If you have been in alert mode for the trends in Automation of applications development and deployment, you must have read about GitOps. GitOps is a Continuous Deployment methodology for the cloud native applications. It is focused on a developer-centric experience for Infrastructure operations, by using tools developers are already familiar with, including Git and Continuous Deployment tools.
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It follows the GitOps pattern of using Git repositories as the source of truth for defining the desired state of your applications. In ArgoCD, Application definitions, configurations, and environments should be declarative and version controlled.
Argo CD automates the deployment of the desired application states in the specified target environments. Application deployments can track updates to branches, tags, or pinned to a specific version of manifests at a Git commit.
Install ArgoCD on OpenShift Cluster / Kubernetes Cluster
Follow below steps to install ArgoCD onto your OpenShift Container Platform.
Step 1: Create Project namespace
ArgoCD will need to run on its on Namespace. Let’s create it:
### With oc command ##
oc create namespace argocd
### With kubectl command ###
kubectl create namespace argocd
You need to have configured kubectl to run the commands. You can refer to our guide below.
Step 2: Apply the ArgoCD Manifest
Next we can perform the actual installation of ArgoCD on OpenShift / Kubernetes by running the installation manifest.
### With oc command ###
mkdir argocd && cd argocd
wget https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
oc apply -n argocd -f ./install.yaml
### With kubectl command ###
mkdir argocd && cd argocd
wget https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
kubectl apply -n argocd -f ./install.yaml
Execution output:
customresourcedefinition.apiextensions.k8s.io/applications.argoproj.io created
customresourcedefinition.apiextensions.k8s.io/applicationsets.argoproj.io created
customresourcedefinition.apiextensions.k8s.io/appprojects.argoproj.io created
serviceaccount/argocd-application-controller created
serviceaccount/argocd-applicationset-controller created
serviceaccount/argocd-dex-server created
serviceaccount/argocd-notifications-controller created
serviceaccount/argocd-redis created
serviceaccount/argocd-repo-server created
serviceaccount/argocd-server created
role.rbac.authorization.k8s.io/argocd-application-controller created
role.rbac.authorization.k8s.io/argocd-applicationset-controller created
role.rbac.authorization.k8s.io/argocd-dex-server created
role.rbac.authorization.k8s.io/argocd-notifications-controller created
role.rbac.authorization.k8s.io/argocd-server created
clusterrole.rbac.authorization.k8s.io/argocd-application-controller created
clusterrole.rbac.authorization.k8s.io/argocd-server created
rolebinding.rbac.authorization.k8s.io/argocd-application-controller created
rolebinding.rbac.authorization.k8s.io/argocd-applicationset-controller created
rolebinding.rbac.authorization.k8s.io/argocd-dex-server created
rolebinding.rbac.authorization.k8s.io/argocd-notifications-controller created
rolebinding.rbac.authorization.k8s.io/argocd-server created
clusterrolebinding.rbac.authorization.k8s.io/argocd-application-controller created
clusterrolebinding.rbac.authorization.k8s.io/argocd-server created
configmap/argocd-cm created
configmap/argocd-cmd-params-cm created
configmap/argocd-gpg-keys-cm created
configmap/argocd-notifications-cm created
configmap/argocd-rbac-cm created
configmap/argocd-ssh-known-hosts-cm created
configmap/argocd-tls-certs-cm created
secret/argocd-notifications-secret created
secret/argocd-secret created
service/argocd-applicationset-controller created
service/argocd-dex-server created
service/argocd-metrics created
service/argocd-notifications-controller-metrics created
service/argocd-redis created
service/argocd-repo-server created
service/argocd-server created
service/argocd-server-metrics created
deployment.apps/argocd-applicationset-controller created
deployment.apps/argocd-dex-server created
deployment.apps/argocd-notifications-controller created
deployment.apps/argocd-redis created
deployment.apps/argocd-repo-server created
deployment.apps/argocd-server created
statefulset.apps/argocd-application-controller created
networkpolicy.networking.k8s.io/argocd-application-controller-network-policy created
networkpolicy.networking.k8s.io/argocd-applicationset-controller-network-policy created
networkpolicy.networking.k8s.io/argocd-dex-server-network-policy created
networkpolicy.networking.k8s.io/argocd-notifications-controller-network-policy created
networkpolicy.networking.k8s.io/argocd-redis-network-policy created
networkpolicy.networking.k8s.io/argocd-repo-server-network-policy created
networkpolicy.networking.k8s.io/argocd-server-network-policy createdThe pods will be started in a few seconds or minutes.
$ oc get pods -n argocd
NAME READY STATUS RESTARTS AGE
argocd-application-controller-56cc786677-jmlr7 1/1 Running 0 110s
argocd-dex-server-9755c5c9c-mpg8g 1/1 Running 0 110s
argocd-redis-8c568b5db-r6ffj 1/1 Running 0 110s
argocd-repo-server-778f98fc8f-7gttj 1/1 Running 0 110s
argocd-server-7696cd5f89-v66rn 1/1 Running 0 110sConfirm the updated Dex pod is running by executing the following command:
$ oc get pods -l=app.kubernetes.io/name=argocd-dex-server
NAME READY STATUS RESTARTS AGE
argocd-dex-server-78b8dd8b75-qvbjk 1/1 Running 0 4m49sStep 3: Get the ArgoCD Server password
Once you confirm all pods are running, get the ArgoCD Server initial password which is autogenerated.
ARGOCD_SERVER_PASSWORD=$(oc -n argocd get pod -l "app.kubernetes.io/name=argocd-server" -o jsonpath='{.items[*].metadata.name}')Confirm the password was saved:
$ echo $ARGOCD_SERVER_PASSWORD
argocd-server-67f667d48c-trhjgStep 4: Expose ArgoCD Server using OpenShift Route
We need to Patch ArgoCD Server deployment on OpenShift for the service to be exposed through the OpenShift Route:
oc -n argocd patch deployment argocd-server -p '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"argocd-server"}],"containers":[{"command":["argocd-server","--insecure","--staticassets","/shared/app"],"name":"argocd-server"}]}}}}'You should get patched in the output if this was successful.
deployment.apps/argocd-server patched
Then you can proceed to expose ArgoCD Server:
oc -n argocd create route edge argocd-server --service=argocd-server --port=http --insecure-policy=RedirectConfirm the route is created.
$ oc get route -n argocd
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
argocd-server argocd-server-argocd.apps.mycluster.example.com argocd-server http edge/Redirect NoneConfirm the web console is accessible by navigating to the location provided by executing the following command:
echo https://$(oc get routes argocd-server -o=jsonpath='{ .spec.host }')You can update the host name used in the route by editing the yaml configuration on the fly:
oc edit route -n argocdStep 5: Download Argo CD CLI
Download the latest Argo CD version from the releases page.
VERSION=$(curl --silent "https://api.github.com/repos/argoproj/argo-cd/releases/latest" | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/')
curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/download/$VERSION/argocd-linux-amd64Make the argocd CLI executable:
sudo chmod +x /usr/local/bin/argocdCheck client version:
$ argocd version --client
argocd: v2.8.0+804d4b8
BuildDate: 2023-08-07T19:41:16Z
GitCommit: 804d4b8ca6bc4c2cf02c5c971aa923ec5b8623f0
GitTreeState: clean
GoVersion: go1.20.6
Compiler: gc
Platform: linux/amd64Using the username admin and the password to login to Argo CD’s IP or hostname:
### Get route ###
ARGOCD_ROUTE=$(oc -n argocd get route argocd-server -o jsonpath='{.spec.host}')
### Get Admin password ###
ARGOCD_SERVER_PASSWORD=$(oc -n argocd get pod -l "app.kubernetes.io/name=argocd-server" -o jsonpath='{.items[*].metadata.name}')
### Login to ArgoCD API ###
argocd --insecure --grpc-web login ${ARGOCD_ROUTE}:443 --username admin --password ${ARGOCD_SERVER_PASSWORD}Change the password using the command:
argocd --insecure --grpc-web --server ${ARGOCD_ROUTE}:443 account update-password --current-password ${ARGOCD_SERVER_PASSWORD} --new-password StrOngP@ssw0rdStep 6: Access ArgoCD Dashboard
You can then access the ArgoCD console with the route URL.
The login credentials will be
Username: admin
The initial Password can be obtained with:
kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o name | cut -d'/' -f 2ArgoCD dashboard will be shown in after login.
Resetting Admin Password
By default the password is set to the name of the server pod.
To change the password, you need to:
- Edit the
argocd-secretsecret - Update the
admin.passwordfield with a new bcrypt hash.
You can use a site like https://www.browserling.com/tools/bcrypt to generate a new hash.
Here is an example.
# bcrypt(password)=$2a$10$EGMTnwQa7543lA3Ry28Y7.ZjJbsyDIzmQyAsnoGyVdyaTTM4eP5IW
kubectl -n argocd patch secret argocd-secret \
-p '{"stringData": {
"admin.password": "$2a$10$EGMTnwQa7543lA3Ry28Y7.ZjJbsyDIzmQyAsnoGyVdyaTTM4eP5IW",
"admin.passwordMtime": "'$(date +%FT%T%Z)'"
}}'Step 7: Integrating ArgoCD with OpenShift Authentication
Read through the OpenShift Authentication Integration with ArgoCD guide for complete integration.
Visit the ArgoCD documentation page to learn how applications are deployed with ArgoCD GitOps tool. Another useful resource is getting started page.
More Articles on Kubernetes / OpenShift:
How To Migrate Docker Compose Application to Kubernetes With Kompose
Run Ceph toolbox for Rook on Kubernetes / OpenShift
Add Harbor Image Registry Pull Secret to Kubernetes / OpenShift
How To Check Pod / Container Metrics on OpenShift & Kubernetes
