About SRGTechnical ArticlesRecruitment Information
About SRGTechnical ArticlesRecruitment Information
HOME/Technical Articles/I made a tier ranking for each ArgoCD setting.

I made a tier ranking for each ArgoCD setting.

Ishikawa Kumo (Service Reliability Group (SRG) of the Media Headquarters)@ishikawa_kumo)is.
#SRG(Service Reliability Group) is a group that mainly provides cross-sectional support for the infrastructure of our media services, improving existing services, launching new ones, and contributing to OSS.
This article isCyberAgent Group SRE Advent Calendar 2024This is the 9th day's article.
This time, we've taken a deep dive into ArgoCD settings and created a tier ranking based on the importance and usefulness of each setting. If you're already using ArgoCD or are considering using it, we recommend using this article as a reference to consider which ArgoCD settings you should enable.
 

Why Tier Ranking?

ArgoCD is a very powerful GitOps tool, but it also has a lot of configuration options. Which settings are really important?Which are limited to specific use cases?It is important to determine whether the settings are used frequently or rarely. This ranking was taken from a Lightning Talk at KubeCon NA 2024Ranking Argo CD Settings in a Tier List - Gerald Nunn, Red HatThis article is based on the content of the Lightning Talk and the opinions of the audience (including me). Due to time constraints, the Lightning Talk was only able to be completed halfway, so I hope this article will serve as a complement to the content.

Tier Ranking List

I have recreated the Tier List Maker that I presented at the Lightning Talk in Japanese.

Tier 1: Should be the default setting

Resource Tracking
OutOfSync
Persist Health in Redis This setting stores application status information in Redis. This is also an important setting that should be used by default.
5~10%
In most cases, you will not need to manage Application Status information with tools other than ArgoCD, so it is appropriate to enable this setting.
v3.0
The Persist Health in Redis setting can be changed using the following methods:
Self Heal
Scaling a GitOps Platform at Adobe - Aaren J & Ko Uchiyama, Adobe
Don't miss out! Join us at our next Flagship Conference: KubeCon + CloudNativeCon North America in Salt Lake City from November 12 - 15, 2024. Connect with our current graduated, incubating, and sandbox projects as the community gathers to further the education and advancement of cloud native computing. Learn more at https://kubecon.io Scaling a GitOps Platform at Adobe - Aaren J & Ko Uchiyama, Adobe GitOps is a fantastic paradigm to manage your application lifecycle with, but its requirements, especially regarding continuous reconciliation of state, are complex at scale. At Adobe we went from 0 to 10,000 Kubernetes services, composed of dozens of resources each, being continuously reconciled across over 350 clusters in 28 different geos. The journey thus far wasn't without its challenges. The lessons learned provided a wealth of information that will help us tackle the unknowns ahead and we'd like to share them with you. We've gathered technical learnings - such as limitations and scaling requirements of our Kubernetes clusters and ArgoCD - and non-technical - such as effective disaster response and vendor engagement. In this talk I'll show the learnings we've found to be valuable for others who are on their own journey to build and scale a GitOps-driven platform, with some focus on the scaling of our ArgoCD and Argo Workflows based platform through dynamic routing of workloads. Attendees will leave with an understanding of how they might implement and scale a GitOps-driven platform at their organization, so that they can drive their platform to success.
https://www.youtube.com/watch?v=MDXrc_cLVns&t=404s
SyncOption
ExternalSecret
Although this type of duplicate resource management may not occur very often, enabling this setting can help detect the problem early and prevent it from occurring.

Tier 2: Always useful

IgnoreDifferences This setting ignores differences in specific fields of a resource. This is especially useful when other controllers modify resources.
IgnoreDifferences
IgnoreResourceUpdates This setting ignores updates to the resource's status field.
argocd-application-controller
For example, you can ignore the following fields:
  • .metadata.ownerReferences
  • .status.refreshTime
IgnoreResourceUpdate
ServerSideApply
SyncOption
ServerSideApply
ClientSideApply
ServerSideDiff
ServerSideApply

Tier 3: Occasionally useful

Resource Tracking
Although it would be nice to make this setting "unnecessary," realistically it should be classified as Tier 3, "occasionally useful."
Aggregated ClusterRole
SelectiveSync
However, please note the following:
  • Syncs are not recorded in history and cannot be rolled back
  • Resource Hooks
CreateNamespace
--reorder none
ui.banner This setting allows you to display a custom banner on the UI, which is useful for displaying important information or warnings to ArgoCD users.
This setting is very useful if you have a large number of ArgoCD users.
v2.8
argocd-application-controller
The CNOE blog concludes that this algorithm has the best performance, but previous tuning experiments on ArgoCD conducted on Ameba showed that this algorithm did not produce the expected results.
If you are interested in more details and results in other cases, please refer to the related blog.
SyncOption
kubectl delete/create
Replace
kubectl replace/create
SkipDryRun
CustomResource
EventLabelKeys
.metadata.labels
AutoRespectRBAC
argocd-application-controller
This setting can be useful depending on your organization's security regulations, as it allows ArgoCD to automatically stop monitoring unauthorized resources and dynamically adjust the resource discovery/synchronization scope.
Resource Exclusions Inclusions
AutoRespectRBAC

Tier 4: Not very important

Resource CustomLabels Custom Labels are used for resource management and identification.
The Lightning Talk's author, who has never used this feature himself, mentioned that "you can identify resources owned by each team." After researching this setting, the documentation only contained the following line:
Custom Labels configured with resource.customLabels (comma separated string) will be displayed in the UI (for any resource that defines them).
getCluster()
Because the actual use is unknown, the Lightning Talk classified it as Tier 3, but I think it would be more appropriate to classify it as Tier 4.

Tier 5: No one needs it

Resource Tracking(Label)
Resource Tracking (Annotation)
Although we still have many projects that use the Label method, it was unanimously decided at the Lightning Talk that this setting should be classified as the only Tier 5. Therefore, I have also classified it as Tier 5.

Conclusion

We've looked at each of the ArgoCD settings in detail. These tiers are intended for general use cases, but their importance may vary depending on your organization or project requirements. We hope this article was helpful.
SRG is looking for people to work with us. If you're interested, please contact us here.