We successfully implemented GitOps-based environment configuration management for codebeamer cb-24 using ArgoCD, eliminating configuration drift across our dev/staging/production environments.
Challenge: Managing environment-specific configurations (database connections, API endpoints, feature flags) across 12 codebeamer instances became error-prone with manual updates. Config drift caused deployment failures and troubleshooting nightmares.
Solution: Centralized all environment configs in Git repository with ArgoCD continuous sync to codebeamer instances.
ArgoCD monitors the repo and automatically applies configuration changes to corresponding codebeamer environments via REST API, ensuring declarative state management with full audit trail.
This is excellent! How do you handle sensitive credentials in the Git repo? Are you using sealed secrets or external secret management? Also, what’s your approach for emergency config rollbacks when ArgoCD detects drift?
Let me address the feature flags and validation questions together as they’re interconnected in our implementation.
Feature Flag Management: We use the same GitOps pipeline for feature flags, treating them as configuration data. Each environment overlay includes a feature-flags.yaml file that gets merged with base configuration. ArgoCD applies these via cb-24’s custom field API. The advantage is full audit trail and easy rollback - disabling problematic feature is just a Git commit.
For high-frequency flag toggles (A/B testing, gradual rollouts), we use LaunchDarkly as separate service. GitOps handles stable feature flags that change weekly/monthly, while LaunchDarkly manages dynamic flags. This hybrid approach balances GitOps benefits with operational flexibility.
Configuration Validation: Multi-layered approach:
Pre-commit validation: Git hooks run schema validation against cb-24’s config specification. Catches syntax errors and type mismatches before code review.
CI pipeline validation: GitHub Actions workflow performs deeper validation:
Pseudocode validation steps:
1. Parse YAML/properties files for structural correctness
2. Validate against codebeamer cb-24 API schema definitions
3. Run security scans for exposed credentials or unsafe values
4. Execute dry-run API calls to staging to verify compatibility
5. Generate diff report showing config changes impact
ArgoCD pre-sync hooks: Before applying to production, ArgoCD executes validation script that queries current codebeamer state and simulates config application. If validation fails, sync aborts automatically.
Progressive rollout: Config changes deploy to dev → staging → production with 24-hour soak period between environments. Staging includes automated integration tests that verify codebeamer functionality with new configs.
Deployment Coordination: For configs requiring restart, we use ArgoCD sync waves. Configuration changes get wave 0, application restart gets wave 1. ArgoCD ensures sequential execution. Additionally, we implemented health checks that verify codebeamer services are fully operational before marking sync as successful.
The restart orchestration uses ArgoCD’s resource hooks:
Post-sync hook triggers cb-24’s graceful restart API endpoint
Sync waits for health check success (HTTP 200 from /api/health)
If health check fails after 5 minutes, ArgoCD rolls back config automatically
Measurable Outcomes after 6 months:
Configuration drift incidents: reduced from 12/month to zero
Config-related deployment failures: down 87%
Mean time to propagate config changes: 45 minutes → 8 minutes
Audit compliance: full traceability via Git history
Team confidence: developers can safely modify configs knowing validation catches errors
The key success factor was treating configuration as code with same rigor as application code - version control, code review, automated testing, and progressive deployment. cb-24’s improved REST API coverage made this pattern viable compared to earlier codebeamer versions.
I implemented similar pattern for different ALM tool. One challenge was config validation before applying changes. How do you prevent invalid configurations from reaching production? Do you have pre-merge validation in CI pipeline, or does ArgoCD handle validation before sync?