tldr - powered by Generative AI

• GitOps is a set of principles and practices that decouples CI and CD, allowing for a more asynchronous task coordination.
• GitOps tools, such as Flux, Argo, and Carvel, have emerged to support the GitOps workflow.
• Stateful infrastructure is a reality in larger teams and systems, but GitOps can help by providing a desired state for complex computers like Kubernetes.
• The principles of GitOps have driven the development of the tools, resulting in similar workflows across different tool sets.
• The panel emphasizes the importance of understanding what is GitOps material and what is not when setting up infrastructure with tools like Terraform.

tldr - powered by Generative AI

• Separate workflows for infrastructure provisioning and application deployment lead to inefficiency, higher risk of errors, longer feedback loop, and unmanageable complexity
• A unified approach using Crossplane can increase iteration speed, quality, and time to market
• Putting everything in a single release is crucial for continuous deployment pipeline and reducing cognitive load on developers
• Examples of challenges include running post-deployment tests, making changes in configuration, and dealing with multiple repositories

tldr - powered by Generative AI

• Argo CD has implemented security measures to address vulnerabilities and improve supply chain security
• The measures include introducing security advisory drafts, having regular meetings with a special interest group, and improving logging to monitor for potential issues
• Argo CD has also tightened up supply chain security by introducing S-bombs to all components and using cryptographically secure random number generators

tldr - powered by Generative AI

• Argo CD has no database behind it and persists everything in a Kubernetes cluster, making it possible to manage necessary manifests with Github
• Using Github allows developers to use tools they already know, such as pull requests, and makes it easier for platform teams to manage Argo CD configuration and cluster level resources
• Application sets can be used to automate application creation and manage resources in clusters
• Using Github to manage Argo CD configuration and cluster level resources reduces the need for manual work and improves efficiency

tldr - powered by Generative AI

• Adobe faced challenges with infrastructure provisioning and lacked visibility, observability, and auditability into infrastructure resources provisioned by individual teams
• Adobe leveraged Argo and Crossplane to build a scalable GitOps-based application deployment solution and broker the provisioning of cloud resources consistently and across all teams
• Adobe and Amazon designed a layered isolation mechanism for tenant teams on top of existing shared Kubernetes clusters via a mix of technologies such as OPA Gatekeeper, ServiceAccount boundaries, IAM roles, etc.
• The solution solved the non-negotiable requirements of security and multi-tenancy, which are hard to achieve natively with Crossplane and Argo
• The new solution improved the developer experience and reduced the mean time to resolution when encountering issues or outages

tldr - powered by Generative AI

• Annotations allow for the expansion of a resource's spec without implementing functionality into the core controller logic
• Adding features through annotations allows for independent projects, higher development velocity, and earlier access to features
• Argo Proj Labs hosts ecosystem projects that complement the core projects and enhance the Argo CD experience
• The Argo CD Image Updater tool monitors container registries for new image tags and updates the git repo for Argo CD to deploy them
• Application Sets automate the creation of many applications, making it easier to manage hundreds of clusters or monorepos

tldr - powered by Generative AI

• Custom resources are essential for Kubernetes extensibility but can lead to resource proliferation and destabilization of etcd.
• Mitigations for these issues include avoiding unnecessary updates, batching updates, and avoiding duplicating information across objects.
• Using jobs when only pods are needed can also lead to resource duplication and increased QPS.
• The speaker offers anecdotal evidence of these issues and suggests attending the Intuit or Argo booths for further discussion.