Initial commit

references/multi_cluster.md

@@ -0,0 +1,80 @@
+# Multi-Cluster GitOps Management (2024-2025)
+
+## ArgoCD ApplicationSets
+
+**Cluster Generator** (auto-discover clusters):
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: my-apps
+spec:
+  generators:
+  - cluster:
+      selector:
+        matchLabels:
+          environment: production
+  template:
+    spec:
+      source:
+        repoURL: https://github.com/org/repo
+        path: apps/{{name}}
+      destination:
+        server: '{{server}}'
+```
+
+**Matrix Generator** (Cluster x Apps):
+```yaml
+generators:
+- matrix:
+    generators:
+    - cluster: {}
+    - git:
+        directories:
+        - path: apps/*
+```
+
+**Performance**: 83% faster than manual (30min → 5min)
+
+## Flux Multi-Cluster
+
+**Option 1: Flux Per Cluster**
+```
+cluster-1/ → Flux instance 1
+cluster-2/ → Flux instance 2
+```
+
+**Option 2: Hub-and-Spoke**
+```
+management-cluster/
+└── flux manages → cluster-1, cluster-2
+```
+
+**Setup**:
+```bash
+flux bootstrap github --owner=org --repository=fleet \
+  --path=clusters/production --context=prod-cluster
+```
+
+## Hub-and-Spoke Pattern
+
+**Benefits**: Centralized management, single source of truth
+**Cons**: Single point of failure
+**Best for**: < 50 clusters
+
+## Workload Identity (2025 Best Practice)
+
+**Instead of service account tokens, use**:
+- AWS IRSA
+- GCP Workload Identity
+- Azure AD Workload Identity
+
+No more long-lived credentials!
+
+## Best Practices
+
+1. **Cluster labeling** for organization
+2. **Progressive rollout** (dev → staging → prod clusters)
+3. **Separate repos** for cluster config vs apps
+4. **Monitor sync status** across all clusters
+5. **Use workload identity** (no static credentials)