Installing Argo CD
Argo CD is a declarative GitOps tool for continuous delivery to Kubernetes.
Getting started
-
If you do not have the Yandex Cloud CLI installed yet, install and initialize it.
By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the
yc config set folder-id <folder_ID>command. You can also set a different folder for any specific command using the--folder-nameor--folder-idparameter. -
Make sure that the security groups for the Managed Service for Kubernetes cluster and its node groups are configured correctly. If any rule is missing, add it.
Warning
The configuration of security groups determines the performance and availability of the cluster and the services and applications running in it.
-
Install kubect and configure it to work with the new cluster.
Installation from Yandex Cloud Marketplace
- Navigate to the folder dashboard and select Managed Service for Kubernetes.
- Click the cluster name and select the Marketplace tab.
- Under Application available for installation, select Argo CD and click Go to install.
- Configure the application:
- Namespace: Create a new namespace, e.g.,
argo-cd-space. If you leave the default namespace, Argo CD may work incorrectly. - Application name: Specify the application name.
- Namespace: Create a new namespace, e.g.,
- Click Install.
- Wait for the application status to change to
Deployed.
Installation using a Helm chart
-
Install Helm v3.8.0 or higher.
-
To install a Helm chart with Argo CD, run this command:
helm pull oci://cr.yandex/yc-marketplace/yandex-cloud/argo/chart/argo-cd \ --version 7.3.11-2 \ --untar && \ helm install \ --namespace <namespace> \ --create-namespace \ argo-cd ./argo-cd/Note
If you are using a Helm version below 3.8.0, append the
export HELM_EXPERIMENTAL_OCI=1 && \string to the command to enable Open Container Initiative (OCI) support in the Helm client.If you set
namespaceto the default namespace, Argo CD may work incorrectly. We recommend specifying a value different from all the existing namespaces, e.g.,argo-cd-space.
Access to the application
You can open Argo CD via localhost, using a dedicated IP address through a Yandex Network Load Balancer, or using a URL through an L7 Yandex Application Load Balancer. The first method is easier to configure and does not involve additional costs for load balancers. However, the application is only available through localhost as long as port redirection is active and load balancers provide continuous access to Argo CD.
Before you set up access to Argo CD, get the admin password:
kubectl --namespace <namespace> get secret argocd-initial-admin-secret \
--output jsonpath="{.data.password}" | base64 -d
You will need the password for authorization in Argo CD.
Opening the application via localhost
-
Configure Argo CD port redirection to your local computer:
kubectl port-forward service/<application_name>-argocd-server \ --namespace <namespace> 8080:443In the command, specify the application name you set during installation.
-
Go to
https://localhost:8080and log in with the administrator credentials.
Opening the application through a dedicated IP address via Network Load Balancer
-
Save the following specification for creating a
LoadBalancertype service to a file namedload-balancer.yaml. This will create you a Network Load Balancer:apiVersion: v1 kind: Service metadata: name: argocd-load-balancer namespace: <namespace> spec: type: LoadBalancer ports: - port: 443 name: load-balancer-port-ssl targetPort: 8080 # Selector Kubernetes label used in the Deployment object named <application_name>-argocd-server. selector: app.kubernetes.io/name: argocd-serverIn the specification, enter the namespace where you installed Argo CD.
The specification giving no IP address, the load balancer will get a dynamic public IP address. You can add a field named
spec.loadBalancerIPand specify a pre-reserved static IP address in it.For details on the specification, see this reference.
-
Apply the specification and create a network load balancer:
kubectl apply -f load-balancer.yaml --namespace <namespace> -
Get the IP address of the network load balancer you created:
Management console-
In the management console, select the folder the Managed Service for Kubernetes cluster is deployed in.
-
Select Network Load Balancer.
The Load balancers section shows a network load balancer with the
k8sprefix in its name and the unique Kubernetes cluster ID in its description. -
Copy the IP address field value for the load balancer of interest.
-
-
Go to
https://<load_balancer_IP_address>and log in with the administrator credentials.
Opening the application using a URL through an Application Load Balancer
-
If you already have a certificate for the domain zone, add its details to Yandex Certificate Manager. If not, issue a new Let's Encrypt® certificate and add it to Certificate Manager.
-
Get the certificate ID:
yc certificate-manager certificate listResult:
+----------------------+-----------+----------------+---------------------+----------+--------+ | ID | NAME | DOMAINS | NOT AFTER | TYPE | STATUS | +----------------------+-----------+----------------+---------------------+----------+--------+ | fpq8diorouhp******** | cert-test | test.ru | 2022-01-06 17:19:37 | IMPORTED | ISSUED | +----------------------+-----------+----------------+---------------------+----------+--------+ -
Configure the security groups required for an L7 Application Load Balancer.
-
Install the Application Load Balancer ingress controller.
Tip
We recommend using the new Yandex Cloud Gwin controller instead of an Application Load Balancer Ingress controller.
-
While you need a
NodePortservice to work with an L7 Application Load Balancer, Argo CD runs a server with aClusterIPservice. Change the service type:-
Open the file with the
Serviceobject description:kubectl -n <namespace> edit svc <application_name>-argocd-server -
Replace the
typevalue withNodePort:spec: ... type: NodePort ...
-
-
The L7 Application Load Balancer removes TLS encryption from inbound traffic. To avoid infinite redirection, disable HTTP to HTTPS redirection for Argo CD:
-
Open the
argocd-cmd-params-cmconfiguration file:kubectl -n <namespace> edit configmap argocd-cmd-params-cm -
Replace the
server.insecurevalue withtrue:data: ... server.insecure: "true" ...
-
-
Create a file named
ingress.yamland specify the settings for your L7 Application Load Balancer in it:apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: argocd-ingress namespace: argo-cd-space annotations: ingress.alb.yc.io/subnets: <load_balancer_subnet_ID> ingress.alb.yc.io/security-groups: <load_balancer_security_group_ID> ingress.alb.yc.io/external-ipv4-address: auto ingress.alb.yc.io/group-name: my-ingress-group spec: tls: - hosts: - <domain_name> secretName: yc-certmgr-cert-id-<TLS_certificate_ID> rules: - host: <domain_name> http: paths: - path: / pathType: Prefix backend: service: name: argo-cd-argocd-server port: number: 80To learn more about these settings, see Configuring an L7 Yandex Application Load Balancer using an ingress controller.
-
In the
ingress.yamlfile directory, run this command:kubectl apply -f ingress.yamlThis will create an
Ingressresource. The ALB Ingress Controller will use its configuration to automatically deploy your L7 Application Load Balancer. -
Make sure you created the L7 load balancer by running this command:
kubectl get ingress argocd-ingressView the command output. If you created the L7 load balancer, its IP address should appear in the
ADDRESSfield:NAME CLASS HOSTS ADDRESS PORTS AGE argocd-ingress <none> <domain_name> 51.250.**.*** 80, 443 15h -
Add an A record to your domain zone. In the Data field, specify the public IP address of your L7 Application Load Balancer.
-
Open
https://<domain_name>in your browser and log in with the administrator credentials.