Documentation
Devops
Installing ArgoCD into Kubernetes

Installing ArgoCD into Kubernetes

Overview

ArgoCD is a continuous delivery platform for kubernetes, and is a driver in the “GitOps” mentality.

Create Custom CA secrets

We will need to provide our custom CA as secrets to the argocd pods, so it can access resources without TLS errors.

First, copy any ca bundles you wish to add to your working directory, and then we will create a kubernetes secret associated with that.

kubectl create secret generic weepynet-ca-cert --from-file=weepynet.root.ca.crt=weepynet.root.ca.crt
kubectl create secret generic weepytests-ca-cert --from-file=weepytests.com.rootca.crt=weepytests.com.rootca.crt

Create Argo CD Helm

Add the helm repo:

helm repo add argo https://argoproj.github.io/argo-helm
helm repo update

Create a values.yaml file with the following configuration

values.yaml

configs:
  params:
    server.insecure: "true"
global:
  domain: argocd.weepynet.com

Install ArgoCD with helm and using our custom values file

helm install weepynet-argo-cd argo/argo-cd -f values.yaml

Get the admin password:

kubectl -n default get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

Next, we need to add a traefik ingress rule to allow access to our ArgoCD server from the network.

argo-ingress.yaml

apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: argocd
  namespace: default
spec:
  entryPoints:
    - web
    - websecure
  routes:
    - match: Host(`argocd.weepynet.com`)
      kind: Rule
      services:
        - name: weepynet-argo-cd-argocd-server
          port: 80
      middlewares:
        - name: redirect-https

Now, we apply this ingress rule to get Traefik redirecting the requests for us.

kubectl apply -f argo-ingress.yaml

You should now be able to go to the url (argocd.weepynet.com in this example) in your browser and get the ArgoCD login page. If you are getting an error about too many redirects, refer to this stack overflow setting. It seems the server.insecure setting doesn’t always get respected and you will need to potentially modify some config maps.

Adding a User

To add a user to ArgoCD, we will need to first do a dump of the running configmap

kubectl get cm argocd-cm -o yaml > argocd-cm.yaml

We will then need to edit the yaml, and add the following information to the top of the data block:

accounts.ACCOUNTNAME: permissions

Where ACCOUNTNAME is the name of the account you wish to add, and permissions is one of three possibilities:

  1. apiKey
  2. login
  3. login, apiKey

Example:

...
data:
  accounts.homepage: apiKey
  accounts.blair: apiKey, login
...

Now we apply this config map back to the cluster:

kubectl apply -f argocd-cm.yaml

Adding Custom Certificates

Modify the values file to add the custom CA certs

values.yaml

configs:
  params:
    server.insecure: "true"
global:
  domain: argocd.weepynet.com
controller:
  volumeMounts:
    - name: custom-ca-certificates
      mountPath: /etc/ssl/certs/weepynet.root.ca.crt
      subPath: weepynet.root.ca.crt
    - name: weepytests-ca-certificate
      mountPath: /etc/ssl/certs/weepytets.com.rootca.crt
      subPath: weepytets.com.rootca.crt
  volumes:
    - name: custom-ca-certificates
      secret:
        defaultMode: 420
        secretName: weepynet-ca-cert
    - name: weepytests-ca-certificate
      secret:
        defaultMode: 420
        secretName: weepytests-ca-cert
repoServer:
  volumeMounts:
    - name: custom-ca-certificates
      mountPath: /etc/ssl/certs/weepynet.root.ca.crt
      subPath: weepynet.root.ca.crt
    - name: weepytests-ca-certificate
      mountPath: /etc/ssl/certs/weepytets.com.rootca.crt
      subPath: weepytets.com.rootca.crt
  volumes:
    - name: custom-ca-certificates
      secret:
        defaultMode: 420
        secretName: weepynet-ca-cert
    - name: weepytests-ca-certificate
      secret:
        defaultMode: 420
        secretName: weepytests-ca-cert
server:
  volumeMounts:
    - name: custom-ca-certificates
      mountPath: /etc/ssl/certs/weepynet.root.ca.crt
      subPath: weepynet.root.ca.crt
    - name: weepytests-ca-certificate
      mountPath: /etc/ssl/certs/weepytets.com.rootca.crt
      subPath: weepytets.com.rootca.crt
  volumes:
    - name: custom-ca-certificates
      secret:
        defaultMode: 420
        secretName: weepynet-ca-cert
    - name: weepytests-ca-certificate
      secret:
        defaultMode: 420
        secretName: weepytests-ca-cert

Now, upgrade the helm chart

helm upgrade weepynet-argo-cd argo/argocd -f values.yaml

At this point, your argo should be up and running, users created, and ready to start deployment!

Installing Authentik into KubernetesInstallation and Configuration of Gitlab