Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Integration with Argo CD

Written by
Updated at May 5, 2025

Argo CD is a declarative GitOps tool for continuous delivery to Kubernetes.

This tutorial describes how to integrate a Yandex Managed Service for GitLab instance, a Managed Service for Kubernetes cluster, and Argo CD, as well as GitLab Runner installed in the cluster and building Docker containers using Kaniko.

To integrate Argo CD with Managed Service for Kubernetes and Managed Service for GitLab:

  1. Create a GitLab instance.
  2. Configure GitLab.
  3. Create a GitLab Runner.
  4. Prepare the application repository for deployment.
  5. Deploy your application using Argo CD.

If you no longer need the resources you created, delete them.

The support cost includes:

Getting started

Set up your infrastructure

  1. If you do not have a network yet, create one.

  2. If you do not have any subnets yet, create them in the availability zones where your Managed Service for Kubernetes cluster and node group will be created.

  3. Create service accounts:

    Tip

    You can use the same service account to manage your Managed Service for Kubernetes cluster and its node groups.

  4. Create security groups for the Managed Service for Kubernetes cluster and its node groups.

    Warning

    The configuration of security groups determines the performance and availability of the cluster and the services and applications running in it.

  5. Create a security group for the Managed Service for GitLab instance.

  6. Create a Managed Service for Kubernetes cluster and a node group. When creating a Managed Service for Kubernetes cluster, specify the previously created service accounts for resources and nodes as well as the security groups for the cluster.

  7. Create a registry in Yandex Container Registry.

  8. Save the ID of the registry created, as you will need it at the next steps.

  1. If you do not have Terraform yet, install it.

  2. Get the authentication credentials. You can add them to environment variables or specify them later in the provider configuration file.

  3. Configure and initialize a provider. There is no need to create a provider configuration file manually, you can download it.

  4. Place the configuration file in a separate working directory and specify the parameter values. If you did not add the authentication credentials to environment variables, specify them in the configuration file.

  5. Download the k8s-argocd.tf Managed Service for Kubernetes cluster configuration file to the same working directory. This file describes:

    • Network.

    • Subnet.

    • Managed Service for Kubernetes cluster.

    • Service account for Managed Service for Kubernetes resources and nodes.

    • Container Registry registry.

    • Security groups which contain rules required for the Managed Service for Kubernetes cluster and its node groups.

      These security groups also contain the rules required for Managed Service for GitLab instance and Container Registry registry.

      Warning

      The configuration of security groups determines the performance and availability of the cluster and the services and applications running in it.

  6. Specify the following in the configuration file:

    • Folder ID.
    • Kubernetes version for the Managed Service for Kubernetes cluster and node groups.
    • Managed Service for Kubernetes cluster CIDR.
    • Name of the service account for Managed Service for Kubernetes resources and nodes.
    • Name of the Container Registry registry.

  7. Make sure the Terraform configuration files are correct using this command:

    terraform validate

    If there are any errors in the configuration files, Terraform will point them out.

  8. Create the required infrastructure:

    1. Run this command to view the planned changes:

      terraform plan

      If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.

    2. If everything looks correct, apply the changes:

      1. Run this command:

        terraform apply

      2. Confirm updating the resources.

      3. Wait for the operation to complete.

    All the required resources will be created in the specified folder. You can check resource availability and their settings in the management console.

Install additional dependencies

Install the following tools in the local environment:

Create a GitLab instance

Create either a Managed Service for GitLab instance or a VM with a GitLab image in the same cloud network as the Managed Service for Kubernetes cluster.

Create a Managed Service for GitLab instance by following this guide.

Launch GitLab on a VM with a public IP.

  1. On the folder page in the management console, click Create resource and select Virtual machine instance.

  2. Under Boot disk image, in the Product search field, enter Gitlab and select a public GitLab image.

  3. Under Location, select an availability zone to place your VM in. If you do not know which availability zone you need, leave the default one.

  4. Under Computing resources, navigate to the Custom tab and specify the required platform, number of vCPUs, and the amount of RAM:

    • Platform: Intel Ice Lake.
    • vCPU: 4.
    • Guaranteed vCPU performance: 100%.
    • RAM: 8 GB.

  5. Under Network settings:

    • In the Subnet field, select the network and subnet to connect your VM to. If the required network or subnet is not listed, create it.
    • Under Public IP address, keep Auto to assign your VM a random external IP address from the Yandex Cloud pool or select a static address from the list if you reserved one in advance.

  6. Under Access, select SSH key and specify the VM access data:

    • Under Login, enter the username. Do not use root or other names reserved by the OS. To perform operations requiring superuser permissions, use the sudo command.

    • In the SSH key field, select the SSH key saved in your organization user profile.

      If there are no saved SSH keys in your profile, or you want to add a new key:

      • Click Add key.
      • Enter a name for the SSH key.
      • Upload or paste the contents of the public key file. You need to create a key pair for the SSH connection to a VM yourself.
      • Click Add.

      The SSH key will be added to your organization user profile.

      If users cannot add SSH keys to their profiles in the organization, the added public SSH key will only be saved to the user profile of the VM being created.

  7. Under General information, specify the VM name: ci-tutorial-gitlab.

  8. Click Create VM.

It may take a few minutes to create the VM. When the VM status changes to RUNNING and GitLab starts, configure its settings.

Configure GitLab

To configure GitLab and enable Continuous Integration (CI), create a new project and enter the CI authorization parameters:

  1. Log in to the Managed Service for GitLab instance web interface.

  2. Click Create a project.

  3. Click Create blank project.

  4. Fill in the fields as follows:

    • Project name: gitlab-test.
    • Project URL: Select the administrator user in the field next to the Managed Service for GitLab instance FQDN.

    Leave the other fields unchanged.

  5. Click Create project.

  1. On the Yandex Compute Cloud page, select the created VM and copy its public IP.

  2. Connect to the VM over SSH.

  3. Get the GitLab administrator password with the following VM command:

    sudo cat /etc/gitlab/initial_root_password

  4. Copy the password without spaces from the Password line to the clipboard or a separate file.

  5. In your browser, open http://<VM_public_IP_address>. This will take you to the GitLab web interface.

  6. Log in as the administrator:

    • Username or email: root.
    • Password: Password you copied in the previous step.

    If you are unable to log in, reset the administrator password.

  7. Change the administrator password.

  8. Log in as the administrator with the new password.

  9. Select Create a project.

  10. Specify the project name: gitlab-test.

  11. Click Create project.

Create a GitLab Runner

To run build tasks in the Yandex Managed Service for Kubernetes cluster, create a GitLab Runner. To do this, install GitLab Runner by following this guide.

Once it is installed, you can run automated builds inside your Managed Service for Kubernetes cluster.

For more information about installing and running GitLab Runner, see the GitLab documentation.

Prepare the application's repository to deploy

  1. Get an authorized key for the previously created service account with the container-registry.images.puller and container-registry.images.pusher roles:

    yc iam key create --service-account-name <service_account_name_for_nodes> -o key.json

  2. Save the contents of the key for the next step:

    cat key.json | base64

  3. Create the GitLab environment variables:

    1. In GitLab, navigate to Settings in the left-hand panel and select CI/CD from the drop-down list.

    2. Click Expand next to Variables.

    3. Add these environment variables:

      • CI_REGISTRY: Address of the previously created registry in cr.yandex/<registry_ID> format.
      • CI_REGISTRY_USER: json_key
      • CI_REGISTRY_PASSWORD: Output of the cat key.json | base64.

      To add a variable:

      1. Click Add variable.
      2. In the window that opens, specify the variable name in the Key field and its value in the Value field.
      3. Click Add variable.

  4. Set up access to the repository:

    1. Generate a new pair of SSH keys or use an existing one.
    2. Add a public part of the SSH key to the GitLab account settings.

  5. Clone the repository:

    git clone git@<instance_name>.gitlab.yandexcloud.net:<admin_username>/gitlab-test.git

  6. Clone the yc-webinar-gitops-argo-crossplane repository to your instance:

    git clone https://github.com/yandex-cloud-examples/yc-webinar-gitops-argo-crossplane.git

  7. To the gitlab-test directory, copy all files from the yc-webinar-gitops-argo-crossplane/02-argocd/app directory, including hidden files:

    cp -rT <path_to_app_directory> <path_to_gitlab-test_directory>

  8. Commit the changes to gitlab-test and push them to the repository:

    git add . && \
git commit -m "Add app src and CI" && \
git push

  9. This will run the build script. To track its progress, in the drop-down menu, select BuildPipelines. Wait until both build steps are complete.

  10. Open the completed build and copy the following line from the log (you will need it at the next step):

    INFO[0025] Pushing image to cr.yandex/<registry_ID>/<admin_username>/gitlab-test:main.<commit_number>

Deploy your application using Argo CD

Install Argo CD to the Managed Service for Kubernetes cluster

  1. Install Argo CD by following this guide.

    Warning

    Kubernetes node groups require internet access to download images and components.

    Internet access can be provided through:

  2. Configure ArgoCD port forwarding onto the local computer:

    kubectl port-forward service/<Argo_CD_app_name>-argocd-server \
  --namespace <namespace> 8080:443

  3. Get the administrator password from a Kubernetes secret:

    kubectl --namespace <namespace> get secret argocd-initial-admin-secret \
  --output jsonpath="{.data.password}" | base64 -d

  4. Open the Argo CD console at https://127.0.0.1:8080 in your browser.

  5. Log in to the console as admin using the password you got in the previous step.

Add a GitLab repository to Argo CD

  1. Go to Settings in the left GitLab panel and select Access Tokens from the drop-down list.

  2. Set parameters for a new token:

    • Token name: argocd.
    • Select a role: Maintainer.
    • Select scopes: read_repository.

  3. Click Create project access token.

  4. Copy the value of the token you created.

  5. In the Argo CD console, go to SettingsRepositories.

  6. Click Connect Repo Using HTTPS.

  7. In the resulting form, enter the settings:

    • Repository URL: Repository URL in the following format: https://<GitLab_instance_name>.gitlab.yandexcloud.net/<admin_username>/gitlab-test.git.
    • Username: gitlab-ci-token.
    • Password: Previously generated GitLab token.

  8. Click Connect.

  9. In the Argo CD console, go to Applications, then click Create Application.

  10. In the resulting form, enter the settings:

    • Application Name: gitlab-test.
    • Project: default.
    • Sync policy: Automatic, then select Prune resources and Self Heal.
    • Sync options: Select Auto-Create Namespace.
    • Repository URL: Specify the repository URL in the following format: https://<GitLab_instance_name>.gitlab.yandexcloud.net/<admin_username>/gitlab-test.git.
    • Path: .helm.
    • Cluster URL: https://kubernetes.default.svc.
    • Namespace: gitlab-test.
    • image.repository : cr.yandex/<registry_ID>/<admin_username>/gitlab-test.
    • image.tag: main.<commit_number>.

  11. Click Create and wait until the syncing completes.

  12. To test how the application runs, execute the following command in the Managed Service for Kubernetes cluster:

    kubectl get all -n gitlab-test

    Result:

    NAME                               READY   STATUS    RESTARTS   AGE
pod/gitlab-test-67c8d58bc4-6w4q7   1/1     Running   0          2m26s
pod/gitlab-test-67c8d58bc4-sldpc   1/1     Running   0          2m26s

NAME                  TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
service/gitlab-test   ClusterIP   10.96.186.223   <none>        80/TCP    2m26s

NAME                          READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/gitlab-test   2/2     2            2           2m26s

NAME                                     DESIRED   CURRENT   READY   AGE
replicaset.apps/gitlab-test-67c8d58bc4   2         2         2       2m26s

Test auto-syncing from the repository

  1. Go to the directory with the cloned project and open the .helm/values.yaml file.

  2. Set the value of the replicaCount parameter to 3.

  3. Save the changes and push them to the repository:

    git add . && \
git commit -m "Increase replica count" && \
git push

  4. In the Argo CD console, wait until the application is synced.

  5. Make sure the number of application pods in the Managed Service for Kubernetes cluster has increased:

    kubectl get pod -n gitlab-test

    Result:

    NAME                               READY   STATUS    RESTARTS   AGE
pod/gitlab-test-67c8d58bc4-6w4q7   1/1     Running   0          15m
pod/gitlab-test-67c8d58bc4-7hmcn   1/1     Running   0          10m
pod/gitlab-test-67c8d58bc4-sldpc   1/1     Running   0          15m

NAME                  TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
service/gitlab-test   ClusterIP   10.96.186.223   <none>        80/TCP    15m

NAME                          READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/gitlab-test   3/3     3            3           15m

NAME                                     DESIRED   CURRENT   READY   AGE
replicaset.apps/gitlab-test-67c8d58bc4   3         3         3       15m

Delete the resources you created

Some resources are not free of charge. To avoid paying for them, delete the resources you no longer need:

  1. Delete the created Docker images.

  2. Delete the Managed Service for Kubernetes cluster and Container Registry registry:

    1. In the terminal window, go to the directory containing the infrastructure plan.

      Warning

      Make sure the directory has no Terraform manifests with the resources you want to keep. Terraform deletes all resources that were created using the manifests in the current directory.

    2. Delete resources:

      1. Run this command:

        terraform destroy

      2. Confirm deleting the resources and wait for the operation to complete.

      All the resources described in the Terraform manifests will be deleted.

  3. Delete the GitLab VM or Managed Service for GitLab instance you created.

Previous
All tutorials
Next
Integration with Crossplane