Blog on Paolo Carta

Using ArgoCD ApplicationSet templating to conditionally apply SyncPolicies

Sat, 29 Mar 2025 00:00:00 +0000

ApplicationSets can be really useful to generate several applications, for instance when using multiple environments. This can be achieved by using generators such as the list, git or cluster ones.

Sometimes the application generated might be different from one environment to another. For instance, we might want automatic sync on dev and test, but manual sync in the prod environment.

This article shows how to use an ApplicationSet with templatePatch to conditionally apply syncPolicy based on the environment. This example assumes you’re using a List or Git generator that includes an env field (e.g., test, prod) for each application.

ArgoCD GitOps Repository structure with multiple instances

Tue, 25 Mar 2025 00:00:00 +0000

Many organizations running workloads in Kubernetes are embracing ArgoCD to deploy safely and ensure consistency and traceability.

Unfortunately there are not many guidelines or best practices yet explaining how to structure the GitOps repository for simplicity and maintainability.

In this article I would like to show my solution with a setup consisting of multiple ArgoCD instances. Basically each Kubernetes cluster will have its own instance, which will manage all resources belonging to it. ArgoCD will be bootstrapped externally, for instance at cluster provisioning with Terraform.

ArgoCD GitOps Repository Structure with a single management instance

Sun, 23 Mar 2025 00:00:00 +0000

Many organizations running workloads in Kubernetes are embracing ArgoCD to deploy safely and ensure consistency and traceability.

Unfortunately there are not many guidelines or best practices yet explaining how to structure the GitOps repository for simplicity and maintainability.

In this article I would like to show my solution with a setup consisting of a single management ArgoCD instance. It allows a clear separation between applications, infrastructure and ArgoCD Apps and Projects. Moreover it supports multiple environments by leveraging Kustomize.

Validate your Kubernetes manifests with Kubeconform and Kustomize in CI/CD

Thu, 12 Dec 2024 00:00:00 +0000

Introduction

Kubernetes manifests define how your applications and resources should be configured and managed.

To ensure that these manifests are valid and compliant with Kubernetes standards, it’s crucial to validate them before deploying to any cluster. One effective way to automate this process is by using Kubeconform in your CI pipeline. This blog post will walk you through the process of integrating Kubeconform into a CI pipeline to validate your Kubernetes manifests.

Kubernetes Error Notifications in Slack with Botkube

Thu, 05 Dec 2024 00:00:00 +0000

Prerequisites

In order to use this guide, I assume you already have:

A Kubernetes Cluster up and running
Botkube installed on your cluster
Slack App for Botkube installed in your workspace

In case you don’t fullfill all of them, please follow the links attached for the setup.

Notifications

Imagine you’re managing a Kubernetes cluster and want to keep an eye on any errors occurring in your apps. With Botkube, we can get chat notifications about issues detected from Kubernetes events. This approach improves the platform team’s reaction time quite a bit.

Use Botkube Actions to get logs in Slack on app issues

Mon, 02 Dec 2024 00:00:00 +0000

Prerequisites

In order to use this guide, I assume you already have:

A Kubernetes Cluster up and running
Botkube installed on your cluster
Slack App for Botkube installed in your workspace

In case you don’t fullfill all of them, please follow the links attached for the setup.

Classic Notifications

ArgoCD Server Side Apply for bulky CRDs

Thu, 28 Nov 2024 00:00:00 +0000

In this post, I’ll explain the reason for the issue with ArgoCD on Kubernetes: “Too long: must have at most 262144 bytes”. After that we will see how to fix it.

By default, ArgoCD performs a kubectl apply operation to apply the configuration stored in Git. This is a client side operation that is using the kubectl.kubernetes.io/last-applied-configuration annotation to store the previous resource state as JSON. This is used to compute the patch to apply to a resource.

Application Cleanup with the ArgoCD Deletion Finalizer

Wed, 27 Nov 2024 00:00:00 +0000

In Kubernetes, finalizers prevent resource deletion before the cleanup has been successfully completed by the responsible controllers.

ArgoCD supports its own finalizer as well in order to perform cleanup operations when deleting an Application custom resource. You can add a finalizer annotation on any Argo CD application.

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
 finalizers:
 # The default behavior is foreground cascading deletion
 - resources-finalizer.argocd.argoproj.io

When deleting an application with this finalizer, the ArgoCD application controller will perform a cascading delete of the application’s resources.

Configmaps and Secrets Reloader in Kubernetes

Wed, 20 Nov 2024 00:00:00 +0000

After talking about change propagation in configmaps here, I would like to go deeper into the Reloader controller.

What is ConfigMap Reloader?

ConfigMap Reloader is an open-source Kubernetes controller that automatically triggers rolling upgrades when ConfigMaps or Secrets are updated. It is useful in scenarios where your application relies on external configuration files.

Without a tool like ConfigMap Reloader, you might need to manually delete or restart your pods to have your app using the new configuration, which can be cumbersome and prone to error, especially in larger deployments.

Behavior of ConfigMaps in Kubernetes When We Update Them

Wed, 13 Nov 2024 00:00:00 +0000

Working with Kubernetes I noticed some confusion when talking about what happens when a ConfigMap gets updated.

This article would like to explain my understanding about this behaviour.

Using Volume Mounts

When a ConfigMap is mounted as a volume, Kubernetes eventually will update the files in the volume if you are not using a subpath. However, the application needs to detect these changes and reload the configuration. Some apps for instance just load the config at startup and not dynamically.

A Kubernetes Production Readiness Checklist

Sun, 15 Jan 2023 00:00:00 +0000

Declaring a cluster “production-ready” is often more of a vibe than a rigorous process. After running this exercise with a dozen or so clients, I’ve converged on a checklist that covers the things that actually bite people — not an exhaustive spec, but a focused set of high-signal checks.

Resource requests and limits

Every container should have CPU and memory requests set. Limits are more nuanced — memory limits are important to prevent OOMKills cascading, but CPU limits can cause unnecessary throttling if set too low. At minimum: set requests on everything, set memory limits with some headroom, and measure actual usage before tuning CPU limits.