Manage clusters and applications at scale with Argo CD Agent on Red Hat OpenShift GitOps

The Argo CD Agent is now Generally Available with the release of Red Hat OpenShift GitOps 1.19. Organizations using Kubernetes and OpenShift have widely adopted the GitOps methodology to manage clusters and applications, with Argo CD being the leading open source GitOps solution on Kubernetes. However, organizations adopting Argo CD have faced challenges selecting an appropriate Argo CD deployment model. There's often a choice between prioritizing scalability across multiple clusters or to implement centralized GitOps management. The Argo CD Agent for OpenShift GitOps solves this challenge by combining the best of both traditional Argo CD deployment models: Centralized and distributed.

What is a centralized deployment model?

Prior to the Argo CD Agent, organizations adopting Argo CD would have to choose between two deployment models, each with its own strengths and weaknesses. This could also mean adopting different deployment models for different use cases.

In the centralized model, an organization deploys a single Argo CD that centrally manages a fleet of clusters. This had the advantage of providing a "single pane of glass" for management, making it convenient for teams to manage a variety of infrastructure and applications.

The disadvantage of this approach was that it could only scale so far. An organization with large fleets of clusters or application inventory would inevitably hit a point where Argo CD performance became problematic. Additionally, this model is a single point of failure (SPOF). If Argo CD is down, then the organization loses the ability to manage the entire fleet.

What is a distributed deployment model?

In the distributed model, many instances of Argo CD are installed, sometimes one for each cluster it manages, according to use cases and organizational structure. The advantage of this approach is that scalability is no longer a challenge because there are multiple instances in play. Additionally, there's no longer a SPOF, because management is spread across multiple instances of Argo CD.

The disadvantage of this topology is that it loses the single pane of glass for management that the centralized topology provides. Operational complexity is also increased because the organization now needs to manage multiple instances of Argo CD.

Why Argo CD Agent?

The Argo CD Agent neatly solves the challenges of these two topologies by combining the best of both centralized and distributed. Argo CD Agent enables your organization to have the single pane of glass for management by deploying the Argo CD user interface and API in a centralized control plane, while achieving scalability by distributing the other components of Argo CD, such as the application controller, across the fleet of clusters.

Managed and autonomous modes

Argo CD Agent supports two modes of operation: Managed and autonomous.

In managed mode, Argo CD applications are deployed in the centralized control plane, and then conveyed automatically to the managed clusters. In autonomous mode, applications are deployed to manage clusters independently from the control plane.

You're free to mix modes in the same control plane, so you can choose the optimum mode for specific use cases. Regardless of the mode being used, all applications are available to view in the control plane, which maintains a consistent single pane of glass view.

Event-driven architecture

How does the Argo CD Agent achieve this magic while providing resilience over potentially high latency and unreliable network transport? A key component is event-driven architecture (EDA).

Communication between the agents and the control plane happens through a stream of events. In cases where communication is interrupted, the Argo CD Agent on the managed cluster continues to manage the existing applications already deployed without relying on communication from the control plane. Once communication is re-established, the event stream is more seamlessly resumed and application statuses are updated on the control plane.

Argo CD Agent makes this EDA work successfully by deploying two additional components:

• Principal: Deployed in the control plane alongside the argocd-server component, which provides the centralized UI and API for the single pane of glass. The principal is responsible for managing communication by relaying statuses and commands (sync, refresh, and so on) between the control hub and the agents on the managed clusters. It also acts as a proxy for resource requests.
• Agent: Deployed on each managed cluster along with the application-controller, thereby providing the scalability.

Communication between the principal and agent is done in a pull fashion. The agent always initiates any communication with the principal. This means that you typically don't need to adjust network firewalls when deploying the Argo CD Agent, because firewalls are typically designed to block incoming traffic to clusters and not outbound.

Encryption

The agent uses mutual TLS to ensure that the principal and agent communicate privately. This helps ensure that the two components are properly authenticated and authorized. As a result, when you deploy these components you must provide a TLS certificate issued by a common authority.

In the future, we plan for Red Hat Advanced Cluster Management to provide an add-on to simplify bootstrapping Argo CD Agent on remote clusters by managing the required configuration and certificates. This will enable your organization to efficiently and effectively add the agent to new clusters as they are created or come under management.

Get started today

To get started, review the documentation on the Argo CD Agent and reference this documentation for how to install the Agent.

Prerequisites:

• Red Hat OpenShift GitOps v1.19
• Requires an OpenShift Platform Plus subscription on each cluster that runs the OpenShift GitOps Agent. The control plane of OpenShift GitOps is still available with Red Hat OpenShift Container Platform, but usage of the agent requires an OpenShift® Platform Plus subscription.

Try this interactive demonstration

Click the image below to view an interactive demonstration of the Argo CD Agent running in managed mode.