CI/CD

Provision ArgoCD

Raja Haikal
· 2 min read
Provision ArgoCD

Install Cert Manager

We need certificates to be securely logon to the Argo CD UI. Certificate provisioning can be a very painful process. cert-manager makes it easy to create, obtain and renew certificates. It adds certificates and certificate issuers as custom resource types in kubernetes. We can install cert-manager as below

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.3/cert-manager.yaml

We can verify that all components of cert manager are installed and running as below

kubectl get pods --namespace cert-manager

And lastly, create a CA cluster issuer. This will tell cert-manager to issue certificates for certificate requests across the cluster.

cat << EOF | kubectl apply -f -
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: [email protected]
    privateKeySecretRef:
      name: letsencrypt
    solvers:
    - http01:
        ingress:
          class: nginx
          podTemplate:
            spec:
              nodeSelector:
                "kubernetes.io/os": linux
EOF

kubectl describe clusterissuer letsencrypt

Install ArgoCD

Now, for the good part, let’s install Argo CD with a TLS ingress.

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

Next, you’re going to deploy the Ingress rules to be able to reach ArgoCD’s UI using HTTPS.

cat << EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: argocd-server-ingress
  namespace: argocd
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
    kubernetes.io/tls-acme: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  ingressClassName: "nginx"
  rules:
  - host: argocd.yourdomain.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: argocd-server
            port:
              name: https
  tls:
  - hosts:
    - argocd.yourdomain.com
    secretName: argocd-secret
EOF

See Certificate & Ingress Status

kubectl get certificate -n argocd
kubectl describe certificate argocd-secret -n argocd
kubectl get ingress -n argocd

Open your browser with your custom address for Argo https://yourdomain.com. Note: it can take about 5 minutes for the Let’s Encrypt certificate to be assigned.

To login, get the initial password via a Kubernetes secret. The username is admin

kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo
8sGyfr7jnGPAm1kW

Related Articles

Configuring Secondary Networks for KubeVirt VMs with OVN-Kubernetes

Configuring Secondary Networks for KubeVirt VMs with OVN-Kubernetes

· 5 min read
Kubevirt + Kube-OVN Live Migration

Kubevirt + Kube-OVN Live Migration

· 6 min read
Seamless Secret Management with Kubernetes Vault Secrets Operator

Seamless Secret Management with Kubernetes Vault Secrets Operator

· 7 min read
Hashicorp Vault HA Cluster with Integrated Storage (Raft) and AWS KMS Auto Unseal

Hashicorp Vault HA Cluster with Integrated Storage (Raft) and AWS KMS Auto Unseal

· 17 min read
Loneliness

Loneliness

· 2 min read
Configuring a Self-hosted Quay Registry in Private OpenShift Cluster

Configuring a Self-hosted Quay Registry in Private OpenShift Cluster

· 5 min read