Installation - vdsharma/argocd GitHub Wiki
Installation & Configuration.
Start with instructions on ArgoCD installation at ArgoCD Getting Started
TLDR;
-
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml -
kubectl port-forward svc/argocd-server -n argocd 8080:443 -
argocd login localhost:8080Username: adminPassword: <from argocd-initial-admin-secret>
-
argocd account update-password -
Login again.
argocd login localhost:8080 -
kubectl edit deployment argocd-server -n argocdand add--insecureflag( see Access The Argo CD API Server section below)- Restart argocd-server deployment.
kubectl rollout restart deployment argocd-server -n argocd - After this point we will have to port forward using port 80 as
kubectl port-forward svc/argocd-server -n argocd 8080:80 - login to http://localhost:8080 with the changed password
- Restart argocd-server deployment.
-
Update argocd git ops dir
- Update git argocd-secret file for the cluster with the data from the installation - argocd-secret secret.
- Update paths, repos, certs.
-
Double check your work.
-
kubectl edit secret argocd-secretadd ldappass: -
Update argocd-dex-server deployment, and add environment variable referenced from a secret. (see sso last section)
#add environment variable ldappass.env:- name: ldappassvalueFrom:secretKeyRef:key: ldappassname: argocd-secret#end -
Generate yaml file for the argo updates :
kustomize build -o generated.yaml -
Apply yaml to the cluster.
kubectl apply -n argocd -f generated.yaml -
Restart argocd-server deployment.
kubectl rollout restart deployment argocd-server -n argocd -
Login to argocd and create application argocd.
Notes
These are some of the additional comments.
Access The Argo CD API Server
Ingress > Using Haproxy ingress controller
Currently using a two ingress objects one for UI (HTTP) and another for CLI access (GRPC)
For this to work the API server should then be run with TLS disabled. Edit the argocd-server deployment to add the --insecure flag to the argocd-server command:
kubectl edit deployment argocd-server -n argocd
spec:
template:
spec:
name: argocd-server
containers:
- command:
- /argocd-server
- --staticassets
- /shared/app
- --repo-server
- argocd-repo-server:8081
- --insecure
Restart deployment after change.
kubectl rollout restart deployment argocd-server -n argocd
Note: Can't login to the GRPC endpoint using the CLI yet - I Think GRPC is blocked for that host and needs to open up. Need further investigation on that. For the time being I am going to use port forwarding for CLI.
Create Secret
https://github.com/vdsharma/argocd/wiki/SSO#important-notes-about-environment-variables-and-secrets
HTTP ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: argo-http
namespace: argocd
spec:
rules:
- host: argocd.example.com
http:
paths:
- backend:
serviceName: argocd-server
servicePort: http
tls:
- hosts:
- argocd.example.com
secretName: argocd-secret
status:
loadBalancer:
ingress:
- {}
GRPC Ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: argo-grpc
namespace: argocd
spec:
rules:
- host: argocdgrpc.example.com
http:
paths:
- backend:
serviceName: argocd-server
servicePort: https
tls:
- hosts:
- argocdgrpc.example.com
secretName: argocd-secret
status:
loadBalancer:
ingress:
- {}
Ingress config using HaProxy ingress controller using SSL Passthrough
I am going to try to set this up later, once the GRPC issue is resolved.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
ingress.kubernetes.io/ingress.class: haproxy
ingress.kubernetes.io/ssl-passthrough: enabled
ingress.kubernetes.io/ssl-redirect: "ON"
name: argocd-service-ingress
namespace: argocd
spec:
rules:
- host: argocd.example.com
http:
paths:
- backend:
serviceName: argocd-server
servicePort: http
tls:
- hosts:
- argocd.example.com
secretName: argocd-secret
status:
loadBalancer:
ingress:
- {}
Haproxy annotations for ssl passthrough
ingress.kubernetes.io/ingress.class: haproxy
ingress.kubernetes.io/ssl-passthrough: enabled
ingress.kubernetes.io/ssl-redirect: "ON"