Yandex Cloud
Search
Contact UsGet started
  • Pricing
  • Customer Stories
  • Documentation
  • Blog
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • AI Studio
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Start testing with double trial credits
    • Cloud credits to scale your IT product
    • Gateway to Russia
    • Cloud for Startups
    • Center for Technologies and Society
    • Yandex Cloud Partner program
  • Pricing
  • Customer Stories
  • Documentation
  • Blog
© 2025 Direct Cursus Technology L.L.C.
Service page
Yandex Managed Service for Kubernetes
Documentation
Yandex Managed Service for Kubernetes
  • Comparison with other Yandex Cloud services
  • Getting started
    • All guides
    • Connecting to a node over SSH
    • Connecting to a node via OS Login
    • Updating Kubernetes
    • Configuring autoscaling
    • Activating a Kubernetes Terraform provider
      • Getting started with Cloud Marketplace
      • Installing Argo CD
      • Installing Chaos Mesh
      • Installing cert-manager with the Cloud DNS ACME webhook plugin
      • Installing Container Storage Interface for S3
      • Installing Crossplane
      • Installing External Secrets Operator
      • Installing ExternalDNS with a plugin for Cloud DNS
      • Installing Falco
      • Installing Filebeat OSS
      • Installing Fluent Bit
      • Installing Gatekeeper
      • Installing Gateway API
      • Installing the GitLab Agent
      • Installing GitLab Runner
      • Installing HashiCorp Vault
      • Installing Ingress NGINX
      • Installing an Application Load Balancer ingress controller
      • Upgrading an Application Load Balancer ingress controller
      • Installing Istio
      • Installing Jaeger
      • Installing Kruise
      • Installing Kyverno & Kyverno Policies
      • Installing Loki
      • Installing Metrics Provider
      • Installing NodeLocal DNS
      • Installing OIDC Authentication
      • Installing Policy Reporter
      • Installing Prometheus Operator
      • Installing Thumbor
      • Installing Velero
    • Connecting external nodes to the cluster
    • Configuring WireGuard gateways to connect external nodes to a cluster
    • Configuring IPSec gateways to connect external nodes to a cluster
  • Access management
  • Pricing policy
  • Terraform reference
  • Monitoring metrics
  • Audit Trails events
  • Release notes

In this article:

  • Getting started
  • Installation using Yandex Cloud Marketplace
  • Installation using a Helm chart
  • Access to the application
  • Opening the application via localhost
  • Opening the application through a dedicated IP address via Network Load Balancer
  • Opening the application by URL through Application Load Balancer
  • Use cases
  • See also
  1. Step-by-step guides
  2. Installing apps from Cloud Marketplace
  3. Installing Argo CD

Installing Argo CD

Written by
Yandex Cloud
Improved by
Dmitry A.
Updated at August 20, 2025
  • Getting started
  • Installation using Yandex Cloud Marketplace
  • Installation using a Helm chart
  • Access to the application
    • Opening the application via localhost
    • Opening the application through a dedicated IP address via Network Load Balancer
    • Opening the application by URL through Application Load Balancer
  • Use cases
  • See also

Argo CD is a declarative GitOps tool for continuous delivery to Kubernetes.

Getting startedGetting started

  1. If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

    By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

  2. Make sure that the security groups for the Managed Service for Kubernetes cluster and its node groups are configured correctly. If any rule is missing, add it.

    Warning

    The configuration of security groups determines the performance and availability of the cluster and the services and applications running in it.

  3. Install kubect and configure it to work with the new cluster.

Installation using Yandex Cloud MarketplaceInstallation using Yandex Cloud Marketplace

  1. Navigate to the folder dashboard and select Managed Service for Kubernetes.
  2. Click the name of the cluster you need and select the Marketplace tab.
  3. Under Application available for installation, select Argo CD and click Go to install.
  4. Configure the application:
    • Namespace: Create a new namespace, e.g., argo-cd-space. If you leave the default namespace, Argo CD may work incorrectly.
    • Application name: Specify the application name.
  5. Click Install.
  6. Wait for the application to change its status to Deployed.

Installation using a Helm chartInstallation using a Helm chart

  1. Install Helm v3.8.0 or higher.

  2. To install a Helm chart with Argo CD, run the following command:

    helm pull oci://cr.yandex/yc-marketplace/yandex-cloud/argo/chart/argo-cd \
      --version 7.3.11-2 \
      --untar && \
    helm install \
      --namespace <namespace> \
      --create-namespace \
      argo-cd ./argo-cd/
    

    Note

    If you are using a Helm version below 3.8.0, append the export HELM_EXPERIMENTAL_OCI=1 && \ string to the command to enable Open Container Initiative (OCI) support in the Helm client.

    If you set namespace to the default namespace, Argo CD may work incorrectly. We recommend you to specify a value different from all existing namespaces (e.g., argo-cd-space).

Access to the applicationAccess to the application

You can open Argo CD via localhost, using a dedicated IP address through Yandex Network Load Balancer, or by URL through an L7 Yandex Application Load Balancer. The first method is easier to configure and does not require additional costs for load balancers. However, the application is only available through localhost as long as port redirection is active and load balancers provide continuous access to Argo CD.

Before you set up access to Argo CD, get the administrator password (admin):

kubectl --namespace <namespace> get secret argocd-initial-admin-secret \
  --output jsonpath="{.data.password}" | base64 -d

You will need the password for authorization in Argo CD.

Opening the application via localhostOpening the application via localhost

  1. Configure Argo CD port redirection to your local computer:

    kubectl port-forward service/<app_name>-argocd-server \
      --namespace <namespace> 8080:443
    

    In the command, specify the application name you had set during installation.

  2. Follow the https://localhost:8080 link and log in with administrator credentials.

Opening the application through a dedicated IP address via Network Load BalancerOpening the application through a dedicated IP address via Network Load Balancer

  1. Save the following specification for creating a LoadBalancer type service to a file named load-balancer.yaml. This will create you a Network Load Balancer:

    apiVersion: v1
    kind: Service
    metadata:
      name: argocd-load-balancer
      namespace: <namespace>
    spec:
      type: LoadBalancer
      ports:
      - port: 443
        name: load-balancer-port-ssl
        targetPort: 8080
      # Selector Kubernetes label used in the Deployment object named <application_name>-argocd-server.
      selector:
        app.kubernetes.io/name: argocd-server
    

    In the specification, specify the namespace you installed Argo CD in.

    The specification giving no IP address, the load balancer will get a dynamic public IP address. You can add a field named spec.loadBalancerIP and specify a pre-reserved static IP address in it.

    For details on the specification, see this service reference.

  2. Apply the specification and create a network load balancer:

    kubectl apply -f load-balancer.yaml --namespace <namespace>
    
  3. Get the IP address of the network load balancer you created:

    Management console
    1. In the management console, select the folder the Managed Service for Kubernetes cluster is deployed in.

    2. Select Network Load Balancer.

      The Load balancers section shows a network load balancer with the k8s prefix in its name and the unique Kubernetes cluster ID in its description.

    3. Copy the IP address field value for the load balancer of interest.

  4. Follow the https://<load_balancer_IP_address> link and log in with administrator credentials.

Opening the application by URL through Application Load BalancerOpening the application by URL through Application Load Balancer

  1. Register a public domain zone and delegate your domain.

  2. If you already have a certificate for the domain zone, add its details to Yandex Certificate Manager. If not, issue a new Let's Encrypt® certificate and add it to Certificate Manager.

  3. Get the certificate ID:

    yc certificate-manager certificate list
    

    Result:

    +----------------------+-----------+----------------+---------------------+----------+--------+
    |          ID          |   NAME    |    DOMAINS     |      NOT AFTER      |   TYPE   | STATUS |
    +----------------------+-----------+----------------+---------------------+----------+--------+
    | fpq8diorouhp******** | cert-test |    test.ru     | 2022-01-06 17:19:37 | IMPORTED | ISSUED |
    +----------------------+-----------+----------------+---------------------+----------+--------+
    
  4. Configure the security groups required for an L7 Application Load Balancer.

  5. Install the Application Load Balancer ingress controller.

  6. While you need a NodePort service to work with an L7 Application Load Balancer, Argo CD runs a server with a ClusterIP service. Change the service type:

    1. Open the file with the Service object description:

      kubectl -n <namespace> edit svc <app_name>-argocd-server
      
    2. Replace the type value with NodePort:

      spec:
        ... 
        type: NodePort
        ...
      
  7. The L7 Application Load Balancer removes TLS encryption from inbound traffic. To avoid infinite redirection, disable HTTP to HTTPS redirection for Argo CD:

    1. Open the argocd-cmd-params-cm configuration file:

      kubectl -n <namespace> edit configmap argocd-cmd-params-cm
      
    2. Replace the server.insecure value with true:

      data:
        ...
        server.insecure: "true"
        ...
      
  8. Create a file named ingress.yaml and specify the settings for your L7 Application Load Balancer in it:

    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: argocd-ingress
      namespace: argo-cd-space
      annotations:
        ingress.alb.yc.io/subnets: <load_balancer_subnet_ID>
        ingress.alb.yc.io/security-groups: <load_balancer_security_group_ID>
        ingress.alb.yc.io/external-ipv4-address: auto
        ingress.alb.yc.io/group-name: my-ingress-group
    spec:
      tls:
        - hosts:
            - <domain_name>
          secretName: yc-certmgr-cert-id-<TLS_certificate_ID>
      rules:
        - host: <domain_name>
          http:
            paths:
              - path: /
                pathType: Prefix
                backend:
                  service:
                    name: argo-cd-argocd-server
                    port:
                      number: 80
    

    To learn more about these settings, see Configuring an L7 Yandex Application Load Balancer using an ingress controller.

  9. In the ingress.yaml file directory, run this command:

    kubectl apply -f ingress.yaml
    

    This will create an Ingress resource. ALB Ingress Controller will use its configuration to automatically deploy your L7 Application Load Balancer.

  10. Make sure you created the L7 load balancer. To do this, run the following command:

    kubectl get ingress argocd-ingress
    

    View the command output. If you created the L7 load balancer, its IP address should appear in the ADDRESS field:

    NAME            CLASS   HOSTS           ADDRESS        PORTS    AGE
    argocd-ingress  <none>  <domain_name>  51.250.**.***  80, 443  15h
    
  11. Add an A record to your domain's zone. In the Data field, specify the public IP address of your L7 Application Load Balancer.

  12. Open the https://<domain_name> link in your browser and log in with administrator credentials.

    Note

    If the resource is unavailable at the specified URL, make sure that the security groups for the Managed Service for Kubernetes cluster and its node groups are configured correctly. If any rule is missing, add it.

Use casesUse cases

  • Integration with Argo CD

See alsoSee also

  • Argo CD documentation.

Was the article helpful?

Previous
Getting started with Cloud Marketplace
Next
Installing Chaos Mesh
© 2025 Direct Cursus Technology L.L.C.