81 lines
1.6 KiB
Markdown
81 lines
1.6 KiB
Markdown
# Multi-Cluster GitOps Management (2024-2025)
|
|
|
|
## ArgoCD ApplicationSets
|
|
|
|
**Cluster Generator** (auto-discover clusters):
|
|
```yaml
|
|
apiVersion: argoproj.io/v1alpha1
|
|
kind: ApplicationSet
|
|
metadata:
|
|
name: my-apps
|
|
spec:
|
|
generators:
|
|
- cluster:
|
|
selector:
|
|
matchLabels:
|
|
environment: production
|
|
template:
|
|
spec:
|
|
source:
|
|
repoURL: https://github.com/org/repo
|
|
path: apps/{{name}}
|
|
destination:
|
|
server: '{{server}}'
|
|
```
|
|
|
|
**Matrix Generator** (Cluster x Apps):
|
|
```yaml
|
|
generators:
|
|
- matrix:
|
|
generators:
|
|
- cluster: {}
|
|
- git:
|
|
directories:
|
|
- path: apps/*
|
|
```
|
|
|
|
**Performance**: 83% faster than manual (30min → 5min)
|
|
|
|
## Flux Multi-Cluster
|
|
|
|
**Option 1: Flux Per Cluster**
|
|
```
|
|
cluster-1/ → Flux instance 1
|
|
cluster-2/ → Flux instance 2
|
|
```
|
|
|
|
**Option 2: Hub-and-Spoke**
|
|
```
|
|
management-cluster/
|
|
└── flux manages → cluster-1, cluster-2
|
|
```
|
|
|
|
**Setup**:
|
|
```bash
|
|
flux bootstrap github --owner=org --repository=fleet \
|
|
--path=clusters/production --context=prod-cluster
|
|
```
|
|
|
|
## Hub-and-Spoke Pattern
|
|
|
|
**Benefits**: Centralized management, single source of truth
|
|
**Cons**: Single point of failure
|
|
**Best for**: < 50 clusters
|
|
|
|
## Workload Identity (2025 Best Practice)
|
|
|
|
**Instead of service account tokens, use**:
|
|
- AWS IRSA
|
|
- GCP Workload Identity
|
|
- Azure AD Workload Identity
|
|
|
|
No more long-lived credentials!
|
|
|
|
## Best Practices
|
|
|
|
1. **Cluster labeling** for organization
|
|
2. **Progressive rollout** (dev → staging → prod clusters)
|
|
3. **Separate repos** for cluster config vs apps
|
|
4. **Monitor sync status** across all clusters
|
|
5. **Use workload identity** (no static credentials)
|