DevOps9 min readJanuary 20, 2024
Kubernetes Multi-Cluster Management with ArgoCD and GitOps
Learn how to manage multiple Kubernetes clusters efficiently using ArgoCD, GitOps principles, and automated deployment pipelines for enterprise-scale operations.
TL;DR
Summary not available.
TL;DR
Managing multiple Kubernetes clusters becomes complex at enterprise scale. This guide demonstrates how to implement a robust multi-cluster management strategy using ArgoCD and GitOps principles, enabling consistent deployments, centralized monitoring, and automated rollbacks across development, staging, and production environments.
Introduction
As organizations scale their Kubernetes adoption, managing multiple clusters becomes a critical operational challenge. Whether you're running separate clusters for different environments, regions, or teams, maintaining consistency and visibility across your infrastructure requires sophisticated tooling and processes.
ArgoCD, combined with GitOps principles, provides an elegant solution for multi-cluster management that ensures:
- Declarative Configuration: Infrastructure and applications defined as code
- Automated Synchronization: Continuous deployment based on Git state
- Centralized Visibility: Single pane of glass for all clusters
- Audit Trail: Complete history of changes and deployments
Architecture Overview
Our multi-cluster setup consists of:
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ Dev Cluster │ │ Staging Cluster │ │ Prod Cluster │
│ │ │ │ │ │
│ ┌─────────────┐ │ │ ┌─────────────┐ │ │ ┌─────────────┐ │
│ │ ArgoCD Agent│ │ │ │ ArgoCD Agent│ │ │ │ ArgoCD Agent│ │
│ └─────────────┘ │ │ └─────────────┘ │ │ └─────────────┘ │
└─────────────────┘ └─────────────────┘ └─────────────────┘
│ │ │
└───────────────────────┼───────────────────────┘
│
┌─────────────────┐
│ Management │
│ Cluster │
│ ┌─────────────┐ │
│ │ArgoCD Server│ │
│ └─────────────┘ │
└─────────────────┘
│
┌─────────────────┐
│ Git Repository│
│ │
│ ├── apps/ │
│ ├── clusters/ │
│ └── config/ │
└─────────────────┘Prerequisites
Before implementing multi-cluster management, ensure you have:
- Multiple Kubernetes clusters (dev, staging, production)
- Git repository for storing configurations
- kubectl configured with access to all clusters
- Helm installed for package management
- Basic understanding of Kubernetes and GitOps concepts
Setting Up ArgoCD for Multi-Cluster Management
Step 1: Install ArgoCD on Management Cluster
# Create ArgoCD namespace
kubectl create namespace argocd
# Install ArgoCD
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
# Wait for ArgoCD to be ready
kubectl wait --for=condition=available --timeout=300s deployment/argocd-server -n argocd
# Get initial admin password
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -dStep 2: Configure ArgoCD for External Access
# argocd-server-service.yaml
apiVersion: v1
kind: Service
metadata:
name: argocd-server
namespace: argocd
spec:
type: LoadBalancer # or NodePort for on-premises
ports:
- port: 80
targetPort: 8080
protocol: TCP
selector:
app.kubernetes.io/name: argocd-serverStep 3: Register Additional Clusters
# Login to ArgoCD CLI
argocd login <ARGOCD_SERVER>
# Add development cluster
argocd cluster add dev-cluster-context --name dev-cluster
# Add staging cluster
argocd cluster add staging-cluster-context --name staging-cluster
# Add production cluster
argocd cluster add prod-cluster-context --name prod-cluster
# List registered clusters
argocd cluster listGitOps Repository Structure
Organize your Git repository for multi-cluster management:
gitops-repo/
├── apps/
│ ├── base/
│ │ ├── kustomization.yaml
│ │ └── deployment.yaml
│ ├── overlays/
│ │ ├── dev/
│ │ │ ├── kustomization.yaml
│ │ │ └── patches/
│ │ ├── staging/
│ │ │ ├── kustomization.yaml
│ │ │ └── patches/
│ │ └── prod/
│ │ ├── kustomization.yaml
│ │ └── patches/
├── clusters/
│ ├── dev/
│ │ └── applications.yaml
│ ├── staging/
│ │ └── applications.yaml
│ └── prod/
│ └── applications.yaml
└── bootstrap/
└── root-app.yamlApplication Configuration Example
# clusters/dev/applications.yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: web-app-dev
namespace: argocd
spec:
project: default
source:
repoURL: https://github.com/your-org/gitops-repo
targetRevision: HEAD
path: apps/overlays/dev
destination:
server: https://dev-cluster-api-server
namespace: web-app
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=trueImplementing GitOps Workflows
Environment Promotion Pipeline
# .github/workflows/promote.yml
name: Environment Promotion
on:
workflow_dispatch:
inputs:
environment:
description: 'Target environment'
required: true
type: choice
options:
- staging
- production
jobs:
promote:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Promote to Staging
if: github.event.inputs.environment == 'staging'
run: |
# Copy dev configs to staging with modifications
cp -r apps/overlays/dev/* apps/overlays/staging/
# Update image tags, resource limits, etc.
- name: Promote to Production
if: github.event.inputs.environment == 'production'
run: |
# Copy staging configs to production
cp -r apps/overlays/staging/* apps/overlays/prod/
# Apply production-specific configurations
- name: Commit and Push
run: |
git config --local user.email "action@github.com"
git config --local user.name "GitHub Action"
git add .
git commit -m "Promote to ${{ github.event.inputs.environment }}"
git pushAutomated Rollback Strategy
#!/bin/bash
# rollback.sh - Automated rollback script
CLUSTER=$1
APP_NAME=$2
REVISION=${3:-"HEAD~1"}
if [ -z "$CLUSTER" ] || [ -z "$APP_NAME" ]; then
echo "Usage: $0 <cluster> <app-name> [revision]"
exit 1
fi
echo "Rolling back $APP_NAME in $CLUSTER to revision $REVISION"
# Get previous working revision
PREVIOUS_REVISION=$(git log --oneline -n 5 --grep="$APP_NAME" --grep="$CLUSTER" | sed -n '2p' | cut -d' ' -f1)
if [ -z "$PREVIOUS_REVISION" ]; then
echo "No previous revision found for $APP_NAME in $CLUSTER"
exit 1
fi
# Create rollback branch
git checkout -b "rollback-$APP_NAME-$CLUSTER-$(date +%s)"
# Revert to previous working state
git revert --no-edit $PREVIOUS_REVISION
# Push rollback
git push origin HEAD
echo "Rollback initiated. ArgoCD will sync automatically."Monitoring and Observability
ArgoCD Application Health Monitoring
# monitoring/argocd-monitoring.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-notifications-cm
namespace: argocd
data:
service.slack: |
token: $slack-token
template.app-deployed: |
message: |
Application {{.app.metadata.name}} is now running new version.
template.app-health-degraded: |
message: |
Application {{.app.metadata.name}} has degraded health.
template.app-sync-failed: |
message: |
Application {{.app.metadata.name}} sync failed.
trigger.on-deployed: |
- when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy'
send: [app-deployed]
trigger.on-health-degraded: |
- when: app.status.health.status == 'Degraded'
send: [app-health-degraded]
trigger.on-sync-failed: |
- when: app.status.operationState.phase in ['Error', 'Failed']
send: [app-sync-failed]Cluster Resource Monitoring
#!/bin/bash
# cluster-health-check.sh
CLUSTERS=("dev-cluster" "staging-cluster" "prod-cluster")
for cluster in "${CLUSTERS[@]}"; do
echo "=== Checking $cluster ==="
# Switch context
kubectl config use-context $cluster
# Check node status
echo "Node Status:"
kubectl get nodes --no-headers | awk '{print $1, $2}'
# Check critical pods
echo "Critical Pods:"
kubectl get pods -A --field-selector=status.phase!=Running --no-headers | wc -l
# Check resource usage
echo "Resource Usage:"
kubectl top nodes --no-headers | awk '{cpu+=$3; mem+=$5} END {print "CPU:", cpu"m", "Memory:", mem"Mi"}'
# Check ArgoCD app health
echo "ArgoCD Applications:"
argocd app list --cluster $cluster --output json | jq -r '.[] | "\(.metadata.name): \(.status.health.status)"'
echo ""
doneSecurity and Access Control
RBAC Configuration for Multi-Cluster
# rbac/dev-team-rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: dev-team
namespace: argocd
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: dev-team-role
rules:
- apiGroups: ["argoproj.io"]
resources: ["applications"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
resourceNames: ["dev-*"] # Only dev applications
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dev-team-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dev-team-role
subjects:
- kind: ServiceAccount
name: dev-team
namespace: argocdCluster Access Policies
# argocd-rbac-cm.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-rbac-cm
namespace: argocd
data:
policy.default: role:readonly
policy.csv: |
# DevOps team - full access to dev and staging
g, devops-team, role:admin
p, role:admin, applications, *, dev-cluster/*, allow
p, role:admin, applications, *, staging-cluster/*, allow
# Production team - full access to production
g, prod-team, role:prod-admin
p, role:prod-admin, applications, *, prod-cluster/*, allow
# Developers - read-only access to dev
g, dev-team, role:dev-readonly
p, role:dev-readonly, applications, get, dev-cluster/*, allow
p, role:dev-readonly, applications, list, dev-cluster/*, allowDisaster Recovery and Backup
Automated Backup Strategy
#!/bin/bash
# backup-gitops.sh - Backup ArgoCD configurations
BACKUP_DIR="/backups/argocd/$(date +%Y%m%d)"
mkdir -p $BACKUP_DIR
echo "Starting ArgoCD backup..."
# Export all applications
argocd app list -o yaml > $BACKUP_DIR/applications.yaml
# Export all projects
argocd proj list -o yaml > $BACKUP_DIR/projects.yaml
# Export cluster configurations
argocd cluster list -o yaml > $BACKUP_DIR/clusters.yaml
# Export repositories
argocd repo list -o yaml > $BACKUP_DIR/repositories.yaml
# Backup RBAC policies
kubectl get configmap argocd-rbac-cm -n argocd -o yaml > $BACKUP_DIR/rbac-config.yaml
# Backup ArgoCD settings
kubectl get configmap argocd-cm -n argocd -o yaml > $BACKUP_DIR/argocd-config.yaml
# Create tarball
tar -czf $BACKUP_DIR.tar.gz -C /backups/argocd $(basename $BACKUP_DIR)
echo "Backup completed: $BACKUP_DIR.tar.gz"
# Cleanup old backups (keep last 30 days)
find /backups/argocd -name "*.tar.gz" -mtime +30 -deleteTroubleshooting Common Issues
Application Sync Failures
# Debug sync issues
argocd app get <app-name> --show-operation
# Force refresh from Git
argocd app get <app-name> --refresh
# Manual sync with prune
argocd app sync <app-name> --prune
# Check application events
kubectl describe application <app-name> -n argocdCluster Connectivity Issues
# Test cluster connectivity
argocd cluster list
# Refresh cluster connection
argocd cluster get <cluster-name> --refresh
# Update cluster credentials
kubectl config view --raw -o json | argocd cluster add <context-name>Resource Conflicts Resolution
# Use sync waves to control deployment order
apiVersion: apps/v1
kind: Deployment
metadata:
name: database
annotations:
argocd.argoproj.io/sync-wave: "1" # Deploy first
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: web-app
annotations:
argocd.argoproj.io/sync-wave: "2" # Deploy after databasePerformance Optimization
Scaling ArgoCD for Large Deployments
# argocd-server-deployment-patch.yaml
spec:
replicas: 3
template:
spec:
containers:
- name: argocd-server
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
env:
- name: ARGOCD_SERVER_PARALLELISM_LIMIT
value: "20"Repository Caching Optimization
# argocd-repo-server-patch.yaml
spec:
template:
spec:
containers:
- name: repo-server
env:
- name: ARGOCD_EXEC_TIMEOUT
value: "300s"
- name: ARGOCD_GIT_ATTEMPTS_COUNT
value: "3"
volumeMounts:
- name: repo-cache
mountPath: /tmp/argo-cache
volumes:
- name: repo-cache
emptyDir:
sizeLimit: 10GiKey Takeaways
- Centralized Management: ArgoCD provides unified control over multiple clusters while maintaining GitOps principles
- Security First: Implement proper RBAC and access controls for different teams and environments
- Automation is Key: Automate deployments, rollbacks, and monitoring to reduce human error
- Monitor Everything: Comprehensive monitoring and alerting are essential for multi-cluster operations
- Plan for Disaster: Regular backups and tested disaster recovery procedures are critical
- Start Small: Begin with development clusters and gradually expand to production workloads
- Documentation: Maintain clear documentation of cluster configurations and procedures
Conclusion
Multi-cluster Kubernetes management with ArgoCD and GitOps provides a robust, scalable solution for enterprise container orchestration. By implementing declarative configurations, automated deployments, and centralized monitoring, teams can maintain consistency across environments while reducing operational overhead.
The key to success lies in proper planning, security implementation, and gradual adoption. Start with non-critical workloads, establish monitoring and backup procedures, and gradually expand to production systems as your team gains confidence with the tooling.
Remember that GitOps is not just about tooling—it's a cultural shift toward treating infrastructure as code and embracing automation for reliability and scalability.
This guide provides a foundation for multi-cluster management. Adapt the configurations and procedures to match your organization's specific requirements and security policies.
Tags
#Kubernetes#ArgoCD#GitOps#DevOps#CI/CD#Multi-Cluster
Was this helpful?