Clodeo GitOps Architecture
DevOps
Tech Stack
GitLab, Helm, Kubernetes, Doppler, ArgoCD
Categories
DevOps
The PT. Clodeo Indonesia Jaya where i'm currently working in doesn't have a proper DevOps engineer since the beginning of this company. I was the one who built the DevOps infrastructure for this company. The stacks i'm using for building infrastructure mainly are GitLab CI, Helm, Kubernetes, Doppler, and ArgoCD. So with this main tools i'm able to control deployment under multi cloud environment.
Key Features
ArgoCD as Continuous Deployment
ArgoCD is a GitOps tool that is used to manage the Kubernetes manifests. The manifests are stored in the GitLab repository under Helm format and are used to deploy the application.
ArgoCD as Kubernetes Manifest Management
ArgoCD can manage kubernetes manifest by sync changes if the manifest is changed in the GitLab repository. Also ArgoCD can heal the missing manifest set if any of the manifest is deleted.
ArgoCD Standard Cluster Bootstrapping
ArgoCD + Helm helps a lot when setting up a new cluster. I have predefined helm apps for running a standard cluster, some of them are NginX Ingress, Cert Manager, SQLPad (for accessing database), Jaeger (for tracing), and Grafana + Loki + Prometheus for workload monitoring. Those apps are bundled in my helm apps repository.
ArgoCD App in App + GitOps as Self Service Manifest Management
ArgoCD App in App is a feature that allows setting up multiple apps in a single ArgoCD application, so separation between projects / products developed by a single team / tribe is clear. Also ArgoCD can be used as self service manifest management by using GitOps workflow. The helm manifest can be customized by the team / tribe. So the team / tribe can control the deployment specification of their own application if changes needed especially in environment variable / config map.
GitLab CI Predefined Pipeline
GitLab CI predefined pipeline helps to reduce time on configuring new project deployment, the predefined pipeline that i've created includes repository security scan, unit test, building docker image, and deployment to different environment by using ArgoCD or directly uses Helm.
Doppler as Secret Management
Doppler is a secret management tool that is used to manage the secrets outside of the GitLab and ArgoCD architecture. The secrets are stored in the Doppler and then later be pulled by its Doppler Kubernetes Operator when syncing happens in ArgoCD.
My Involvement
Technical Contributions
- Installs GitLab CI Community Edition in a VM by using GitLab Omni Docker version.
- Setup GitLab CI caching to persist cache to Google Cloud Storage.
- Installs ArgoCD into separated internal use only kubernetes cluster.
- Created helm app to define standard project deployment, this helm app contains definition for Deployment spec, Service spec, Ingress spec, ConfigMap spec, Secret spec, and HorizontalPodAutoscaler spec.
- Created standard helm apps for running a standard cluster, some of them are NginX Ingress, Cert Manager, SQLPad (for accessing database), Jaeger (for tracing), and Grafana + Loki + Prometheus for workload monitoring.
- Created GitLab CI predefined pipeline that includes repository security scan, unit test, building docker image, and deployment to different environment by using ArgoCD or directly uses Helm. This helps speeding up on setting up a new project deployment or new environment deployment of an existing project.
- Setup GitLab CI caching to persist cache to Google Cloud Storage.
- Installs ArgoCD into separated internal use only kubernetes cluster.
- Created helm app to define standard project deployment, this helm app contains definition for Deployment spec, Service spec, Ingress spec, ConfigMap spec, Secret spec, and HorizontalPodAutoscaler spec.
- Created standard helm apps for running a standard cluster, some of them are NginX Ingress, Cert Manager, SQLPad (for accessing database), Jaeger (for tracing), and Grafana + Loki + Prometheus for workload monitoring.
- Created GitLab CI predefined pipeline that includes repository security scan, unit test, building docker image, and deployment to different environment by using ArgoCD or directly uses Helm. This helps speeding up on setting up a new project deployment or new environment deployment of an existing project.
Project Notes
What I Learned
- GitLab CI is powerful for handling complex pipelines, thanks to its "include" feature, so pipeline configurations YAML can be defined in a separate repository.
- ArgoCD provides excellent GitOps workflow management, making it easier to maintain consistency across environments and enabling self-service for development teams.
- Using Helm charts as templates for standardized deployments significantly reduces configuration overhead and ensures consistency across multiple applications.
- Separating infrastructure concerns (monitoring, ingress, etc.) from application deployments creates a more maintainable architecture.
- Implementing predefined CI/CD templates dramatically accelerates onboarding of new projects and reduces configuration errors.
- Secret management through tools like Doppler integrates well with the GitOps workflow while maintaining security.
- ArgoCD provides excellent GitOps workflow management, making it easier to maintain consistency across environments and enabling self-service for development teams.
- Using Helm charts as templates for standardized deployments significantly reduces configuration overhead and ensures consistency across multiple applications.
- Separating infrastructure concerns (monitoring, ingress, etc.) from application deployments creates a more maintainable architecture.
- Implementing predefined CI/CD templates dramatically accelerates onboarding of new projects and reduces configuration errors.
- Secret management through tools like Doppler integrates well with the GitOps workflow while maintaining security.