Low Orbit Flux Logo 2 F

Argo CD



kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

Turn off TLS because supposedly Traefik ingress needs this turned off and will handle it for me ( probably, I think ). No indentation for that first line “data:”.



kubectl edit configmap argocd-cmd-params-cm -n argocd

data:
  server.insecure: "true"

or patch it like this:



kubectl patch configmap argocd-cmd-params-cm -n argocd --type merge -p '{"data":{"server.insecure":"true"}}'
kubectl rollout restart deployment argocd-server -n argocd

Client install ( Arch, MacOS, or generic Linux :



brew install argocd
pacman -S argocd


curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64
sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd
rm argocd-linux-amd64

Change to load balancer:



kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "LoadBalancer"}}'

Or setup an ingress for: * svc/argocd-server * 443 ( 80 redirects to this )

Traefik ingress

Supposed to be 80 for ingress acording to docs but doesn’t work. can connect if I use 443 but gives internal server error.



apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: argocd-server
  namespace: argocd
spec:
  entryPoints:
    - websecure
  routes:
    - kind: Rule
      match: Host(`argocd.lab.net`)
      priority: 10
      services:
        - name: argocd-server
          port: 443
    - kind: Rule
      match: Host(`argocd.lab.net`) && Header(`Content-Type`, `application/grpc`)
      priority: 11
      services:
        - name: argocd-server
          port: 443
          scheme: h2c
  tls:
    certResolver: default

Hitting the clusterIP works ( hitting the pod just resulted in redirects ): hitting the



curl -k 10.42.0.67:8080           # works
curl -k http://10.43.67.146:443  # hitting the clusterIP works  ( https on 443 )
https://argocd.lab.net/           # hitting the ingress gives bad gateway

Check logs:



kubectl logs -n argocd deployment/argocd-server




argocd admin initial-password -n argocd  # get initial password, then delete the secret

Login and change password:



argocd login argocd.lab.net
argocd login  argocd.lab.net --insecure       # ingress not working  FAIL
argocd login  10.43.67.146:443  --insecure    # clusterIP
argocd account update-password

Add a cluster ( or stick with current cluster which works by default ):



kubectl config get-contexts -o name       # list all clusters contexts in your current kubeconfig:
argocd cluster add cluster1               # use this cluster context

Ingress is broken, instead patched to use nodeport. This is working great.



kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "NodePort"}}'

This totally works ( nodeport ):

Create app with CLI:



kubectl config set-context --current --namespace=argocd

argocd app create guestbook --repo https://github.com/argoproj/argocd-example-apps.git --path guestbook --dest-server https://kubernetes.default.svc --dest-namespace default

argocd app get guestbook    # view status
argocd app sync guestbook   # sync (deploy) the application  ( pull and kubectl apply the manifest )

Some argo commands:



  920  argocd proj list
  921  argocd cluster list
  922  argocd account list
  923  history
  924  argocd app list

Using the GUI:

Application Name guestbook
Project Name default
SYNC Policy Manual
Repository URL https://github.com/argoproj/argocd-example-apps.git
Revision HEAD
Path guestbook
Cluster URL https://kubernetes.default.svc
Namespace default