Managing Kubernetes Applications using GitOps Approach
Setting up ArgoCD to manage Kubernetes applications on one or more clusters
Kubernetes, also known as K8s, is an open-source system for automating deployment, scaling, and management of containerized applications.
Managing several applications deployed on one or several K8s clusters can be stressful, difficult and time consuming and one of the solution to this problem is by utilizing gitOps for our application management.
What is gitOps? from the website gitops.tech, GitOps is a way of implementing Continuous Deployment for cloud native applications. It focuses on a developer-centric experience when operating infrastructure, by using tools developers are already familiar with, including Git and Continuous Deployment tools.
There are several tools that can help us achieve this but i will focusing on using a combination of ArgoCD, Git and Kustomize.
From the main ArgoCD website, Argo CD follows the GitOps pattern of using Git repositories as the source of truth for defining the desired application state. it also automates the deployment of the desired application states in the specified target environments.
Reference
We will substitute the following words with their defined shortcuts.
- Kubernetes - K8s
Prerequisites
To effectively follow through in this guide, you will be required to have a K8s cluster with an existing application running on any cloud provider of your choice and also have K8s setup locally on your system.
For this guide i will be using DigitalOcean Kubernetes Service, any k8s service can be used. For setup information on DigitalOcean, use this guide How to Configure DigitalOcean Kubernetes Infrastructure.
Also you need to have ArgoCD installed on your system, use this ArgoCD installation guide to complete the setup.
Initial Setup
We will assume you have already setup your k8s cluster and connected your local K8s to fully manage the cluster on your provider. Let's proceed to setup ArgoCD on our cluster
Install ArgoCD
Run the commands below to setup the namespace to hold the ArgoCD installations.
kubectl create namespace argocd
Then run this to install ArgoCD in the new namespace created.
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
We have successfully installed ArgoCD on our cluster, next we will be exposing our ArgoCD installation via a website url to enable easy access and management using it's UI.
Accessing The ArgoCD installation
We can either choose to access ArgoCD via the CLI or it's in-built UI and I will guide you on how to setup the UI.
There are various way to expose the UI with an external IP but I will using the Ingress Controller method using let's encrypt for https certificate management.
Setup Let's Encrypt Cert Manager
Install cert manager using the command below
kubectl apply --validate=false -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.yaml
Verify cert-manager installation using the command below, you should see it's pods running
kubectl get pods --namespace cert-manager
Install Cluster Issuer script to manage the certificate creation and renewal. Create a file to hold cluster issuer configuration
touch my_cert_issuer.yaml
Paste the configuration below into the file, editing the appropriate name, then save it
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt-any-name
namespace: cert-manager
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: your_email_address_here
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-any-name
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
class: nginx
Roll out cluster issuer using the newly created file
kubectl create -f my_cert_issuer.yaml
You should see the following output:
clusterissuer.cert-manager.io/letsencrypt-any-name created
Install ArgoCD Ingress Configuration
We have successfully created our let's encrypt cert manager, let us go ahead and setup our ingress config to expose our ArgoCD installation.
Create a file and paste the code below, updating the cluster issuer and also the host url to use for accessing UI.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: argocd-server-ingress
namespace: argocd
annotations:
cert-manager.io/cluster-issuer: letsencrypt-any-name
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
# If you encounter a redirect loop or are getting a 307 response code
# then you need to force the nginx ingress to connect to the backend using HTTPS.
#
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
rules:
- host: argocd.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: argocd-server
port:
name: https
tls:
- hosts:
- argocd.example.com
secretName: argocd-secret # do not change, this is provided by Argo CD
Once this is done, we have successfully configured our ArgoCD to be accessed from a url.
Before you proceed to the next step, ensure you have configured the host name in your ingress config file to match with the IP address of the load balancer managing your K8s access.
Login Using UI
For us to be able to log in to our ArgoCD portal, we need to get the password to access the UI. ArgoCD comes with an initial admin password.
To get the initial password, we will be using the CLI. The command below returns the password, copy and store it somewhere safe, we will be using it to reset our password
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
Let us log in to our ArgoCD via the CLI and reset the password
argocd login <ARGOCD_SERVER>(host name or load balance IP)
Reset Password
argocd account update-password
Let's Access the UI and Login
Add Existing Cluster To ArgoCD
We have successfully setup and expose the ArgoCD installation to manage our application. Let us add our existing clusters to ArgoCD to enable it access our applications.
First list all clusters contexts in your current kubeconfig:
kubectl config get-contexts -o name
Choose a context name from the list and supply it to argocd cluster add . For example, for docker-desktop context, run:
argocd cluster add docker-desktop
Access the ArgoCD UI using the host url, under Settings check the clusters to confirm your cluster is there.