as big data, machine learning, and high-performance computing.

What is Talos Linux?

Talos Linux is a modern Linux operating system distribution, written in Golang, that has specifically been built for the purpose of Kubernetes infrastructure. It has been designed to serve as the foundation for Kubernetes clusters.

In Talos, the cluster is accessed through APIs, which reduces the need for secure shelling (SSH) and therefore reduces the chances of surface attacks. It also helps avoid unexpected issues by creating an immutable layer on top of physical servers. This ensures that all servers are identical and have the same setup. Since it is API-managed, it makes operations automated, straightforward, and scalable.

You can read more about Talos here post.

The Differences between K3s and Talos Linux

Feature	Talos Linux	K3s
Size	Small in size	Medium in size
Role	OS For running the Kubernetes cluster	Lightweight Kubernetes distribution
Installation and Setup	Complex setup however can be simplified.	Simple setup
Architecture	Minimal, immutable OS; no SSH access or shell; API-driven configuration and management	Lightweight, single-binary; integrates container runtime, networking, and storage
Security	Has a strong focus on security with an immutable file system, no interactive login (SSH), and API-driven interactions	Follows essential security practices like RBAC, TLS encryption, automatic updates
Resource Requirements	Requires sufficient resources for effective Kubernetes operation; not for resource-constrained environments	Low resource requirements; suitable for low-power devices like IoT and edge devices.
Scalability	Supports scalable Kubernetes clusters in production environments; handles large-scale deployments	Supports clustering and high availability; generally used for smaller-scale deployments
Management and Maintenance	Managed through APIs; automated management with minimal manual intervention; less frequent maintenance and patching due to immutable infrastructure	Simplified management with standard Kubernetes tools and interfaces; easy to update and maintain; suitable for environments requiring ease of management
Community and Support	Growing community focused on security and production-grade deployments; strong documentation, community forums, and resources.	Active community backed by Rancher Labs (part of SUSE); extensive documentation, community support, and commercial support options available through Rancher

Usage of K3s and Talos Linux

Used for lightweight and resource-constrained environments.
It is perfect for edge computing, IoT, development and testing scenarios.
Helps in easy management and faster deployments.
Good fit for edge devices due to its security, reliability, and immutable ideology.
It is an excellent option for deploying Kubernetes on bare metal servers.
It is highly suitable for enterprise-level Kubernetes clusters.
It supports cloud platforms and virtualization platforms as well.

Conclusion

The choice between K3s and Talos Linux hinges on their specific use cases and future needs. It can be observed that the demand for lightweight Kubernetes is rising significantly. Industries have started to embrace edge computing, IoT, and other resource-constrained environments, making the ability to efficiently manage applications with minimal infrastructure of extreme importance.

As the demand for lightweight and efficient Kubernetes solutions grows, K3s is all-set to play a crucial role in helping in seamless and scalable application management in resource-limited environments. Meanwhile, Talos Linux will continue to be a robust choice for enterprises prioritizing security and reliability.

To conclude, the choice between K3s and Talos Linux should be guided by specific deployment needs, resource availability, and security considerations. Organizations can effectively meet their Kubernetes deployment goals by understanding the strengths of each and choosing accordingly.