GitOps solutions for Kubernetes
In this post I will compare the GitOps tools for Kubernetes.
Parts of the K8S Gitops series
- Part1: GitOps solutions for Kubernetes
- Part2: ArgoCD and kubeseal to encript secrets
- Part3: Argo CD Image Updater for automate image update
- Part4: Flux2 Install and Usage
- Part5: Flux2 and kubeseal to encrypt secrets
- Part6: Flux2 and Mozilla SOPS to encrypt secrets
- Part7: Flagger NGINX Canary Deployments
What is gitops?
GitOps is a way to manage the state of systems, through definitions of the desired state stored in files in a version control system usually Git. With git versioning you can manage your workflow more sourly. If something gos wrong you can rollback easily. There is multiple tools for GitOps in Kubernetes:
- Argo CD
- Flux CD
- Racher Fleet
FluxCD
Flux is described as a GitOps operator for Kubernetes that synchronises the state of manifests in a Git repository to what is running in a cluster. It can watch one single remote repository per installation and it will be able to apply changes only in the namespaces in which its underlying service account has permissions to change.
FluxCD Installation
flux bootstrap git \
--url=ssh://git@<host>/<org>/<repository> \
--branch=<my-branch> \
--path=clusters/my-cluster
FluxCD Conclusion
Advantages:
- More security with the namespace based separation
- There is a built-in solution for secret management.
- flagger for canary deployment
Disadvantage:
- Need to run multiple instance for different namespace control
- There is no User interface
ArgoCD
The basic principles of ArgoCD similar then FluxCD however, what makes it different is the capability to manage multi-tenant and multi-cluster deployments. It can use multiple git repository as source and can control multiple namespace or Kubernetes Cluster.
ArgoCD Installation
kubectl create namespace argocd
kubectl apply -n argocd -f \
https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
ArgoCD Conclusion
Advantages:
- It has a nice modern web UI
- It can manage multiple source repository and destination namespace or Kubernetes Cluster.
- Multiple types of identity providers are supported (OIDC, SAML, LDAP. etc…)
- Configuration drift detection
- Argo Rollouts for canary deployment
Disadvantage:
- There is no built-in solution for secret management
Fleet
Fleet is GitOps at scale. Fleet is designed to manage up to a million clusters. It’s also lightweight enough that is works great for a single cluster too, but it really shines when you get to a large scale
Fleet Installation
helm -n fleet-system install --create-namespace --wait \
fleet-crd https://github.com/rancher/fleet/releases/download/v0.3.3/fleet-crd-0.3.3.tgz
helm -n fleet-system install --create-namespace --wait \
fleet https://github.com/rancher/fleet/releases/download/v0.3.3/fleet-0.3.3.tgz
Fleet Conclusion
Advantages:
- Fleet is designed to manage many many clusters
Disadvantage:
- There is no built-in solution for secret management
- There is no User interface
- There is no built-in solution for canary deployment