Deploying ArgoCD on Kubernetes

To make management off applications easier on the Kubernetes cluster, I deployed ArgoCD. In this post I will guide you through the setup.

Deploying ArgoCD on Kubernetes
Photo by Cosiela Borta / Unsplash

The Kubernetes cluster I deployed last time gets used by more people than just me. Not all of those people have the time to learn the complex in and outs of Kubernetes. So we needed a simple dashboard that allows us to deploy and manage applications on the cluster. We settled on ArgoCD, it can use templates from different types of repositories and deploy them with parameters on the cluster.

Installation

The installation is as simple as downloading the latest yaml file and applying it to your cluster. All version can be found on their GitHub page, but the url we use will fetch the latest version.

curl -L https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml -o argocd.yaml
kubectl -n argocd apply -f argocd.yaml 

Ingress

When ArgoCD has been deployed, an ingress route will have to be created. As ArgoCD uses https in the backend, we have to specify this in the yaml file with the tls-acme, ssl-passthrough en backend-protocol options.

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: argocd-server-ingress
  namespace: argocd
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prd
    kubernetes.io/ingress.class: public
    kubernetes.io/tls-acme: "true"
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  tls:
    - hosts:
        - argo.hostname.tld
      secretName: argocd-secret
  rules:
    - host: argo.hostname.tld
      http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service: 
              name: argocd-server
              port:
                name: https

Next we apply this yaml file: kubectl -n argocd apply -f ingress.yaml.

AzureAD

To configure ArgoCD we use ConfigMaps. We can use this to authenticate to Azure AD. To do this we need to create a new app registration in Azure AD, and a client secret. Fill the correct details in the example below and apply it using kubectl -n argocd apply -f config.yaml.

---
apiVersion: v1
kind: ConfigMap
metadata:
  labels:
    app.kubernetes.io/name: argocd-cm
    app.kubernetes.io/part-of: argocd
  name: argocd-cm
  namespace: argocd
data:
  url: https://argo.access2it.be
  oidc.config: |
    name: Azure
    issuer: https://login.microsoftonline.com/<Directory (tenant) ID>/v2.0
    clientID: <Application (client) ID>
    clientSecret: <Client Secret>
    requestedIDTokenClaims:
      groups:
        essential: true
    requestedScopes:
      - openid
      - profile
      - email