As we have seen recent adaptation to new concept are very quick and also it helps to simplifies lot of complex or manual works. Like wise we have seen the changes from monolithic to microservices which introduced with containers and then we got best container orchestration tool called Kubernetes. Which growing like anything on all the places, part of that, for still further simplification of ops works and deployment section, recently GitOps growing faster among enterprises.
You may ask what is GitOps: “GitOps is an operating model pattern for cloud-native applications & Kubernetes storing application & declarative infrastructure code in Git as the source of truth used for automated continuous delivery.” GitOps keep Git at the centre of continuous delivery making git the Source of Truth describing the desired state of your entire system. You can read more about GitOps on our recent post for better understanding. https://foxutech.com/lets-understand-about-gitops/
As mentioned in the GitOps post, one the secure way for GitOps deployment is pull based, in the pull-based deployments “operator” is key tool. Operators are nothing but software agents that continuously monitor the apps running on the Kubernetes and compares the live state of the apps with desired state defined on the Git repository. These GitOps Operators ensure the desired state is in place on your Kubernetes clusters performing create, update, delete activities on your Kubernetes clusters as needed. To achieve this, we may need some solution tool for that, as like FluxCD or ArgoCD.
In this post we are going to see about ArgoCD, like what is that and how to install, configure and manage it. Please be noted, we are using AKS to install the ArgoCD.
What is ArgoCD?
Argo CD is a tool which will read your environment configuration (written either as a helm chart, kustomize files, jsonnet or plain yaml files) from your git repository and apply it to your Kubernetes namespaces. Some of the features of Argo CD are: declarative and version-controlled application deployments.
Argo CD automates the deployment of the desired application states in the specified target environments. Application deployments can track updates to branches, tags, or pinned to a specific version of manifests at a Git commit.
Prerequisites
- Azure Kubernetes Service up and running, if you don’t have one, please follow the steps with terraform to create it. https://foxutech.com/how-to-create-azure-kubernetes-service-using-terraform/
- Kubectl installed in the VM or machine you are going to manage the AKS.
- Have a kubeconfig file (default location is
~/.kube/config
).
Deploy ArgoCD on AKS
Before starting we should create a dedicated namespace, let’s create a namespace for Argo CD to deploy all of its components.
# kubectl create namespace argocd
Now we can install Argo CD in argocd namespace we created. This is quite simple; we can use Argo CD’s GitHub repository for the latest Argo CD operator. Use the below command to deploy it.
# kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yamlOutput:
customresourcedefinition.apiextensions.k8s.io/applications.argoproj.io created
customresourcedefinition.apiextensions.k8s.io/applicationsets.argoproj.io created
customresourcedefinition.apiextensions.k8s.io/appprojects.argoproj.io created
serviceaccount/argocd-application-controller created
serviceaccount/argocd-applicationset-controller created
serviceaccount/argocd-dex-server created
serviceaccount/argocd-notifications-controller created
serviceaccount/argocd-redis created
serviceaccount/argocd-server created
role.rbac.authorization.k8s.io/argocd-application-controller created
role.rbac.authorization.k8s.io/argocd-applicationset-controller created
role.rbac.authorization.k8s.io/argocd-dex-server created
role.rbac.authorization.k8s.io/argocd-notifications-controller created
role.rbac.authorization.k8s.io/argocd-server created
clusterrole.rbac.authorization.k8s.io/argocd-application-controller created
clusterrole.rbac.authorization.k8s.io/argocd-server created
rolebinding.rbac.authorization.k8s.io/argocd-application-controller created
rolebinding.rbac.authorization.k8s.io/argocd-applicationset-controller created
rolebinding.rbac.authorization.k8s.io/argocd-dex-server created
rolebinding.rbac.authorization.k8s.io/argocd-notifications-controller created
rolebinding.rbac.authorization.k8s.io/argocd-redis created
rolebinding.rbac.authorization.k8s.io/argocd-server created
clusterrolebinding.rbac.authorization.k8s.io/argocd-application-controller created
clusterrolebinding.rbac.authorization.k8s.io/argocd-server created
configmap/argocd-cm created
configmap/argocd-cmd-params-cm created
configmap/argocd-gpg-keys-cm created
configmap/argocd-notifications-cm created
configmap/argocd-rbac-cm created
configmap/argocd-ssh-known-hosts-cm created
configmap/argocd-tls-certs-cm created
secret/argocd-notifications-secret created
secret/argocd-secret created
service/argocd-applicationset-controller created
service/argocd-dex-server created
service/argocd-metrics created
service/argocd-notifications-controller-metrics created
service/argocd-redis created
service/argocd-repo-server created
service/argocd-server created
service/argocd-server-metrics created
deployment.apps/argocd-applicationset-controller created
deployment.apps/argocd-dex-server created
deployment.apps/argocd-notifications-controller created
deployment.apps/argocd-redis created
deployment.apps/argocd-repo-server created
deployment.apps/argocd-server created
statefulset.apps/argocd-application-controller created
networkpolicy.networking.k8s.io/argocd-application-controller-network-policy created
networkpolicy.networking.k8s.io/argocd-dex-server-network-policy created
networkpolicy.networking.k8s.io/argocd-redis-network-policy created
networkpolicy.networking.k8s.io/argocd-repo-server-network-policy created
networkpolicy.networking.k8s.io/argocd-server-network-policy created
Once all completed, you can list all the resources created in argocd namespace.
Access The Argo CD API Server
By default, the Argo CD API server is not exposed with an external IP. To access the API server, choose one of the following techniques to expose the Argo CD API server:
Service Type Load Balancer
Change the argocd-server service type to LoadBalancer
:
# kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "LoadBalancer"}}'
Now you will be able to see that the argocd-server service type has been changed to a LoadBalancer type. This means that it now has a public Azure load balancer attached to it with an external IP.
# kubectl get svc -n argocd
NOTE: This is not recommended in production environments. Only use in a lab or dev environment. In production environments, it is recommended to use an ingress for the Argo CD API server that is secured.
Ingress
Follow the ingress documentation on how to configure Argo CD with ingress.
Login Using The CLI
The initial password for the admin
account is auto-generated and stored as clear text in the field password
in a secret named argocd-initial-admin-secret
in your Argo CD installation namespace. You can simply retrieve this password using kubectl
:
# kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo
Warning
You should delete the argocd-initial-admin-secret
from the Argo CD namespace once you changed the password. The secret serves no other purpose than to store the initially generated password in clear and can safely be deleted at any time. It will be re-created on demand by Argo CD if a new admin password must be re-generated.
Using the username admin
and the password from above, login to Argo CD’s IP or hostname:
To install argoCD, please use following command,
# curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64
# chmod +x /usr/local/bin/argocd# argocd login <ARGOCD_SERVER>
That’s it for now! we have Argo CD deployed on your AKS cluster. In coming posts will see how to deploy a app using argoCD and also how to integrate with GIT repository.