Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Integration with Argo CD

Written by
Updated at November 21, 2025

Argo CD is a declarative GitOps tool for continuous delivery to Kubernetes.

This tutorial describes how to set up integration between a Yandex Managed Service for GitLab instance and a Managed Service for Kubernetes cluster running Argo CD and GitLab Runner to build Docker containers with Kaniko.

To integrate Argo CD with Managed Service for Kubernetes and Managed Service for GitLab:

  1. Create a GitLab instance.
  2. Configure GitLab.
  3. Create a GitLab Runner.
  4. Set up an application repository for deployment.
  5. Deploy your application using Argo CD.

If you no longer need the resources you created, delete them.

The support cost for this solution includes:

Getting started

Set up your infrastructure

  1. If you do not have a network yet, create one.

  2. If you do not have any subnets yet, create them in the availability zones where the new Managed Service for Kubernetes cluster and node group will reside.

  3. Create these service accounts:

    Tip

    You can use the same service account to manage your Managed Service for Kubernetes cluster and its node groups.

  4. Create security groups for the Managed Service for Kubernetes cluster and its node groups.

    Warning

    The configuration of security groups determines the performance and availability of the cluster and the services and applications running in it.

  5. Create a security group for the Managed Service for GitLab instance.

  6. Create a Managed Service for Kubernetes cluster and node group. When creating a Managed Service for Kubernetes cluster, specify the previously created service accounts for resources and nodes, as well as the security groups for the cluster.

  7. Create a Yandex Container Registry.

  8. Save the registry ID, as you will need it at the next steps.

  1. If you do not have Terraform yet, install it.

  2. Get the authentication credentials. You can add them to environment variables or specify them later in the provider configuration file.

  3. Configure and initialize a provider. There is no need to create a provider configuration file manually, you can download it.

  4. Place the configuration file in a separate working directory and specify the parameter values. If you did not add the authentication credentials to environment variables, specify them in the configuration file.

  5. Download the k8s-argocd.tf Managed Service for Kubernetes cluster configuration file to the same working directory. This file describes:

    • Network.

    • Subnet.

    • Managed Service for Kubernetes cluster.

    • Service account for Managed Service for Kubernetes resources and nodes.

    • Container Registry.

    • Security groups which contain rules required for the Managed Service for Kubernetes cluster and its node groups.

      These security groups also include the rules required for the Managed Service for GitLab instance and Container Registry.

      Warning

      The configuration of security groups determines the performance and availability of the cluster and the services and applications running in it.

  6. Specify the following in the configuration file:

    • Folder ID.
    • Kubernetes version for the Managed Service for Kubernetes cluster and node groups.
    • Managed Service for Kubernetes cluster CIDR.
    • Name of the service account for Managed Service for Kubernetes resources and nodes.
    • Name of the Container Registry.

  7. Make sure the Terraform configuration files are correct using this command:

    terraform validate

    Terraform will show any errors found in your configuration files.

  8. Create the required infrastructure:

    1. Run this command to view the planned changes:

      terraform plan

      If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.

    2. If everything looks correct, apply the changes:

      1. Run this command:

        terraform apply

      2. Confirm updating the resources.

      3. Wait for the operation to complete.

    All the required resources will be created in the specified folder. You can check resource availability and their settings in the management console.

Install additional dependencies

Install the following tools in the local environment:

Create a GitLab instance

Create either a Managed Service for GitLab instance or a VM with a GitLab image in the same cloud network as the Managed Service for Kubernetes cluster.

Create a Managed Service for GitLab instance by following this guide.

Launch GitLab on a VM with a public IP.

  1. On the folder page in the management console, click Create resource and select Virtual machine instance.

  2. Under Boot disk image, in the Product search field, enter Gitlab and select a public GitLab image.

  3. Under Location, select an availability zone to place your VM in. If you do not know which availability zone you need, leave the default one.

  4. Under Computing resources, navigate to the Custom tab and specify the required platform, number of vCPUs, and the amount of RAM:

    • Platform: Intel Ice Lake.
    • vCPU: 4.
    • Guaranteed vCPU performance: 100%.
    • RAM: 8 GB.

  5. Under Network settings:

    • In the Subnet field, select the network and subnet to connect your VM to. If the required network or subnet is not listed, create it.
    • Under Public IP address, keep Auto to assign your VM a random external IP address from the Yandex Cloud pool or select a static address from the list if you reserved one in advance.

  6. Under Access, select SSH key and specify the VM access data:

    • Under Login, enter the username. Do not use root or other names reserved by the OS. To perform operations requiring superuser permissions, use the sudo command.

    • In the SSH key field, select the SSH key saved in your organization user profile.

      If there are no SSH keys in your profile or you want to add a new key:

      1. Click Add key.

      2. Enter a name for the SSH key.

      3. Select one of the following:

        • Enter manually: Paste the contents of the public SSH key. You need to create an SSH key pair on your own.

        • Load from file: Upload the public part of the SSH key. You need to create an SSH key pair on your own.

        • Generate key: Automatically create an SSH key pair.

          When adding a new SSH key, an archive containing the key pair will be created and downloaded. In Linux or macOS-based operating systems, unpack the archive to the /home/<user_name>/.ssh directory. In Windows, unpack the archive to the C:\Users\<user_name>/.ssh directory. You do not need additionally enter the public key in the management console.

      4. Click Add.

      The system will add the SSH key to your organization user profile. If the organization has disabled the ability for users to add SSH keys to their profiles, the added public SSH key will only be saved in the user profile inside the newly created resource.

  7. Under General information, specify the VM name: ci-tutorial-gitlab.

  8. Click Create VM.

It may take a few minutes to create the VM. When the VM status changes to RUNNING and GitLab starts, configure its settings.

Configure GitLab

To configure GitLab and enable Continuous Integration (CI), create a new project and enter the CI authorization parameters:

  1. Log in to the Managed Service for GitLab instance web interface.

  2. Click Create a project.

  3. Click Create blank project.

  4. Fill in the fields as follows:

    • Project name: gitlab-test.
    • Project URL: Select the administrator user in the field next to the Managed Service for GitLab instance FQDN.

    Leave the other fields unchanged.

  5. Click Create project.

  1. On the Yandex Compute Cloud page, select the created VM and copy its public IP.

  2. Connect to the VM over SSH.

  3. Get the GitLab administrator password with the following VM command:

    sudo cat /etc/gitlab/initial_root_password

  4. Copy the password without spaces from the Password line to the clipboard or a separate file.

  5. In your browser, open http://<VM_public_IP_address>. This will take you to the GitLab web interface.

  6. Log in as the administrator:

    • Username or email: root.
    • Password: Password you copied in the previous step.

    If you are unable to log in, reset the administrator password.

  7. Change the administrator password.

  8. Log in as the administrator with the new password.

  9. Select Create a project.

  10. Specify the project name: gitlab-test.

  11. Click Create project.

Create a GitLab Runner

To run build tasks in the Yandex Managed Service for Kubernetes cluster, create a GitLab Runner. To do this, install GitLab Runner by following this guide.

Once it is installed, you can run automated builds inside your Managed Service for Kubernetes cluster.

For more information about installing and running GitLab Runner, see the GitLab documentation.

Set up an application repository for deployment

  1. Get an authorized key for the previously created service account with the container-registry.images.puller and container-registry.images.pusher roles:

    yc iam key create --service-account-name <name_of_service_account_for_nodes> -o key.json

  2. Save the contents of the key to use it later:

    cat key.json | base64

  3. Create GitLab environment variables:

    1. In GitLab, navigate to Settings in the left-hand panel and select CI/CD from the drop-down list.

    2. Click Expand next to Variables.

    3. Add these environment variables:

      • CI_REGISTRY: Address of the previously created registry in cr.yandex/<registry_ID> format.
      • CI_REGISTRY_USER: json_key.
      • CI_REGISTRY_PASSWORD: Output of cat key.json | base64.

      To add a variable:

      1. Click Add variable.
      2. In the window that opens, specify the variable name in the Key field and its value in the Value field.
      3. Click Add variable.

  4. Set up access to the repository:

    1. Generate a new pair of SSH keys or use an existing one.
    2. Add a public part of the SSH key to the GitLab account settings.

  5. Clone the repository:

    git clone git@<instance_name>.gitlab.yandexcloud.net:<admin_username>/gitlab-test.git

  6. Clone the yc-webinar-gitops-argo-crossplane repository to your computer:

    git clone https://github.com/yandex-cloud-examples/yc-webinar-gitops-argo-crossplane.git

  7. Copy all yc-webinar-gitops-argo-crossplane/02-argocd/app directory files, including hidden ones, to the gitlab-test directory:

    cp -rT <path_to_app_directory> <path_to_gitlab-test_directory>

  8. Commit the changes to gitlab-test and push them to the repository:

    git add . && \
git commit -m "Add app src and CI" && \
git push

  9. This will run the build script. To view its progress, in the left-hand panel in GitLab, select BuildPipelines. Wait for both build steps to complete.

  10. Open the completed build and copy the following line from the log (you will need it at the next step):

    INFO[0025] Pushing image to cr.yandex/<registry_ID>/<admin_username>/gitlab-test:main.<commit_number>

Deploy your application using Argo CD

Install Argo CD in the Managed Service for Kubernetes cluster

  1. Install Argo CD by following this guide.

    Warning

    Kubernetes node groups require internet access to download images and components.

    Internet access can be provided through:

  2. Get the admin password from the Kubernetes secret:

    kubectl --namespace <namespace> get secret argocd-initial-admin-secret \
  --output jsonpath="{.data.password}" | base64 -d

  3. Set up ArgoCD port forwarding to your local computer:

    kubectl port-forward service/<Argo_CD_app_name>-argocd-server \
  --namespace <namespace> 8080:443

  4. Open the Argo CD console at https://127.0.0.1:8080 in your browser.

  5. Log in to the console as admin using the password you got earlier.

Add the GitLab repository to Argo CD

  1. In GitLab, navigate to Settings in the left-hand panel and select Access Tokens from the drop-down list.

  2. Create a new token with the following settings:

    • Token name: argocd.
    • Select a role: Maintainer.
    • Select scopes: read_repository.

  3. Click Create project access token.

  4. Copy the token value.

  5. In the Argo CD console, go to SettingsRepositories.

  6. Click Connect Repo and select VIA HTTPS from the list.

    Note

    If you get the FATA[0000] rpc error: code = Unknown desc = error testing repository connectivity: authorization failed error when connecting a repository, enable access to GitLab via HTTP(S).

    To enable access, in the left-hand panel in GitLab, select Admin → Settings → General. Under Visibility and access controls, find the Enabled Git access protocols setting and select the option that allows HTTP(S) access from the list.

    For more information, see this GitLab guide.

  7. In the form that opens, specify the following settings:

    • Repository URL: Repository URL in https://<GitLab_instance_name>.gitlab.yandexcloud.net/<admin_username>/gitlab-test.git format.
    • Username: gitlab-ci-token.
    • Password: Previously generated GitLab token.

  8. Click Connect.

  9. In the Argo CD console, go to Applications and click Create Application.

  10. In the form that opens, specify the following settings:

    • Application Name: gitlab-test.
    • Project: default.
    • Sync policy: Automatic, then select Prune resources and Self Heal.
    • Sync options: Select Auto-Create Namespace.
    • Repository URL: Specify the repository URL in https://<GitLab_instance_name>.gitlab.yandexcloud.net/<admin_username>/gitlab-test.git format.
    • Path: .helm.
    • Cluster URL: https://kubernetes.default.svc.
    • Namespace: gitlab-test.
    • image.repository: cr.yandex/<registry_ID>/<admin_username>/gitlab-test.
    • image.tag: main.<commit_number>.

  11. Click Create and wait for the synchronization to complete.

  12. To check that the application is running, use the following command in the Managed Service for Kubernetes cluster:

    kubectl get all -n gitlab-test

    Result:

    NAME                               READY   STATUS    RESTARTS   AGE
pod/gitlab-test-67c8d58bc4-6w4q7   1/1     Running   0          2m26s
pod/gitlab-test-67c8d58bc4-sldpc   1/1     Running   0          2m26s

NAME                  TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
service/gitlab-test   ClusterIP   10.96.186.223   <none>        80/TCP    2m26s

NAME                          READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/gitlab-test   2/2     2            2           2m26s

NAME                                     DESIRED   CURRENT   READY   AGE
replicaset.apps/gitlab-test-67c8d58bc4   2         2         2       2m26s

Test auto-syncing from the repository

  1. Go to the directory with the cloned project and open the .helm/values.yaml file.

  2. Set replicaCount to 3.

  3. Save the changes and push them to the repository:

    git add . && \
git commit -m "Increase replica count" && \
git push

  4. In the Argo CD console, wait for the app to synchronize.

  5. Make sure the number of application pods in the Managed Service for Kubernetes cluster has increased:

    kubectl get pod -n gitlab-test

    Result:

    NAME                               READY   STATUS    RESTARTS   AGE
pod/gitlab-test-67c8d58bc4-6w4q7   1/1     Running   0          15m
pod/gitlab-test-67c8d58bc4-7hmcn   1/1     Running   0          10m
pod/gitlab-test-67c8d58bc4-sldpc   1/1     Running   0          15m

NAME                  TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
service/gitlab-test   ClusterIP   10.96.186.223   <none>        80/TCP    15m

NAME                          READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/gitlab-test   3/3     3            3           15m

NAME                                     DESIRED   CURRENT   READY   AGE
replicaset.apps/gitlab-test-67c8d58bc4   3         3         3       15m

Delete the resources you created

Some resources are not free of charge. Delete the resources you no longer need to avoid paying for them:

  1. Delete the created Docker images.

  2. Delete the Managed Service for Kubernetes cluster and Container Registry:

    1. In the terminal window, go to the directory containing the infrastructure plan.

      Warning

      Make sure the directory has no Terraform manifests with the resources you want to keep. Terraform deletes all resources that were created using the manifests in the current directory.

    2. Delete resources:

      1. Run this command:

        terraform destroy

      2. Confirm deleting the resources and wait for the operation to complete.

      All the resources described in the Terraform manifests will be deleted.

  3. Delete the GitLab VM or Managed Service for GitLab instance you created.

Previous
Invoking a load test from GitLab CI
Next
Service resource interdependencies