Hi everyone
I am currently looking for a solution that can be easily integrated into a deployment pipeline using GitLab, ArgoCD, and Kubernetes.
The deployment process is working well, but in my project, I need to grant access to team members via the ArgoCD interface to make changes to the applications, such as updating image versions, replicas, and resource allocations (RAM/CPU). These parameters are defined in the values.yaml file in GitLab. I am deploying multiple instances of the application using the same charts for different users, where only the resources (CPU/RAM), image version, etc., vary. The specific configuration for each application is stored in separate values.yaml files (e.g., app1_values.yaml, app2_values.yaml), but they all use the same charts.
What I am looking for is a solution where, if a user updates their application via the ArgoCD interface, the changes are automatically pushed to the corresponding values.yaml file in GitLab. It’s important to note that users do not have access to GitLab; they can only make changes through the ArgoCD interface.
I have explored various options, such as FluxCD, GitLab agents, ArgoCD notifications, and webhooks, but I have not yet found a convincing solution that works.
Does anyone have any suggestions? Tools or methods that are simple and easily integrable?
It’s a bit confusing because ArgoCD follows GitOps, meaning we should update the configuration values in the repo, and ArgoCD will manage the deployment process.
If you don’t want your team to accidentally update something in the repo, you should create a rule to protect the main branch. This way, only a pull request approved by you can be merged into the main branch.
If I misunderstood anything in your context, please let me know.
First of all, thank you for your response. The ArgoCD GitOps operation is indeed as you describe, and I am aware of and familiar with the process.
My need is quite specific and doesn’t necessarily follow the GitOps logic.
For deployments, my technical team handles that with GitOps practices, but in another requirement, I have people who are not technical at all but need to make modifications to their containers deployed via ArgoCD. Technical and secondary constraints prevent me from giving them access to GitLab (alas, I would have liked that, it would have relieved me of this unnecessary blockage ).
I simply give them access to ArgoCD with rights managed via argocd-rbac-cm so that each user can only modify their application.
But since they will have the freedom to modify their applications as they wish, I would like these modifications made to their applications to be reflected in their values.yaml files in the GitLab repository. Each application has its own values.yaml file (not very GitOps, I admit, but I have no choice).
Hence my need to find a way for any modification of an application on ArgoCD to be pushed to GitLab… complicated.
I’m trying to see if I can achieve this via GitLab Agent, but I haven’t tested it yet.
This is where my blockage and my need lies, I hope I have explained it well .
I’m not sure about a solution for your case right now. These tools require specific setups and practices, which are easy to follow. If I come up with any ideas for your situation, I’ll update you.