2 min read CI/CD

Provision ArgoCD

Install Cert Manager

We need certificates to be securely logon to the Argo CD UI. Certificate provisioning can be a very painful process. cert-manager makes it easy to create, obtain and renew certificates. It adds certificates and certificate issuers as custom resource types in kubernetes. We can install cert-manager as below

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.3/cert-manager.yaml

We can verify that all components of cert manager are installed and running as below

kubectl get pods --namespace cert-manager

And lastly, create a CA cluster issuer. This will tell cert-manager to issue certificates for certificate requests across the cluster.

cat << EOF | kubectl apply -f -
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: [email protected]
    privateKeySecretRef:
      name: letsencrypt
    solvers:
    - http01:
        ingress:
          class: nginx
          podTemplate:
            spec:
              nodeSelector:
                "kubernetes.io/os": linux
EOF

kubectl describe clusterissuer letsencrypt

Install ArgoCD

Now, for the good part, let’s install Argo CD with a TLS ingress.

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

Next, you’re going to deploy the Ingress rules to be able to reach ArgoCD’s UI using HTTPS.

cat << EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: argocd-server-ingress
  namespace: argocd
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
    kubernetes.io/tls-acme: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  ingressClassName: "nginx"
  rules:
  - host: argocd.yourdomain.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: argocd-server
            port:
              name: https
  tls:
  - hosts:
    - argocd.yourdomain.com
    secretName: argocd-secret
EOF

See Certificate & Ingress Status

kubectl get certificate -n argocd
kubectl describe certificate argocd-secret -n argocd
kubectl get ingress -n argocd

Open your browser with your custom address for Argo https://yourdomain.com. Note: it can take about 5 minutes for the Let’s Encrypt certificate to be assigned.

To login, get the initial password via a Kubernetes secret. The username is admin

kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo
8sGyfr7jnGPAm1kW

Published by:

Raja Haikal

You might also like...

Feb
03

Set Up SSH to Use Two-Factor Authentication

Enhance the security of your SSH access by adding two-factor authentication (2FA) for an extra layer of protection on your
5 min read
Jan
20

Backup Restore Kubernetes with Velero & Swift

Hello World! Pada Artikel kali ini saya mau sharing ringan terkait riset yang sudah saya coba terkait Backup Restore Kubernetes
5 min read
Jan
15

Using RadosGW as a drop-in replacement for Swift

Hello Folks! Artikel ini lebih seperti catatan untuk diri sendiri, tetapi ini mungkin membantu jika anda mencari cara untuk mengintegrasikan
6 min read
Jan
10

Implement Oauth2 Proxy on Kubernetes

Sometimes, we may want to add authentication features to our service running on Kubernetes, but the application itself does not
5 min read
Dec
09

Proxying External Services Using Kubernetes Services

There are various reasons why setting up external service proxying from a Kubernetes cluster becomes essential. For example: * Managing a
2 min read

Member discussion