This org exists to provide easy-to-use Kustomize-based GitOps deployment tools for repositories containing multiple deploy environments. This is meant to be accomplished via the techniques of promoting built container image shas from development repos and using "rendered YAML branches" for GitOps deployment. Other FOSS tools that enable a similar workflow are Bookkeeper for managing rendered YAML branches and Kargo for managing promotions. Both tools are developed by Akuity, who provides managed ArgoCD as a service.
To get started, look at the guestbook-deploy repository which deploys the guestbook app.
The technique of using "rendered YAML branches" removes the responsibility of config templating from your deployment tool and gives it to the CI/CD pipeline. For example, the action-env-build-and-deploy GitHub Action automates the config management templating (e.g. kustomize build) such that fully rendered Kubernetes manifests are outputted to an environment specific branch (e.g. env/stage, env/prod). The deployment tool is then configured to deploy the manifests from the environment branch, as opposed to a directory in the main branch.
An example application source repository is located at https://github.com/kustomize-everything/guestbook and has a CI/CD Pipeline which builds new container images and automatically commits the new image tags to the kustomize environments contained in the guestbook-deploy repository.
- Easily understandable change history/diff - change is not obfuscated by config tooling
- Use different policies per environment - e.g. automated commit/deployment to dev/stage, PR approval process and protected branch for prod
- Upgrading your deployment tool and baked-in toolchain (kustomize) is no longer a risk - templating done in CI, not by the deployment tool
- Better security - No longer at risk from vulnerabilities in tooling (helm, kustomize)
- Safer change management - Change to a kustomize base will not immediately affect all environments
- Improved deployment tool performance - expensive templating process (kustomize build) is no longer performed by the deployment tool
- Additional CI automation requirements (e.g. GitHub action)
- Does not support tools which render plain-text secrets (e.g. Kustomize + SOPS)