Spinnaker vs. Argo CD: Best Tools for Continuous Delivery
Spinnaker and Argo CD are favorite tools for transforming software delivery processes. Let’s dig deeper into when Spinnaker and Argo CD make sense.
Join the DZone community and get the full member experience.Join For Free
Intro to CD
Adopting containers has been a common strategy for enterprises to roll out new application changes quickly, deploy efficiently, and run applications securely.
Today, to achieve those goals, many enterprises are now adopting continuous delivery (CD) in order to deploy changes into production quickly, frequently, and safely.
Many CD tools are used to deliver software to production. Some of the most common tools in the market are:
- Argo CD
- Tekton CD
- Git Lab
- Azure DevOps
Spinnaker and Argo CD are favorite tools for transforming software delivery processes, so we are often asked to describe the differences between them and to assess which one is better. The short answer is that it depends on the specific situation and requirements of each customer. But that is not a satisfying answer, so let’s dig deeper into when Spinnaker and Argo CD make sense.
A Quick Introduction to Spinnaker and Argo CD
Spinnaker is an open-source, multi-cloud CD platform for releasing software changes with high velocity and confidence.
Spinnaker offers a powerful and flexible pipeline management system, which is used by many Fortune 500 companies to deploy millions of changes per year.
Refer the Spinnaker UI:
ArgoCD, a declarative CD tool for Kubernetes applications, uses GitOps style to manage cluster resources. Argo CD monitors the application configuration defined in your Git repository and compares it with the live state in the cluster. When a developer changes the app definition in Git, Argo CD detects and notifies administrators about the out-of-sync status. If the administrator approves the change, ArgoCD creates resources in Kubernetes clusters with the newly defined configuration.
Comparison Between Spinnaker and Argo CD
We have separated our evaluation of Spinnaker and Argo CD along four dimensions: installation and implementation, deployments, complex workflows, and safety.
Tabular Comparison: Spinnaker vs. Argo CD
Installation and Implementation
One of the top parameters that any enterprise visualizes is Day1 operation, which includes prerequisites, installation, configuration, and architecture.
Argo CD is very lightweight and can be installed in minikube using manifest or HELM charts (with 2GB of memory and 2 CPUs), whereas Spinnaker is feature-rich, making it pretty heavy.
Installation of Halyard — a lifecycle manager for Spinnaker — takes at least 12GB of memory (though it can be run in 1GB for a small setup). In addition, Spinnaker requires a Kubernetes cluster with four cores and 16GB of RAM.
From an installation perspective, both Spinnaker and Argo CD are well documented and easily installed with a few commands and in a few minutes. Both CD tools offer fault-tolerant, highly available architecture to minimize service disruption during software deployment.
Learning Curve and Enterprise-Wide Adoption
Another factor that certainly helps enterprises scale the adoption of a CD solution is the learning curve.
As Spinnaker is feature-rich and has many features and components, the DevOps team has to learn how to configure pipelines or deploy them into multi-cloud environments, etc. Many Spinnaker resources, documentation, videos, and enterprise Spinnaker plugins are available for the DevOps team to shorten their learning curve and enable them to adopt it gradually in production.
By contrast, Argo is a lightweight CD solution limited to Kubernetes app deployments. If you need a CD solution for Kubernetes, you can get set up very quickly with Argo CD. However, in a production deployment, Argo CD may not satisfy all the security and compliance requirements set by DevSecOps managers for production deployments.
Organizations that want a centralized and production-ready CD solution to handle various application types and deployment targets should look for a vendor that provides production-ready Spinnaker and production-ready Argo CD solutions that are secured, scalable, extensible, hardened, and Fedramp-compliant, per your organization’s requirements.
Argo CD follows GitOps style deployment, i.e., it treats Git as a source of truth and monitors the repository for any changes in the manifest file for app deployment in Kubernetes. Manifest can be specified in a text file or JSON file, Kustomize applications, HELM charts, ksonnet applications, or jsonnet files.
Argo CD is meant to be used with Kubernetes applications and services only. Argo CD tracks updates to branches or tags or is pinned to a specific version of manifests at a Git commit and deploys the changes into Kubernetes. Kubernetes manifests from a Git repository are applied to your cluster configuration, and Argo will strive to ensure that your repository and clusters are always in sync.
Argo CD can also re-issue the Git state to the target environment if there is a change in the target environment for any reason.
Argo CD provides a UI to showcase the deployment status of a change (and depends on sync with Git change). Refer to the image below:
Spinnaker does not support GitOps delivery style; however, there is an alternate way to achieve it using a vendor-enhanced solution. Spinnaker offers declarative pipelines for app delivery. DevOps engineers who are deploying to the public cloud or Kubernetes choose Spinnaker pipelines. By using pipelines, Spinnaker can deploy apps into any on-premises virtual machines (VMs) or cloud data centers like AWS, GCP, Azure, and Kubernetes. The best part of Spinnaker pipelines is that you can configure stages for a sequential release process.
Refer to the below screenshot where a Spinnaker pipeline (for an AWS deployment) is executed:
Developers who want to use GitOps-style delivery models with Spinnaker can use a hack with the pipelines. They need to configure triggers in Git to execute a pipeline on any commit to any code in Git. Such a hack to achieve GitOps is called managed delivery.
Manifest files can be specified in a text file or JSON file, or Kustomize applications, HELM charts, or Spring Spel templates. Any change to the manifest file in Git will trigger Spinnaker pipelines for deployment. Application deployment tracks updates to branches or tags or is pinned to a specific version of manifests at a Git commit. The Spinnaker API can be called to create and manage infrastructure (security groups, load balancers, firewalls) and process deployments.
Refer to the below screenshot where a Spinnaker pipeline is called based on Git changes:
For large organizations, Spinnaker comes in handy to construct an end-to-end delivery workflow by configuring a series of stages in Spinnaker pipelines. Webhooks in those stages can automatically execute many activities of a release process, such as Jenkins build jobs, deployment into test environments, triggering automated test cases, or deploying into staging and production environments, etc. Manual judgment and verification gates can also be configured as a part of the same pipeline to ensure an automated and risk-free release process. Below, Fig A represents the orchestration of an enterprise software delivery process using Spinnaker, and Fig B represents a sample Spinnaker pipeline automating various delivery stages — build, test, deploy, and production:
For safe deployment, both the Spinnaker and Argo (Argo Rollouts) offer built-in deployment strategies like highlander, blue-green, rolling updates, and canary.
Spinnaker and Argo CD support on-premises and managed Kubernetes. Both tools support application deployment into managed Kubernetes (EKS/GKE/AKS). Argo CD deploys directly based on the configuration change, whereas Spinnaker uses a delivery pipeline for deployment.
If you have a few applications hosted on-premises or in managed Kubernetes clusters and are still undergoing some cloud transformation, then Argo CD may be well suited for you. However, if you want to construct a seamless workflow to automate a delivery process that includes test integration, approval gates (manual or automatic), integrated image builds, and visibility into deployments to hybrid or multi-cloud environments, then choose Spinnaker for continuous delivery.
Scaling Enterprise-Wide With Complex Workflows
Every enterprise deploys applications to VMs — either to the cloud via GCP, AWS, or a different cloud or to on-premises data center VMs. It is standard practice to create a specification for the environment that is required for an application — the OS version, binaries, storage, networking, libraries, applications, compressed files, etc., to create a VM. This is also called VM bakery, where the infrastructure team makes a snapshot of the overall environment and persists it in something like an AMI store. And once that image is ready, creating multiple images — even up to tens of thousands of images — can be created to match the requirements of the application. The process is also known as immutable infrastructure and is practiced to avoid configuration drift.
Spinnaker uses HELM charts to bake Kubernetes manifest files. Similarly, it uses a packer template (under the hood) to bake VM images. Once a delivery pipeline is completed, Spinnaker can provision those VMs (along with load balancers, firewalls, etc.) in the target environment (from the cloud to on-premises VMs, to bare metal servers). This helps infrastructure teams leverage Spinnaker to orchestrate VM-based deployments. This ability to deploy updates to Kubernetes services and VM-based applications is one of the important reasons that many organizations choose to standardize on Spinnaker for software deployments.
In addition, Spinnaker provides a single pane of glass where you can see and control your resources. Developer and operation teams don’t need to log into a different UI or public cloud to understand the status of resources.
Argo CD currently does not include provisioning infrastructure. But the hack here is to use an external open-source software like Crossplane to be able to assemble and manage the infrastructure of any public cloud.
Stability and Performance
When handling multiple application deployments and scaling a CD solution enterprise-wide, Spinnaker, and Argo CD have a few performance issues.
For example, according to the Argo documentation in the roadmap section, Argo becomes very slow when handling more than 1,000 Kubernetes applications. Further, to take more than 100 Kubernetes clusters, you must increase the number of replicas of Argo CD controllers (i.e., scale horizontally) and configure Argo for automated sharding (to distribute the workload among all the Argo CD controllers). Argo CD also has issues when configured to handle 50+ applications in a single repository — specifically, it may not generate manifests properly.
Making the Argo CD software fit for production — such as making it highly available — is tricky. Argo releases metrics (both counter and gauge type) for Prometheus to measure Argo CD system performance issues. But challenges arise when developing Argo CD support for other monitoring systems, such as Datadog, NewRelic, Dynatrace, etc.
Feedback and notifications are an essential part of the continuous integration/continuous delivery (CI/CD) process. Any CD tool needs to have extensive coverage of the various tools used to communicate in a DevOps setting. Both Spinnaker and Argo CD provide integrations with third-party collaboration tools.
Argo CD provides notifications through email, GitHub, Slack, Mattermost, OpsGenie, Telegram, and Microsoft Teams. To enable notifications, you must install Argo Notification. You can use Argo Notification with other products, such as Argo Rollout, to get real-time information about deployment status.
Spinnaker supports notifications through email and provides integrations with many collaboration and service management tools, such as Slack, ServiceNow, JIRA, Twilio, PagerDuty, Microsoft Teams, and others.
Argo CD enables administrators to approve a deployment immediately after a change in Git has been recognized. Manual judgment steps at various stages in the software delivery require substantial configuration and scripting in Argo CD.
Similarly, manual judgment stages can be configured in Spinnaker pipelines. Still, it requires significant effort to set up advanced judgment, such as automatic approvals based on various CI/CD data or the risk of a new release.
Vendor-supported solutions bring together the best of CD software capabilities, enabling administrators to quickly approve the promotion of an update at any stage in the overall process, typically before integration testing, staging, and production. Some solutions take this a step further, allowing project or release managers to make informed approvals by providing 360-degree information about the build, test, ticket status, etc. Release managers can make quick and informed decisions to progress a pipeline. Refer to the image below.
Deployments done this way are safer because there is more visibility into the various stages involved. Data-driven approvals also enable companies to deploy to production more confidently.
Spinnaker and Argo CD get support from the open-source community for upgrades and patch fixes. Some vendors offer enterprise support to mitigate vulnerabilities and compliance issues. By selecting a vendor that contributes to these open-source communities, you can ensure you get the expert help you need.
For Argo CD support, visit here, or find the Argo slack channel here. For Spinnaker support, join the Spinnaker channel.
If you are an enthusiast, you can stay tuned and attend ArgoCon and Spinnaker Summit to meet like-minded DevOps folks working on CI/CD projects.
Enterprises are adopting a new DevSecOps culture to enforce security in CI/CD pipelines. This shift-left mentality requires organizations to consider requirements from security teams, such as proper authentication, authorization, secure connections, and many others. Both Spinnaker and Argo offer authentication, with support for LDAP and SAML protocols and authorization through RBAC.
Argo CD has undergone security reviews and penetration testing and removed all vulnerabilities from the product itself.
Argo CD provides authentication through JSON Web token and authorization through RBAC policies. The communication among different services (argoCD-server, argocd-repo-server, argoCD-application-controller) is secured through TLS. Argo CD also provides secret management by storing credentials of external clusters in Kubernetes secrets. Argo CD is un-opinionated on how to manage secrets.
Spinnaker also offers high-security standards for enterprises to combat internal or external threats. It supports various protocols like RBAC, LDAP, OAuth, and MFA for proper authorization and authentication. With support for mTLS and X.509 certificate-based communication, Spinnaker is considered one of the most secure CD tools. Furthermore, Spinnaker directly discourages you from storing secrets, tokens, passwords, and similar sensitive information in plain text and instead offers integration with Git, S3, and Vault to keep such information.
Policy and Compliance
Open source Spinnaker facilitates automated policy enforcement via integration with Open Policy Agent (OPA) — a standard for specifying policies. Policy managers can now easily define policies using declarative language and use pipelines to enforce rules on deployments or the release process. This helps organizations ensure 100% adherence to industry standards like HIPAA, GDPR, SOX, and internal best practices.
Both Spinnaker and Argo CD offer auditing capabilities.
To audit deployment activities in Argo CD, you need to connect external tools like Event Exporter, Event Router, or ElasticSearch. To troubleshoot issues, the DevOps team will need to configure the solution to fetch audit logs and store all the event logs.
Spinnaker has a mechanism to store log information about pipeline runs and deployments. With Spinnaker, auditors can quickly investigate all activities regarding deployments.
Organizations that are mature in DevOps frequently seek to minimize the risk of new releases in production by properly assessing quality and performance for every change. This is called continuous verification. Neither Spinnaker nor Argo CD offers any out-of-the-box feature to fetch logs or metrics data from external sources or to provide you with information that can help you make go/no-go decisions for deployment. However, some vendor-enhanced solutions enable the verification of new releases in various delivery stages.
We have evaluated Spinnaker and Argo CD based on four broad dimensions that enterprises care about:
- Installation and Implementation
- Maintenance and Scalability
In some areas, such as implementation, Argo CD can be faster than Spinnaker. In other areas, such as deployment capabilities, only Spinnaker offers comprehensive capabilities for DevOps and security managers.
Spinnaker and Argo CD are designed for different purposes. Argo is primarily intended for a DevOps team deploying to Kubernetes only. Spinnaker is designed as an enterprise platform that can handle deployment into all types of targets and simplify and automate broken software release processes.
Published at DZone with permission of Gopinath Rebala. See the original article here.
Opinions expressed by DZone contributors are their own.