![MMS Founder](https://mobilemonitoringsolutions.com/wp-content/uploads/2019/04/by-RSS-Image@2x.png)
MMS • Srini Penchikala
Article originally posted on InfoQ. Visit InfoQ
![](https://mobilemonitoringsolutions.com/wp-content/uploads/2022/11/logo-big-1.jpg)
Argo, a CNCF project, helps engineers to use Kubernetes covering many use cases from GitOps-based continuous deployment to event-based workflow automation. It can also be used to create an end-to-end DevOps platform. Alexander Matyushentsev from Akuity and Leonardo Luz Almeida from Intuit, maintainers of CNCF project, spoke last week at KubeCon CloudNativeCon North America 2022 Conference about how to build a production-grade Argo-based DevOps platform using Argoproj framework and best patterns on scaling it to support large enterprise needs.
Matyushentsev and Almeida started the presentation with a DevOps approach based on production tickets vs Gitops. They discussed how to get a Change Request (CR) in production approved, which is typically a workflow process. Argocd can be interfaced with your own Git provider to integrate the CI/CD and DevOps processes into the software development lifecycle. They discussed two approaches for managing the Git repos: Centralized Repo vs Individual Repo.
Centralized repo is where the application code and manifest files are maintained in the same repository. This makes it easier to store and track the source code and configuration files together but it suffers from a harder authentication model and a complex overal CI process. Individual repo approach offers the advantage of a simpler or no CI process, easier authentication model between Dev and Ops teams, and cleaner history. But one of the downsides is its decentralized nature which requires additional management effort.
They discussed how to generate Kubernetes manifest files using the Kustomize tool. You can leverage the overlay concept supported by the tool to manage the differences between Dev, Stage, and Production environments.
Argo framework also supports multi-tenancy that helps to manage the hierarchy and dependencies between different aspects of software development like projects, applications and teams. They also showed how to setup single sign-on (SSO) using the OIDC protocol supported by Argo CD. It works out of the box with OIDC-compatible provides like Auth0, Okta, and Azure IDP.
For authorization and access control requirements, Argo CD uses role based access model (RBAC) powered by Casbin framework. Casbin offers flexible configuration and allows to define groups with arbitrary set of permissions.
Projects in Argo CD provide the multi-tenancy capability based on a logical grouping for applications. It allows to define boundaries and isolate teams from each other. We can connect SSO and RBAC settings which helps to integrate authentication and authorization to get an unified security model. Matyushentsev and Almeida demonstrated a project setup by showing the details using an example YAML file.
They said Pull Requests (PRs) can replace the traditional support tickets in the CI/CD process. Store Argo CD configuration in a Git repo and use Argo CD to self-apply Git changes. Application developers can self-onboard via PRs and platform admin users can review the changes and either approve or reject PRs. No need for separate tickets and offline approvals to deploy changes. Git also has the advantage of having no database dependencies, so it’s relatively isolated and easier to install and configure in terms of deployments and dependency management.
The speakers concluded the presentation by showing an Argo CD control plane demo application and walked throught the details of installation and configuration of Argo CD, how to onboard a team with multi-tenancy setup, and how to define cluster level resources like cluster role, role binding etc.
For more information on this and other sessions, check out KubeCon NA 2022 conference’s main website.