About SRGTechnical articleRecruitment Information
About SRGTechnical articleRecruitment Information
HOME/Technical article/I've created a tier ranking for each ArgoCD setting.

I've created a tier ranking for each ArgoCD setting.

Ishikawa Kumo, Service Reliability Group (SRG), Media Management Division@ishikawa_kumo)is.
#SRGThe Service Reliability Group primarily provides comprehensive support for the infrastructure surrounding our media services, focusing on improving existing services, launching new ones, and contributing to open-source software (OSS).
This article is aboutCyberAgent Group SRE Advent Calendar 2024This is the article for day 9.
This time, we've taken a deep dive into ArgoCD settings and created a tier ranking based on the importance and usefulness of each setting. If you're already using ArgoCD or are considering using it, please refer to this article and consider which ArgoCD settings you should enable.
 

Why Tier Ranking?

ArgoCD is a very powerful GitOps tool, but it also has a lot of configuration options. Which settings are really important?Which ones are limited to specific use cases?It's important to determine whether a setting is rarely used or not. This ranking is based on the Lightning Talks at KubeCon NA 2024.Ranking Argo CD Settings in a Tier List - Gerald Nunn, Red HatThis article is based on the content of the presentation and the opinions of the attendees (including myself). Because the Lightning Talk was only half-contained due to time constraints, I hope this article can serve to supplement that content.

Tier Ranking List

I've recreated the Tier List Maker presentation I gave in Lightning Talk, in Japanese.

Tier 1: Should be left as default.

Resource Tracking
OutOfSync
Persist Health in RedisThis setting saves the application's status information to Redis. This is another important setting that should be used by default.
5~10%
In most cases, you won't need to manage application status information with any tool other than ArgoCD, so enabling this setting is generally considered appropriate.
v3.0
You can change the Persist Health in Redis setting using the following method.
Self Heal
Scaling a GitOps Platform at Adobe - Aaren J & Ko Uchiyama, Adobe
Don't miss out! Join us at our next Flagship Conference: KubeCon + CloudNativeCon North America in Salt Lake City from November 12 - 15, 2024. Connect with our current graduated, incubating, and sandbox projects as the community gathers to further the education and advancement of cloud native computing. Learn more at https://kubecon.io Scaling a GitOps Platform at Adobe - Aaren J & Ko Uchiyama, Adobe GitOps is a fantastic paradigm to manage your application lifecycle with, but its requirements, especially regarding continuous reconciliation of state, are complex at scale. At Adobe we went from 0 to 10,000 Kubernetes services, composed of dozens of resources each, being continuously reconciled across over 350 clusters in 28 different geos. The journey thus far wasn't without its challenges. The lessons learned provided a wealth of information that will help us tackle the unknowns ahead and we'd like to share them with you. We've gathered technical learnings - such as limitations and scaling requirements of our Kubernetes clusters and ArgoCD - and non-technical - such as effective disaster response and vendor engagement. In this talk I'll show the learnings we've found to be valuable for others who are on their own journey to build and scale a GitOps-driven platform, with some focus on the scaling of our ArgoCD and Argo Workflows based platform through dynamic routing of workloads. Attendees will leave with an understanding of how they might implement and scale a GitOps-driven platform at their organization, so that they can drive their platform to success.
https://www.youtube.com/watch?v=MDXrc_cLVns&t=404s
SyncOption
ExternalSecret
While this type of resource duplication management may not occur very often, enabling this setting allows you to detect and prevent problems early.

Tier 2: Always useful

IgnoreDifferencesThis setting ignores differences in specific fields of a resource. It is particularly useful when other controllers modify the resource.
IgnoreDifferences
IgnoreResourceUpdatesThis setting ignores updates to the resource's status field.
argocd-application-controller
For example, you can ignore the following fields:
  • .metadata.ownerReferences
  • .status.refreshTime
IgnoreResourceUpdate
ServerSideApply
SyncOption
ServerSideApply
ClientSideApply
ServerSideDiff
ServerSideApply

Tier 3: Useful depending on the situation

Resource Tracking
While I'd like to make this setting "unnecessary," realistically it should be classified as Tier 3, meaning it's "useful in certain situations."
Aggregated ClusterRole
SelectiveSync
However, the following precautions are necessary.
  • Since synchronization is not recorded in the history, rollback is not possible.
  • Resource Hooks
CreateNamespace
--reorder none
ui.bannerThis setting allows you to display custom banners on the UI. This is useful for displaying important information or warnings to ArgoCD users.
This setting is very useful if you have many ArgoCD users.
v2.8
argocd-application-controller
The CNOE blog concludes that this algorithm offers the best performance. However, in past tuning experiments with ArgoCD conducted on Ameba, this algorithm did not yield the expected results.
If you're interested in more details or results from other cases, please refer to the related blog.
SyncOption
kubectl delete/create
Replace
kubectl replace/create
SkipDryRun
CustomResource
EventLabelKeys
.metadata.labels
AutoRespectRBAC
argocd-application-controller
ArgoCD can automatically stop monitoring unauthorized resources, allowing for dynamic adjustment of resource discovery/synchronization scope. Depending on your organization's security regulations, this setting may be useful.
Resource Exclusions Inclusions
AutoRespectRBAC

Tier 4: Not very important

Resource CustomLabelsThese are custom labels used for resource management and identification.
In the Lightning Talk, the presenter stated that they had never used this feature themselves, and that it "allows for the identification of resources owned by each team." Upon investigating this setting, the documentation only contained the following single line:
Custom Labels configured with resource.customLabels (comma separated string) will be displayed in the UI (for any resource that defines them).
getCluster()
Because its actual use is unclear, it was classified as Tier 3 in the Lightning Talk, but I think it should be classified as Tier 4.

Tier 5: Nobody Needs It

Resource Tracking(Label)
Resource Tracking (Annotation)
While many projects at our company still use the label system, it was unanimously decided at the Lightning Talk venue that this setting should be classified as the only Tier 5 category. Therefore, I also classified it as Tier 5.

In conclusion

We have now looked at each of the ArgoCD settings in detail. These tiers are based on typical usage scenarios, but their actual importance may vary depending on the requirements of your organization and project. We hope this article has been helpful to you.
SRG is looking for new team members. If you are interested, please contact us here.