Argo CD has something called the Application reconciliation timeout. This is how often your applications will sync from Argo CD to the Git repository. It looks for changes and when it sees changes it will then apply the desired state from the repo to the Kubernetes (K8s) cluster. By default the timeout period is set to 3 minutes. This is set in the General Argo CD configuration.
The General Argo CD configuration is set in the argocd-cm ConfigMap. And the argocd-cm ConfigMap is deployed in the argocd namespace.
You can view what is currently set by running the following kubectl command on your K8s cluster that is running your Argo CD instance:
kubectl describe configmaps argocd-cm -n argocd
The output will look like the following:
You can also see that the argocd-cm Data is empty by running kubectl get configmaps -n argocd or if you are using AKS navigate to ConfigMaps in the Azure portal like in the following screenshot.
Most Argo CD instances are running the default settings for its configurations. The argocd-server component reads and writes to the argocd-cm ConfigMap and other Argo configuration ConfigMaps based on admin user interactions with the Argo CD web UI or the Argo CD CLI. It is normal for it to be empty with Data at 0 if you have not changed any defaults or set anything directly in the ConfigMap yet.
To change the Application reconciliation timeout you need to do the following:
The Application reconciliation timeout can be found on line 283 “timeout.reconciliation: 180s”.
Change “180s” to whatever number you want to change it to i.e. change to “60s” to reduce the sync internal to 1 minute.
Remove all of the other settings in the file except for the Application reconciliation timeout. The file should look like this:
# Application reconciliation timeout is the max amount of time required to discover if a new manifests version got
# published to the repository. Reconciliation by timeout is disabled if timeout is set to 0. Three minutes by default.
# > Note: argocd-repo-server deployment must be manually restarted after changing the setting.
5. Save the file.
6. Connect to the Kubernetes cluster that is running Argo CD and apply the argocd-cm ConfigMap file you just updated by running the following:
kubectl apply -f argocd-cm.yaml -n argocd
7. Run the following to verify the update was applied:
kubectl describe configmaps argocd-cm -n argocd
You should also notice at least 1 is listed under Data for the ConfigMap now.
8. It is a good practice to redeploy the argocd-repo-server after updating the argocd-cm ConfgigMap. You can redeploy the argocd-repo-server by running the following:
Recently Codefresh launched the 1st certification in its GitOps certification path. This one is called “GitOps Fundamentals“. You can find it here: https://codefresh.learnworlds.com .
It takes you through the basics of GitOps to gain theoretical knowledge, and how to utilize Argo CD as the GitOps operator to gain hands-on knowledge. You will learn about both and will have questions on both in the quizzes and final exam.
They also touch on Argo Rollouts to go over Progressive Delivery with topics such as blue/green deployments and canary deployments. This is the 1st ever GitOps certification and it’s free! They do have plans for GitOps at Edge and GitOps at Scale certifications.
I jumped all over this opportunity to get certified on GitOps, by signing up for the course, taking the training, and the exam! I passed and now I am GitOps certified.
Here is the certification:
GitOps is gaining adoption more and more every day in the Kubernetes space. Also, Argo CD is growing extremely fast as one of the top if not the top GitOps operator. I recommend you check this Codefresh GitOps certification out and get GitOps certified as this pattern and the technology behind it are growing at a super fast rate.
Also note, it looks like Weaveworks is planning to launch a “Certified GitOps Practitioner (CGP)” certification soon. I would guess the Weaveworks GitOps certification will contain content on Flux another GitOps operator. You can learn more about their coming GitOps certification here: https://www.weave.works/certified-gitops-practitioner
Also for more training on GitOps and Argo CD be sure to check out my GitOps and Argo CD courses on Pluralsight here:
NOTE:As with all of my blog posts the views and opinions on this post are my own and are not that of my employer.
The goal of this blog is to serve as Guidance on Microsoft AKS Enterprise Documentation.
Before joining Microsoft, I was in the F500/F100 consulting world. I was focused on Azure, DevOps, and Kubernetes. Many organizations had an interest in utilizing a managed Kubernetes service. This would often lead them to Azure Kubernetes Service (AKS). We spent time guiding organizations on how to get started with AKS including the design of the architecture, deployment, and operation of it.
Like with Azure and other platforms that have a lot of moving parts, AKS has many design areas that need to be covered as a part of the design and implementation. The core areas are:
IAM (Identity and access management)
Networking (topology, IP addressing, Ingress, load balancing, service mesh, Web App Firewall, etc.)
Management and Operations (monitoring, backup, DR, etc.)
Automation and DevOps (Orchestration, service discovery, Configuration, Autoscaling, CI/CD/GitOps, etc.)
These are in addition to the core but come into play with the apps that will run on top of Kubernetes:
In order to simplify Kubernetes projects, you can funnel them down to three phases; Design, Deploy, and Operate.
This is a lot of ground to cover on top of gaining a solid understanding of Kubernetes itself. Microsoft has created a set of resources that can simplify and accelerate the adoption of Kubernetes. This is a set of resources that help you build out landing zones for AKS and some for Azure. These resources live in the Azure Architecture Center (AAC). The AAC is where you get guidance for architecting solutions on Azure using established patterns and practices.
I highly recommend any team and organization that plans to adopt Kubernetes utilize these artifacts from Microsoft to help you along your journey. This will ensure your AKS clusters are enterprise ready. When starting with AKS it can be confusing when and in what order to use these resources.
Again, the goal of this blog post is to give you a guide on how to use these resources. I will list these resources here in order with a brief description of them, when to use them, and how to use them:
Part #1 is to start with architecting. You will need to start with designing your AKS architecture. There are several documents that can assist with this as you work through your AKS architecture design. You will want to start with the Baseline architecture for an Azure Kubernetes Service (AKS) document. This document is core for designing AKS, however, there are some additional AKS documents that you will want to utilize in addition to the Baseline architecture for an Azure Kubernetes Service (AKS). These additional documents will depend on your organization’s specific use case.
Baseline architecture for an Azure Kubernetes Service (AKS) cluster
What it is:
The AKS baseline gives you detailed recommendations for networking, security, identity, management, and monitoring of AKS clusters. This baseline takes you through all the needed facets of AKS to come up with a plan for implementing AKS across your enterprise. The final result will be based on your organization’s business requirements.
How to use it:
This document will take you through 6 core areas divided up into sections with sub-sections.
You will start with your networking and work your way through the sections finishing off with operations.
This document has a Visio file of the AKS architecture you can download to get you started. You can download this right away and build it out with specifics to your needs as you work through this document. In fact, there are multiple Visio templates you can download to help.
A common area that folks really struggle with when getting started with AKS is planning the IP addresses. Teams need help deciding to use Kubenet or Azure CNI for the networking model. You cannot change this on an AKS cluster after it is deployed so you have to make this decision upfront. The only way to go from one networking model to another is to deploy a new cluster. Admins often worry about IP exhaustion when utilizing Azure CNI. There is a Visio and another sub-doc to help with all of this within the IP Address section. It has a link to this: repo (https://github.com/mspnp/aks-baseline/blob/main/networking/topology.md) that has a markdown file that has a table to help with planning your subnets for AKS and this document that helps you determine to go with Kubenet or Azure CNI as well as critical information on each model type and IPs.
This document also covers GitOps, multi-tenancy, and cost management with AKS.
The next four documents I am going to mention fit different scenarios so you may or may not need them. I will call out in the “How to use it” sections below each reference.
AKS Secure Baseline with Private Cluster
What it is:
This document helps you deploy a secure AKS cluster, compliant with Enterprise-Scale for AKS guidance and best practices. This document also contains links to reference scripts for deploying a private AKS cluster.
How to use it:
In practice in the real world, you will want to deploy a private AKS cluster 99% of the time. There needs to be a very solid reason not to. By doing this alone you will greatly improve the security posture of your AKS cluster. By default, when you deploy AKS the API server is accessible via a public IP. Deploying a private AKS cluster makes the AKS API Server private and only accessible on the Azure or when connected to your Azure VNet that the private cluster is on i.e. if you are connected via ExpressRoute. I would recommend you plan to deploy your clusters as private and utilize this document right along the baseline document when designing your AKS architecture.
This reference architecture details how to run multiple instances of an Azure Kubernetes Service (AKS) cluster across multiple regions in an active/active and highly available configuration.
How to use it:
If you need multi-region AKS clusters with greater high availability then this is a document you will want to look at to guide you with this. If you don’t need multi-region-based clusters skip this document.
Microsoft has built a 9-part series of articles to help when organizations need to run PCI workloads on AKS. Below are the first 3 of those articles as this is where you start. You will want to reference all 9 parts of the series though.
Introduction of an AKS regulated cluster for PCI-DSS 3.2.1 – This reference architecture describes the considerations for an Azure Kubernetes Service (AKS) cluster designed to run a sensitive workload. The guidance is tied to the regulatory requirements of the Payment Card Industry Data Security Standard (PCI-DSS 3.2.1).
Architecture of an AKS regulated cluster for PCI-DSS 3.2.1 – This article describes a reference architecture for an Azure Kubernetes Service (AKS) cluster that runs a workload in compliance with the Payment Card Industry Data Security Standard (PCI-DSS 3.2.1). This architecture is focused on the infrastructure and not the PCI-DSS 3.2.1 workload.
Configure networking of an AKS regulated cluster for PCI-DSS 3.2.1 – This article describes the networking considerations for an Azure Kubernetes Service (AKS) cluster that’s configured in accordance with the Payment Card Industry Data Security Standard (PCI-DSS 3.2.1).
How to use it:
If your organization plans to run any workloads that need PCI compliance on AKS then you will want to check out this document and utilize it when designing for your AKS clusters. It gets into topics such as TLS, DDoS protection, pop-to-pod security, and more.
Advanced Azure Kubernetes Service (AKS) microservices architecture
What it is:
This reference architecture details several configurations to consider when running microservices on Azure Kubernetes Services. Topics include configuring network policies, pod autoscaling, and distributed tracing across a microservice-based application.
How to use it:
The chances are high that you will be running microservice-based workloads on your AKS cluster. Utilize this document in your design process to ensure your architecture is ready to handle microservices-based workloads. It also includes a Visio file to help you get started.
Part #2 is to deploy the architecture you designed. The best option for deploying Azure infrastructure and AKS clusters is to script it as IaC (Infrastructure as Code). Scripting the deployment vs manually deploying allows you to have documentation via code, standardization, and a templatized deployment for repeatability. You can take this code and place it in a pipeline for ease of deployment, in a service catalog for access to teams across your org, or as an inner source for use among DevOps teams.
Microsoft has built something called the AKS Landin Zone Accelerator as a starting point to use for building out your IaC for AKS. The idea is that you can utilize the Azure Kubernetes Service (AKS) Baseline documentation as a reference when designing your AKS and use the AKS Landing Zone Accelerator to deploy. Now your architecture should be based on the AKS baseline with some modifications to fit your specific needs. The AKS Landing Zone Accelerator may need to be modified to fit your specific needs as well. As long as your architecture is based on the AKS Baseline then you should not have to make a ton of modifications to the AKS Landing Zone Accelerator code. In fact, 80% or more of the work should be done for you already when utilizing the AKS Landing Zone Accelerator IaC code.
The AKS Landing Zone Accelerator contains IaC code for both bicep and terraform. It also has instructions on how to deploy the AKS Baseline using either of the two languages.
A former Microsoft MVP and friend Steve Beaumont started a podcast. I was honored to be a guest on his first episode! The episode was released today. This podcast explores balancing Tech and Life. On the podcast episodes, Steve talks with people within the technology field, discussing both tech and diving into personal lives, stress, learning, and interests.
Steve and I had a chance to catch up at MMS 2022 for the episode. We talked about my transition to Microsoft working as a Principal Program Manager in Azure. We also talked about my time practicing Kung Fu, how I stay motivated, make goals, balance tech with hobbies, how tech is one of my hobbies, and balancing that so it does not become another job, Kubernetes, AKS, and more.
Steve already has episodes with many other great folks already. He will be releasing them in the coming weeks. So be sure to subscribe to his podcast. Here are some of the other guests he will have on:
I am excited to announce that I published a Laravel course on Pluralsight! This course is titled “Laravel 9: The Big Picture“. This is my 16th course with Pluralsight. I have been working with PHP based websites, Content Management Systems, Frameworks, and the language off and on for many years. When the opportunity came to author a course on Laravel I jumped on it.
Laravel is a full-stack web framework for modern PHP based web applications. PHP is a language that has been around for a long time used to power most of the web site and web apps on the internet today. And some of the best web development teams in the world build their products with Laravel.
Many don’t know this but Laravel can be used for front-end and back-end development, as well as developing a REST API. Some of the largest companies and most popular websites have been built using Laravel such as Disney, Apple, Pfizer, BBC, Twitch, Mastercard, and more.
In this course, Laravel 9: The Big Picture, you’ll learn about the Laravel full-stack framework. First, you’ll explore Laravel’s core components such as: routing, middleware, controllers, requests, responses, views, blade templates, and more. Next, you’ll discover how to install Laravel, configure it, how it handles security, works with databases, about its APIs and more. Finally, you’ll learn what it is like to develop, build, and deploy an app with Laravel.
When you’re finished with this course, you’ll have the skills and knowledge of Laravel needed to decide if it is the right PHP web framework for you and where to go next on your journey with Laravel.
This month I will be a guest speaker at the free Blacks In Technology Twin Cities chapter happy hour event. We will be having a tech career discussion. The topic is: “Destination Cloud – Pivoting Your Career in Tech with Steve Buchanan“.
When: The happy hour event will be on Wed, May 25, 2022, 6:00 PM – 8:00 PM.
Location: Modern Well, 2909 S Wayzata Blvd, Minneapolis, MN 55405.
Join us for an evening with me and moderator Brian Waters as we explore career pathways in the Digital Space. Here are topics we will explore:
Choosing an area of interest
Being Strategic & Intentional in Career Search & Growth
Transitioning into Different Tech Disciplines & Industries, and
Identifying tech trends on the horizon!
This event is both in-person and virtual. The in-person location is Modern Well, 2909 S Wayzata Blvd, Minneapolis, MN 55405 and the zoom link is below. I hope you can make it out to this event!
Today Pierre Roman (@wiredcanuck) Senior Cloud Advocate of Microsoft & myself (@buchatech) streamed “Introduction to Azure Arc enabled Kubernetes” on Learn Live. Here is what we covered in this session:
In this session, showed you how Azure Arc enabled Kubernetes clusters can help customers like Contoso to optimize and simplify their operations. Here are the Learning objectives we covered:
Describe Kubernetes, Azure Arc, and Azure Arc-enabled Kubernetes.
Connect Kubernetes clusters to Azure Arc.
Manage Azure Arc enabled Kubernetes clusters by using GitOps.
Integrate Azure Arc enabled Kubernetes cluster with Azure services like Azure Monitor and Azure Policy.
If you missed it don’t worry. 🙂 You can watch the playback on the Microsoft Developer YouTube channel here:
You can check out more Learn Live episodes on the:
This course will give an overview of Ember’s components and architecture and a guide to the next steps you can take to get started with Ember. In this course, Ember 4: The Big Picture, you’ll learn about the Ember front-end framework. First, you’ll explore Ember’s core parts: Ember.js, Ember Data, Ember CLI, and Ember Inspector.
Next, you’ll discover Ember’s core concepts: routing, services, and Components. Finally, you’ll learn how to what it is like to develop, build, and deploy an app with Ember.