Search code examples
kubernetesdeploymentgitlabopenshiftargocd

Coexistance of ArgoCD and Gitlab (for Deployments)


our default cluster deployment runs using ArgoCD. As we need to install a dedicated piece of commericial software including it's deyployment using gitlab (defined by the service provider) on the same cluster, are there any experiences or knowledge about potential conflicts and solutions?


Solution

  • These two systems can absolutely run together on the same system. However, they absolutely must not attempt to manage the same resources, because that will lead to chaos. For example you could encounter a scenario where both systems try to maintain a different version of pod X. That would result in an endless loop of the pod getting up- and downgraded.

    Both systems will require a serviceaccount with proper (cluster-)rolebindings to ensure they can do their job. It'd be best to limit those roles and -bindings to, for example, a label or a (set of) namespace(s). This ensures Gitlab can only manage the one app it has to, and ArgoCD can manage everything else, but not the thing managed by Gitlab.

    If you run ArgoCD contained within a namespace (i.e. it only manages resources in a single namespace and no-where else), you could also go with @ha36d's idea of using Gitlab in a different namespace. However, if you (like most cases I've seen) run ArgoCD across namespaces, simply moving Gitlab to another namespace will not be sufficient separation by itself. You would have to disallow Argo access to the Gitlab-managed namespace, using the (cluster-)roles and -bindings as described above.