Introducing Google’s Fleet-Argocd-Plugin, Simplifying Multi-Cluster Management for GKE Fleets
Give your teams self-service to empower them. Kubernetes with Argo CD and GKE fleets
It can be challenging to manage apps across several Kubernetes clusters, particularly when those clusters are spread across various environments or even cloud providers. Google Kubernetes Engine (GKE) fleets and Argo CD, a declarative, GitOps continuous delivery platform for Kubernetes, are combined in one potent and secure solution. Workload Identity and Connect Gateway further improve the solution.
This blog post explains how to use these offerings to build a strong, team-focused multi-cluster architecture. Google uses a prototype GKE fleet that has a control cluster to host Argo CD and application clusters for your workloads. It uses Connect Gateway and Workload Identity to improve security and expedite authentication, allowing Argo CD to safely administer clusters without having to deal with clumsy Kubernetes Services Accounts.
Additionally, it uses GKE Enterprise Teams to control resources and access, assisting in making sure that every team has the appropriate namespaces and permissions inside this safe environment.
Lastly, Google presents the fleet-argocd-plugin, a specially created Argo CD generator intended to make cluster management in this complex configuration easier. This plugin makes it simpler for platform administrators to manage resources and for application teams to concentrate on deployments by automatically importing your GKE Fleet cluster list into Argo CD and maintaining synchronized cluster information.
Follow along as Google Cloud:
- Build a GKE fleet that includes control and application clusters.
- Install Argo CD on the control cluster with Workload Identity and Connect Gateway set up.
- Set up GKE Enterprise Teams to have more precise access control.
- Install the fleet-argocd-plugin and use it to manage your multi-cluster, secure fleet with team awareness.
Using GKE Fleets, Argo CD, Connect Gateway, Workload Identity, and Teams, you will develop a strong and automated multi-cluster system by the end that is prepared to meet the various demands and security specifications of your company. Let’s get started!
Create a multi-cluster infrastructure using Argo CD and the GKE fleet
The procedure for configuring a prototype GKE fleet is simple:
- In the selected Google Cloud Project, enable the necessary APIs. This project serves as the host project for the fleet.
Installing the gcloud SDK and logging in with gcloud auth are prerequisites.
- Assign application clusters to your fleet host project and register them.
- Assemble groups within your fleet. Assume you have a webserver namespace and a single frontend team.
a. You may manage which team has access to particular namespaces on particular clusters by using fleet teams and fleet namespace.
- Argo CD should now be configured and deployed to the control cluster. As your application, create a new GKE cluster and set up Workload Identity.
- To communicate with the Argo CD API server, install the Argo CD CLI. It must be version 2.8.0 or later. The CLI installation guide contains comprehensive installation instructions.
- Install Argo CD on the cluster under control.
Argo CD generator customization
You have now installed Argo CD on the control cluster and your GKE fleet is operational. By saving their credentials (such as the address of the API server and login information) as Kubernetes Secrets inside the Argo CD namespace, application clusters are registered with the control cluster in Argo CD. It has a method to greatly simplify this process!
A customized Argo CD plugin generator called fleet-argocd-plugin simplifies cluster administration by:
- Automatically configuring the cluster secret objects for every application cluster and loading your GKE fleet cluster list into Argo CD
- Monitoring the state of your fleet on Google Cloud and ensuring that your Argo CD cluster list is consistently current and in sync
Let’s now see how to set up and construct the Argo CD generator.
- Set up your control cluster with the fleet-argocd-plugin.
a. In this demonstration, the fleet-argocd-plugin is built and deployed using Cloud Build.
- Provide the fleet-argocd-plugin with the appropriate fleet management permissions to ensure it functions as intended.
a. In your Argo CD control cluster, create an IAM service account and provide it the necessary rights. The configuration adheres to the GKE Workload Identity Federation’s official onboarding manual.
b. You must also grant access to your artifacts repository’s pictures for the Google Compute Engine service account.
- Launch the Argo CD control cluster’s fleet plugin!
Demo time
To ensure that the GKE fleet and Argo CD are working well together, let’s take a brief look. You ought to see that your application clusters’ secrets have been produced automatically.
Demo 1: Argo CD’s automated fleet management
Alright, let’s check this out! The guestbook sample app will be used. Google starts by deploying it to the frontend team’s clusters. After that, you should be able to see the guestbook app operating on your application clusters without having to manually handle any cluster secrets!
export TEAM_ID=frontend
envsubst ‘$FLEET_PROJECT_NUMBER $TEAM_ID’ < applicationset-demo.yaml | kubectl apply -f – -n argocd
kubectl config set-context –current –namespace=argocd
argocd app list -o name
Example Output:
argocd/app-cluster-1.us-central1.141594892609-webserver
argocd/app-cluster-2.us-central1.141594892609-webserver
Demo 2: Fleet-argocd-plugin makes fleet evolution simple
Let’s say you choose to expand the frontend staff by adding another cluster. The frontend team should be given a fresh GKE cluster. Next, see whether the new cluster has deployed your guestbook app.
gcloud container clusters create app-cluster-3 –enable-fleet –region=us-central1
gcloud container fleet memberships bindings create app-cluster-3-b \
–membership app-cluster-3 \
–scope frontend \
–location us-central1
argocd app list -o name
Example Output: a new app shows up!
argocd/app-cluster-1.us-central1.141594892609-webserver
argocd/app-cluster-2.us-central1.141594892609-webserver
argocd/app-cluster-3.us-central1.141594892609-webserver
Final reflections
We’ve demonstrated in this blog post how to build a reliable and automated multi-cluster platform by combining the capabilities of GKE fleets, Argo CD, Connect Gateway, Workload Identity, and GKE Enterprise Teams. You can improve security, expedite Kubernetes operations, and enable your teams to effectively manage and deploy apps throughout your fleet by utilizing these technologies.
Remember that GKE fleets and Argo CD offer a strong basis for creating a scalable, safe, and effective platform as you proceed with multi-cluster Kubernetes.