All Posts
2024-10-10Hünkar Döner

EKS Management with GitOps: Using ArgoCD

GitOpsArgoCDEKSCI/CD
E

EKS Management with GitOps: Using ArgoCD

In traditional CI/CD processes (Jenkins, GitLab CI), the pipeline compiles the code and then pushes it to the Kubernetes cluster with the kubectl apply command (Push Model). However, this model can have security and synchronization issues. If someone makes a manual change in the cluster, the state in the cluster becomes inconsistent with the code in Git (Drift).

GitOps is a modern operating model that solves this problem. Its basic principle is: Git is the Single Source of Truth.

What is GitOps?

GitOps is a method where you keep your infrastructure and application code in a Git repository, and a tool (ArgoCD or Flux) constantly monitors this repo and applies changes to the cluster (Pull Model).

EKS Pipeline Example with ArgoCD

ArgoCD is a tool developed for Kubernetes that implements GitOps principles. Let's look at how to set up a pipeline using ArgoCD on Amazon EKS.

1. Installation

Install ArgoCD on your EKS cluster with Helm:

helm repo add argo https://argoproj.github.io/argo-helm
helm install argocd argo/argo-cd -n argocd --create-namespace

2. Application Definition (Application Manifest)

You must tell ArgoCD which repo to watch. Create a YAML file for this:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: my-app
  namespace: argocd
spec:
  project: default
  source:
    repoURL: https://github.com/user/my-k8s-repo.git
    targetRevision: HEAD
    path: k8s-manifests
  destination:
    server: https://kubernetes.default.svc
    namespace: my-app
  syncPolicy:
    automated:
      prune: true
      selfHeal: true

3. How the Process Works?

  1. Developer writes code and pushes to Git.
  2. CI tool (GitHub Actions) builds the Docker image and pushes to ECR.
  3. CI tool updates the image: v1 line in the Kubernetes manifest repo to image: v2 and commits.
  4. ArgoCD notices this change in Git.
  5. ArgoCD synchronizes the EKS cluster to the new state (v2) in Git.

Advantages

  • Security: Your CI tool (Jenkins/GitHub) does not need cluster access permission (admin). ArgoCD looks from inside the cluster out (to Git).
  • Rollback: Did something go wrong? Just revert in Git. ArgoCD goes back to the old version.
  • Visibility: You can clearly see the application status and synchronization history from the ArgoCD interface.

GitOps makes EKS management more secure, stable, and traceable.