ArgoCD Installation and Setup

ArgoCD is one of the available and popular GitOps tools used to manage services deployed in a Kubernetes cluster. It supports several important features, such as deployment environments, single sign-on, deployment rollbacks, a dashboard to monitor deployment statuses and much more.

Installation

The installation reference is https://argo-cd.readthedocs.io/en/stable/getting_started/.

More precisely:

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

If you didn’t already, install the local argocd CLI.

Setup a port-forward to the argocd cluster:

Connect to ArgoCD via port-forward

kubectl port-forward svc/argocd-server -n argocd 8080:443

Obtain initial admin password

Now we’re able to retrieve the admin password:

argocd admin initial-password -n argocd

Connecting to ArgoCD via web UI

You should now be able to login as admin to https://localhost:8080/.

Connecting to ArgoCD via CLI

First, login via CLI. Assuming you’ve setup the port-forward as described above, you can do:

argocd login localhost:8080 --insecure

And now you should be able to run other commands such as:

argocd app list

Expose ArgoCD (or not)

This section is purposefully removed as it is not a recommended, especially by default, to expose ArgoCD to the Internet, as it has access over most of the cluster resources.

Setup

Quick Start

The following two configmaps are configured to setup ArgoCD for the CHSRC use cases.

It configures [Helm Kustomize support](#helm-kustomize-support), and configures ArgoCD to [ignore Cilium-related](#cilium-caveat) resources that are added to our clusters behind the scenes.

To configure all of this, create this file:

argocd-cm.yaml:

apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-cm
  namespace: argocd
  labels:
    app.kubernetes.io/name: argocd-cm
    app.kubernetes.io/part-of: argocd
data:
  url: https://localhost:8080/
  kustomize.buildOptions: --load-restrictor LoadRestrictionsNone --enable-helm
  # If you need to exclude some resources, use a matching pattern like below.
  # For instance, clusters using Cilium add extra resources that you may want to exclude from Argo:
  resource.exclusions: |
    - apiGroups:
      - cilium.io
      kinds:
      - CiliumIdentity
      clusters:
      - "*"

Apply:

kubectl apply -f argocd-cm.yaml -n argocd

At this point, we’re done. For more details about what we just did in this quickstart and why, see the sections below.

Helm Kustomize support

To enable helm support for kustomizations, as well as loading values files from other directories, add the following in the argocd-cm ConfigMap:

data:
  kustomize.buildOptions: --load-restrictor LoadRestrictionsNone --enable-helm

Install GitOps repo environment

Add the repo via web UI or CLI:

argocd repo add https://gitlab.com/ska-telescope/src/deployments/MYsrc/ska-src-MYsrc-services-cd.git --type git --project default --username argocd --password <gitlab_token>

Tip

The GitLab PAT is generated in GitLab under Settings > Access tokens. Give it a username (matching the command above), and at least the developer role and repository access so that it can read/clone the source. Note that the Gitlab generated token cannot be viewed after creation.

To install the environment, kubectl apply argocd-apps/<overlay>/main.yaml to start the installation of all apps for a specific environment.