Skip to content
/ cd Public

Home continuous delivery ops using ArgoCD

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

JosBritton/cd

BranchesTags

Repository files navigation

cd

Prerequisites

  1. Working Kubernetes cluster
  2. Working kubectl config
kubectl get nodes
NAME                            STATUS   ROLES           AGE     VERSION
k8s1.private.swifthomelab.net   Ready    control-plane   3m54s   v1.28.6
k8s2.private.swifthomelab.net   Ready    control-plane   3m36s   v1.28.6
k8s3.private.swifthomelab.net   Ready    control-plane   3m3s    v1.28.6

Initial installation on bare cluster

(ArgoCD-cli installation not necessary)

  1. Bootstrap ArgoCD and wait for it to come up
kubectl create namespace argocd
kubectl apply -n argocd -k bootstrap/install && kubectl -n argocd rollout status deployment argocd-server
  1. Install base applications (argo-cd, root, cluster-resources)
kubectl apply -f bootstrap/

Base application definition

  • argo-cd manages argo-cd installtion itself, reconciles ownership of resources after initial installation with step 1.
  • root manages applications in 'app-of-apps' pattern on default project
  • cluster-resources owns global cluster resources that should be preserved on application deletion (like the argocd namespace)

  1. Update ArgoCD user password

    1. Generate password hash using bcrypt (Python implementation)
    python3 -I
    >>> import bcrypt
>>> print(bcrypt.hashpw(b'YOUR-PASSWORD-HERE', bcrypt.gensalt()).decode())
>>> exit()
    1. Create ArgoCD admin secret with new hash
    kubectl apply -f ./secrets/argocd.yaml
    # ./secrets/argocd.yaml
apiVersion: v1
stringData:
  admin.password: YOUR-PASSWORD-HASH
kind: Secret
metadata:
  labels:
    app.kubernetes.io/name: argocd-secret
    app.kubernetes.io/part-of: argocd
  name: argocd-secret
  namespace: argocd
type: Opaque
    1. Update password mtime
    kubectl -n argocd patch secret argocd-secret \
    -p '{"stringData": {"admin.passwordMtime": "'$(date +%FT%T%Z)'"}}'

    You could also install the ArgoCD CLI and update passwords via

    argocd account update-password

  2. Forward ArgoCD server on loopback port 8443/HTTPS

kubectl port-forward svc/argocd-server -n argocd 8443:443

  1. Sign-in to ArgoCD via web UI using new password

  2. Manually sync all applications

  1. Restart admin server to apply HTTPs patch
kubectl -n argocd rollout restart deployment argocd-server && kubectl -n argocd rollout status deployment argocd-server
  1. ArgoCD is now available at ingress (done)

Note: https://kubernetes.default.svc is the default address for the local cluster that ArgoCD is installed in. If ArgoCD should manage an external cluster, this address must be changed.

This repository follows the app of apps pattern described here. Manual pinning of cluster version and strict access control is necesarry due to the inherent danger of auto-bootstrapping clusters.

Signing-in to Kubernetes dashboard

kubectl -n kubernetes-dashboard create token admin
kubectl -n kubernetes-dashboard get secret admin -o jsonpath={".data.token"} | base64 -d

About

Home continuous delivery ops using ArgoCD

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages