The Akuity Platform automates the deployment of the upstream version of Argo CD, but packages it in a unique hybrid architecture that significantly improves performance and scalability.
Control Plane vs. Data Plane
There are two common approaches to deploying Argo CD:
- in a control plane cluster that manages multiple workload clusters.
- in each workload cluster.
Argo CD in a control plane cluster provides the better experience for developers by serving as a single pane of glass for the whole company infrastructure. However, it requires some security compromises and introduces management and scalability challenges. For an in-depth comparison, see our How many do you need? - Argo CD Architectures Explained blog post.
One of the unique innovations of the Akuity Platform is that it separates Argo CD’s data plane from the control plane and allows to get the best of both worlds.
The Akuity Platform hosts and manages the Argo CD frontend - the control plane that enables developers to manage the desired state of their applications and gain visibility into the state of managed infrastructure. The Argo CD Application Controller, however, is running inside of the managed workload clusters and seamlessly connected back to the control plane by the Akuity Agent.
This separation allows to move the most critical Argo CD component closer to the infrastructure it manages and provides numerous benefits:
- Improved security. The Argo CD controller is running inside of the managed cluster, so no external cluster access is required. You can leverage the Akuity Platform to manage private clusters without exposing Kubernetes API server.
- Less Management Burden. No cluster access means no cluster credentials. Administrators no longer need to store and maintain cluster credentials in Argo CD settings and deal with revoked access tokens.
- Improved Scalability. Higher scalability is achieved by allowing the work of the controller to be distributed and delegated to individual clusters.
- Less Networking Costs. With the controller running in the managed cluster the heavy Kubernetes resource processing happens in-cluster instead of over the network. Only the relevant pieces of metadata presented in the Argo CD UI are sent over the network. In our real-world testing, this has been shown to reduce traffic consumption by as much as 80%.
To summarize, the Akuity Platform provides a single Argo CD interface for managing infrastructure across many clusters, without the compromises on security or scalability that would typically be required.
Argo CD consists of several components that serve different purposes. The following diagram shows the high-level architecture of Argo CD:
- API server - the stateless service that provides the API and UI for Argo CD.
- Application Controller - the Kubernetes controller that continuously reconciles the state of managed applications and applies changes from Git to managed Kubernetes clusters.
- Application Set - the controller that automates Argo CD application management.
- Image Updater - the controller that monitors Docker registries and automatically updates image tags in Git repositories.
- Repo Server - the service responsible for interacting with Git and generating manifests using config management tools such as Helm or Kustomize.
- Dex - the OpenID Connect identity provider used for authentication and authorization.
With the unqiue agent-based architecture for Argo CD provided by the Akuity Platform, the location of the Application Set, Repo Server, and Image Updater components is configurable.
Depending on the use case the desired location of some components varies. For example, some organizations choose to run Repo Server in each cluster, closer to managed workloads. Other organizations prefer to have tighter control over the Git repository and like to run Repo Server in a dedicated cluster with Git access.