►
Description
Saya akan menceritakan pengalaman tim kami menggunakan GitOps (dalam case ini Argocd) dalam menjalankan Continious Deployment production workload dalam industri perbank-an yang harus comply dalam PCI-DSS dan berbagai Regulasi lainnya.
Bagaimana kami menggunakan "declarative way", sambil tentunya memperhatikan aspek di sisi security juga. Argocd untungnya mempunyai beberapa plugin yg support itu seperti argocd-vault-plugin. Dan kustomize untuk mempermudah dalam struktur folder di environment kami.
Saya juga akan bercerita tentang bagaimana kami mencoba untuk integrasi dengan Active Directory. Dan bagaimana pembagian authorisasi user dalam mengakses argocd.
A
A
Hello:
everyone
Welcome
to
kubernetes
community
Days,
Indonesia
2021.
We
are
on
Track
3
right
now
with
me
Stefanus
to
Graha.
Today
we
will
talk
about
getopts
and
the
title
of
my
current
sharing
is
getopts
with
Argo
CD
n
customers
on
Alto
Network,
a
glimpse
of
my
office
at
the
moment,,
namely
alto
is
a
payment
system,
infrastructure
provider
company
part
of
Djarum
Group,
Hi
Okay.
This
is
our
agenda.
First
I
will
try
to
introduce
myself
briefly
in
the
introduction
section.
A
Then
I
will
tell
a
little
about
the
status
of
Alto's
digital
transformation
when
migrating
to
a
provider
club.
We
will
further
on
what
CF
tools
we
use
in
Alto
Then.
There
are
getopts
the
benefits.
What
are
we
using
after
implementing
this
getopts,
and
why
did
we
choose
Argus
City
to
continue
to
customize
using
hip
hop?
A
B
A
A
as
a
Depok
Engineer,
at
the
beginning
of
my
career,
I
worked
as
a
Spot,
then
continued
to
be
a
Network.
The
system
Engineer
until
now,
a
Devops
Engineer
Currently.
My
focus
is
on
Cloud,
durable,
GBP,
auto
mission
CCD
with
Governor
Jazz
and
some
sense
Hi,.
Now
we
have
a
Kubernetes
Cluster
now
We
have
the
truth
of.
B
A
Diamond
frame
and
just
play
with
it
pretty
livefoot
we
blended
from
making
Cluster
choosing
OS
chain
asking
who
the
Network
interface
storage
is,
and
the
maintenance
is
not
observability
yet
and
because
we
have
many
partners,
we
are
also
responsible
in
terms
of
infrastructure
for
our
partners.
So
we
have
to
think
about
how
the
multi
tension
is
also
good.
Because
of
all
the
credit
crunch.
We
chose
matte
GBP,
which
is
easy
because
there
is
already
a
fortune
in
Jakarta.
A
A
Soon
most
of
our
biochems
doctor
Swamp
died.
So
we
had
to
RI
conflict
again
several
emails
from
the
compost
doctor
to
kubernetes
Hi
Aa.
At
the
moment
we
have
more
than
six
informants
A
We
call
it
sdqu
SSD,
which
stands
for
stitching
sand
box
development
hi.
Then
it
is
production
because
we
have
to
follow
some
complaints.
We
separate
the
production
for
sensitive
and
launches
and
non
sensitive
data.
Then
there
are
also
some
informants
for
partners
Hi.
Now
we
have
10
more
Clusters,
not
around
45
around
600
spotsdialog
Network.
A
Now
the
data
that
was
just
now
is
still
temporary
because
we
are
still
in
the
process
of
migration,
which
has
only
been
running
for
approx.
5-10
percent
of
all
available
o'clocks
Hi.
Lastly,
because
we
are
in
contact
with
the
bank
So,
we
have
to
fulfill
several
complaints,
such
as
iso,
because
it
relates
to
credit
cards.
There
is
a
VCD
SS
and
because
Alto
is
also
an
official
partner
of
visa,
so
it
must
meet
international
standards
from.
B
A
Visa
Hi,
ah,
we,
because
we
already
use
kubernetes,.
There
are
several
platforms
from
noon,
CF
to
support
our
kubernetes
on
Alto,.
What's
the
first
site,,
of
course,
Governor
test
Then,
there's
Argo,,
there's
this
location,.
We
use
Argo
side
as
jpoops,.
Well,
in
this
session
we
will
focus
on
the
price
of
sidi
Then.
A
There
is
grafana
for
matrix,
visualization
Kyai
Ali
is
also
for
visualization,
but
as
a
micro
service,
it
is
a
kind
of
container
flow
topologies.
Here
we
use
a
chain
of
interfaces
to
replace
doctors
who
have
been
trusted
by
tit
We
use
istio.
As
a
service
Mas
Then.
There
is
Fox
for
secret
management,.
It
just
so
happens
that
Argosy
Deep
has
this
volt
plug-in
from
IDM,
so
it
can
be
more
easily
integrated
hi.
Then
there
is
prometheus
to
buy
the
matrices,
then
Oppa
or
the
police
Ejen
are
here.
A
A
A
?
the
benefit
from
the
developer's
side.
The
first
benefit
is
the
spade
infrastructure
or
iac
ia,
Ceni,
basic
or
the
basis
for
getopt.
All
the
chords
written
are
conflicts
later
for
bernardes,
because
later
on,
Ace
will
be
executed
continuously
or
luping
by
using
yatch.
We
can
save
time
efficiently,
because
if
there
is
a
new
project,,
just
copy
and
paste
from
the
existing
Hiace,
then
change
a
few
parameters
and
you
can
directly
DC
cat.
A
Then
there
is
self-service
instead
of
us,
salting
someone
or
a
team
to
take
care
of
the
project
to
production,
see
the
ticket
number
adjust.
The
release
version,
see
the
status
of
the
replica
and
others
with
cast.
We
just
monitor
like
this
and
Give
Up
He.
Does
everything
himself
or
service
Then
chord
review
according
to
honey
is
important
because
we
can
be
fair
to
each
other
by
reviewing
the
chords
that
we
make
with
chord
review,
we
can
share
knowledge
or
avoid
errors.
A
If
there
are
our
friends,
look
at
syntax
errors
or
create
emails,
most
often
maybe
spaces
and
there
are
get
requests
or
requests..
This
is
also
important
for
you,
I.
Think
for
complaints,
because
there
is
a
system
over
all
changes
to
go
up
to
one
step
pasting.
If
the
production
shop
must
always
go
through
the
overvaluation
of
our
superiors
or
the
appointed
person,
What's
Offroad
for,,
then
what
are
the
benefits
from
the
Operation
side,
hi,
first,,
declarative
W,.
This
is
one
of
the
biggest
advantages,
in
my
opinion,
by
using
jpoops,
simply
like
this,.
A
What
will
be
in
conflict
in
the
kit,?
It
will
be
exactly
the
same
as
what
is
in
Deeply
on
the
server,.
So
we
don't.
We
need
to
look
again
at
our
conflicts
in
production,.
It's
enough
to
see
what
is
there
a
little
observability,
a
ability
to
see
the
state
of
the
system
on
the
server
and
we
can
trip
older
Based
on
a
certain
matrix
by
making
it
off
here
we
can
compare
one
system
with
another
system
just
pass
through
games,
then
audits
and
complaints
idealtoto,
because
it's
bad
that
many
birds
rely
on
Banks
with
Gtalk.
A
Here
it's
much
easier
to
meet
the
target.
All
conflicts
can
be
transparent.
You
can
see
the
digits
Sis.
There
is
a
profile
system.
All
contributors
bitten
can
be
tracked.
History
and
lately
disaster
disaster
recovery
can
be
anytime
yes,
by
getting
off
around,.
You
can
recover
to
another
cluster
or
even
another,
crossfader
in
quite
a
short
time,
because
all
the
configurations
are
already
there,.
All
that's
left
is
the
latest
Clash.
A
Rajapoker88
mili
Argo,
currently
Argo
to
has
four
Projects,
each
of
which
is
made
for
a
specific
chest.
There
are
arborside
argonauts
Argo,
workflow
and
Argo
events.
All
Projects
can
be
used
ten
loans
or
individually
independently,
without
relying
on
other
Project
cargo
Hi
in
2020
he
joined
CF,
so
it
is
more
integrated.
In
my
opinion,
with
all
the
toll
tools,
c&a
Argo
has
a
cute
logo,
in
my
opinion,
Hi.
Why
is
argo
Hi
because
I
think
it
has
a
good
user
interface.
A
You
can
see
later
in
the
demo
then
enable
multiturn,
ancient
multi-cluster
management,
so
argosy,.
It
has
a
feature
that
can
accommodate
several
namespaces
or
several
clusters,,
maybe
even
in
several
clusters
at
different
provider
clubs,.
As
long
as
the
CD
price
has
access
there.
A
A
A
Hi
Aa.
Next
we
go
to
the
argus
CD4
plugin
in
the
office.
I
use
it
at
the
moment,
make
Arbeloa
make
flazen
its
function
is
to
take
the
original
value
of
fun
volts
and
put
it
into
the
secret
kubernetes
at
the
moment
on
the
island,,
the
Hai
menu
as
seen
here,.
So
all
the
Secrets
in
the
great
little
bit
will
be
masked
by
the
students,
for
example,.
We
can
see
here.
There
is
an
example
of
Secret,.
B
A
Will
show
you
this
is
the
topology
I
am
the
first
one,
Argasidae
will
mop.
This
will
steam
the
secret
from
Mal.
When
steaming,
he
will
trick
Gar
the
new
plugin.
He
will
connect,
make
a
connection,
love
kvoll.
There
are
various
connections.
The
authentication
system
has
everroll.
There
is
kubernetes
authentication
Well.
There
are
various
kinds
of
authentication
once
it
is
open
the
give
it
over.
It
will
be
allowed
to
take
the
real,
exciting
thing
to
Argo.
Now,
when
the
minister
deploys,
this
value
will
be
stepped
on
to
the
Efi
Secret
garden.
A
A
Out
now
here
are
some
screenshots
of
the
system
from
Alto
which
uses
Hi
active
directory
from
Windows,.
So
we
can
log
in
using
active
directory,
set
the
user
there,
centralized
in
the
active
directory,.
Then
besides,
that,
Argosy
also
has
its
own
Robert
roll
base
access
control,,
so
we
divine
all
the
permissions,,
then
design
it
for
the
user,.
For
example,
Here
Hi
Agita
can
Sopita
can
design
access
roll
as
argosy
deops
roll
nah,
Argo
side
of
trolltube
can
give
permission
for
action
for
special
monitoring
neng
so
allow
namespace
monitoring
at
sea
and
engines
Now.
A
A
Hi,
the
technical
language
is
still
foreign
to
the
cast.
If.
He
typed
it
was
over
or
out
of
sing.
He
had
to
detect
it.
If.
You
can
see
it
here,,
you
can
see
it
in
the
autopsy,
it's
here,,
so
there
are
a
number
of
applications
that
have
autopsied,
you
know,,
it's
not
the
same
starting
from
Kid
and
on
the
server
Hi
there,.
This
akarna
exists
to
maintain
this
matrix.
I
made
settings
on
prometheus,
which
I
made
aller
well
If
a
Hi
signal.
A
is
not
equal
to
zero.
He
will
server
it
critical.
A
A
A
Everyone
who
sees
it
can
easily
understand,.
It
must
be
flexible,
flexible,.
This
must
be
a
good
configuration
of
tools,.
It
must
make
it
easy
to
do
Can
we
adapt
with
some
informants?
Yes,.
He
can
adapt
flexibly
with
different
informants.
And
lastly,.
He
has
to
be
an
ex.
Who
really
is
Uncle.
Then.
It
should
be
easy
in
Medan,,
so
for
example,.
If
we
move
different
people,
Jenner
is
easy
to
change
or
reuse
with
different
conditions..
A
Hi,
why
is
it
customized,
because
it's
all
about
Gmail
files,
so
whatever
is
made
by
customized,
is
about
email?
Well,
customized
has
several
generators
for
configmaps
and
Secrets,
so
the
pet
conflict
is
that
we
have
a
configmap
or
secret
from
the
txt
file.
He
will
make
the
generator
to
be
an
example.
Maybe
like
this
a
customized
one
has
a
pcs
too
Line
up
here.
There
are
some
basic
configurations:
Hi
suppose
we
have
several
informants
like
the
one
in
Alto.
The
best
is
still
one.
So
every
change
in
that
we
separate
them
in
some
older.
A
A
A
B
B
A
Okay,
there's
already
a
coding
chapter
here,
like
an
SMS
coming,.
The
demo
already
has
a
base
m.dev
envelope
here,.
There
are
several
applications
for
each
informant,,
I
installed
the
Kubernetes
dashboard
and
the
English
is
from
istio,
and
this
is
the
application,.
This
application
is
plain
html,.
This
is
for
defined
for
men
and
for
production,.
This
is
for
parliamentary
protein,,
so
we
use
customized,,
so
it
makes
it
easier,.
Usually
it's
already
there.
A
A
A
A
A
It's
making
production
so
it
looks
like
each
news
has
its
own
dashboard.
You
can
see.
This
is
the
one
on
the
dashboard
for
the
production
of
Hi,
porn,
porn,
hi,.
Now
the
dashboard
is
finished.
Special
Neng,,
let's
see
here,,
please
tab
process,
production
and
dashboard
production,.
So
we've
met
everyone
here
on
BeeTalk
here,.
So
it's
pretty
easy
for
everything
to
be
integrated,
here,
uh,.
A
B
Want
to
ask.
Please
in
the
column
set
the
cake
for
the
first
two
questions
from
Mas
Giri
Kuncoro,
this
ecosystem.
Apart
from
the
Argo
CD,,
there
are
other
tools:
too,
like
Adha,
roll-out
and
ergowalk,
lo
and
other,.
So
the
question
is
whether
the
implementation
is
also
in
autonetmagz,,
like
before,,
the
Argo
router
gowok
flow
was
taken
up
in
autonetmagz
too,
no,
bro,.
A
B
A
B
A
Is
right
now,
in
the
plain
pipeline
we
are
going
to
write
Angger
to
change
the
image,
for
example
the
one
that
was
customized
earlier
when
the
pipeline
we
want
to
increase
the
patent
sidi.
We
replace
it
customized
specifically
for
the
image
update
part.
So
when
Asia
cd
goes
changing,
the
new
image
is
crazy
to
the
arborside,.
That's
why
we
use
customize,
because
we
were
also
astragal
at
that
time.
Looking
for
it.
B
A
B
A
Do
it,
it
has
a
matrix,,
so
it's
the
default
so
just
like
before
I
saw
that
there
is
an
onok
sing
in
grafana
that
can
send
tools,.
There
are
several
application
applications,,
for
example,
the
Devin
formento
is
out
of
sync,.
He
even
sends
alerts
according
to
defendi,
alertmanager
or
other
motives
can
be
there,
sip.