ArgoCD Application controller that uses the hub-spoke pattern or pull model mechanism for decentralized resource delivery to the remote clusters. By using the Open Cluster Management (OCM) APIs and components, the ArgoCD Applications will be pull from the multi-cluster control plane hub cluster down to the registered OCM managed clusters.
The current ArgoCD resource delivery is primarily pushing resources from a centralized cluster to the remote/managed clusters.
By using this controller, users can have a pull model resource delivery mechanism.
The pull model offers some advantages over the existing push model:
- Scalability: well documented that hub-spoke pattern offers better scalability.
- Security: cluster credentials doesn't have to be stored in a centralized environment.
- Reduce the impact of a single point of centralized failure.
This ArgoCD pull model controller on the Hub cluster will create ManifestWork objects wrapping Application objects as payload. The OCM agent on the Managed cluster will see the ManifestWork on the Hub cluster and pull the Application down.
- The Open Cluster Management (OCM) multi-cluster environment needs to be setup. See OCM website on how to setup the environment.
- In this pull model, OCM will provide the cluster inventory and ability to deliver workload to the remote/managed clusters.
- Hub cluster and remote/managed clusters need to have ArgoCD Application installed. See ArgoCD website for more details.
-
Setup an OCM Hub cluster and registered an OCM Managed cluster.
-
Install ArgoCD on both clusters.
-
On the Hub cluster, scale down the Application controller:
kubectl -n argocd scale statefulset/argocd-application-controller --replicas 0
- Clone this project and connect to the Hub cluster and start the Pull controller:
git clone ...
cd argocd-pull-integration
export KUBECONFIG=/path/to/<hub-kubeconfig>
make run
- If your controller starts successfully, you should see:
...
INFO controller.application Starting EventSource {"reconciler group": "argoproj.io", "reconciler kind": "Application", "source": "kind source: *v1alpha1.Application"}
INFO controller.application Starting Controller {"reconciler group": "argoproj.io", "reconciler kind": "Application"}
INFO controller.application Starting workers {"reconciler group": "argoproj.io", "reconciler kind": "Application", "worker count": 1}
...
- On the Hub cluster, create an ArgoCD cluster secret that represent the managed cluster. This step can be automated with OCM auto import controller.
Note replace the
cluster-namewith the registered managed cluster name.
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
name: <cluster-name>-secret # cluster1-secret
namespace: argocd
labels:
argocd.argoproj.io/secret-type: cluster
type: Opaque
stringData:
name: <cluster-name> # cluster1
server: https://<cluster-name>-control-plane:6443 # https://cluster1-control-plane:6443
EOF
- On the Hub cluster, apply the manifests in
example/hub:
kubectl apply -f example/hub
- On the Managed cluster, apply the manifests in
example/managed:
kubectl apply -f example/managed
- On the Hub cluster, apply the
guestbook-app-setmanifest:
kubectl apply -f example/guestbook-app-set.yaml
Note The Application template inside the ApplicationSet must contain the following content:
labels:
argocd.argoproj.io/pull-to-ocm-managed-cluster: 'true'
annotations:
argocd.argoproj.io/skip-reconcile: "true"
argocd.argoproj.io/ocm-managed-cluster: '{{name}}'
The label allows the pull model controller to select the Application for processing.
The skip-reconcile annotation is to prevent the Application from reconciling on the Hub cluster.
The ocm-managed-cluster annotation is for the ApplicationSet to generate multiple Application based on each cluster generator targets.
- When this guestbook ApplicationSet reconciles, it will generate an Application for the registered ManagedCluster. For example:
$ kubectl -n argocd get appset
NAME AGE
guestbook-app 84s
$ kubectl -n argocd get app
NAME SYNC STATUS HEALTH STATUS
cluster1-guestbook-app
- On the Hub cluster, the pull controller will wrap the Application with a ManifestWork. For example:
$ kubectl -n cluster1 get manifestwork
NAME AGE
cluster1-guestbook-app-d0e5 2m41s
- On the Managed cluster, you should see the Application is pulled down successfully. For example:
$ kubectl -n argocd get app
NAME SYNC STATUS HEALTH STATUS
cluster2-guestbook-app Synced Healthy
$ kubectl -n guestbook get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
guestbook-ui 1/1 1 1 7m36s
Check the CONTRIBUTING Doc for how to contribute to the repo.
Slack channel: #open-cluster-mgmt
This code is released under the Apache 2.0 license. See the file LICENSE for more information.