ArgoCD Guide: Cilium as the Unexpected Multi-Cluster Solution for Developers
Multi-cluster Kubernetes adoption is accelerating, but most developers still view cross-cluster management as an operations-only burden. By combining ArgoCD’s GitOps deployment engine with Cilium’s eBPF-powered networking, you can build seamless, developer-friendly multi-cluster workflows that require minimal manual overhead. This guide walks through setting up this unexpected pairing step by step.
Prerequisites
- 2+ running Kubernetes clusters (v1.24 or later) with kubectl configured for each
- ArgoCD CLI installed locally
- Cilium CLI v1.14 or later
- Helm v3.10 or later
- A Git repository to store GitOps configuration files
What is ArgoCD?
ArgoCD is a declarative, GitOps-based continuous delivery tool for Kubernetes. It syncs cluster state with version-controlled configuration stored in Git, automatically deploying updates when changes are committed. Its native multi-cluster support via ApplicationSet resources lets you manage deployments across dozens of clusters from a single control plane.
What is Cilium?
Cilium is an eBPF-based networking, security, and observability tool for Kubernetes. It replaces traditional kube-proxy and CNI implementations with high-performance eBPF programs, and includes ClusterMesh: a built-in feature for connecting multiple Kubernetes clusters with native service discovery and cross-cluster load balancing, no external service mesh required.
Why Combine ArgoCD and Cilium for Multi-Cluster?
Traditionally, multi-cluster setups require separate tools for deployment orchestration and cross-cluster networking. ArgoCD handles consistent, auditable deployment across all clusters via Git, while Cilium’s ClusterMesh handles cross-cluster traffic routing and service discovery. Together, they eliminate manual configuration for developers: you define your app once in Git, ArgoCD deploys it to all target clusters, and Cilium ensures services can communicate across clusters automatically.
Step-by-Step Setup Guide
1. Install and Configure Cilium with ClusterMesh
First, install Cilium on each cluster with a unique cluster name to enable ClusterMesh:
# Install Cilium on cluster1
cilium install --cluster-name cluster1 --version 1.14.5
# Install Cilium on cluster2
cilium install --cluster-name cluster2 --version 1.14.5
Enable ClusterMesh on both clusters, then connect them:
# Enable ClusterMesh on cluster1
cilium clustermesh enable --context cluster1-context
# Enable ClusterMesh on cluster2
cilium clustermesh enable --context cluster2-context
# Connect cluster1 to cluster2
cilium clustermesh connect --context cluster1-context --destination-context cluster2-context
Verify connectivity with:
cilium clustermesh status --context cluster1-context
2. Install ArgoCD on Your Management Cluster
Deploy ArgoCD to your primary management cluster (e.g., cluster1):
kubectl create namespace argocd --context cluster1-context
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml --context cluster1-context
Expose the ArgoCD API server (for example, via port-forwarding for testing):
kubectl port-forward svc/argocd-server -n argocd 8080:443 --context cluster1-context
Login via the CLI and update the default admin password:
argocd login localhost:8080
argocd account update-password
3. Add Remote Clusters to ArgoCD
Register your secondary cluster (cluster2) with ArgoCD so it can manage deployments there:
argocd cluster add cluster2-context --name cluster2
Verify clusters are added:
argocd cluster list
4. Create GitOps Configuration for Multi-Cluster Deployment
Create a sample application repository with a simple Nginx deployment and service. Then create an ArgoCD ApplicationSet that targets all registered clusters, and uses Cilium’s ClusterMesh for cross-cluster service access:
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: multi-cluster-nginx
namespace: argocd
spec:
generators:
- clusters: {}
template:
metadata:
name: nginx-{{.metadata.name}}
spec:
project: default
source:
repoURL: "https://github.com/your-org/multi-cluster-apps.git"
targetRevision: main
path: nginx
destination:
server: {{.spec.server}}
namespace: default
syncPolicy:
automated:
prune: true
selfHeal: true
Cilium’s ClusterMesh automatically enables cross-cluster service discovery: a service named nginx in the default namespace will be accessible from any connected cluster via nginx.default.svc.cluster.local, no extra configuration required.
5. Deploy and Verify
Commit the ApplicationSet to your Git repository, then sync it in ArgoCD:
argocd app sync multi-cluster-nginx
Check deployment status in the ArgoCD UI or via CLI:
argocd app list
Test cross-cluster connectivity by running a curl command from a pod in cluster1 to the Nginx service in cluster2:
kubectl run test-pod --image=curlimages/curl -it --rm --context cluster1-context -- curl nginx.default.svc.cluster.local
Best Practices
- Store application and infrastructure configurations in separate Git repositories for clearer audit trails
- Enable ArgoCD RBAC to restrict deployment permissions to authorized developers only
- Use Cilium network policies to restrict unnecessary cross-cluster traffic
- Scrape Cilium metrics with Prometheus to monitor cross-cluster connectivity and performance
- Test failover scenarios regularly to ensure workloads resync correctly if a cluster goes offline
Conclusion
Pairing ArgoCD and Cilium delivers an unexpected, developer-friendly multi-cluster Kubernetes setup. ArgoCD handles deployment consistency via GitOps, while Cilium eliminates cross-cluster networking complexity with ClusterMesh. Developers no longer need to rely on ops teams to manage multi-cluster workflows: a single Git commit can deploy and connect applications across all your clusters, with full auditability and minimal overhead.
Top comments (0)