Okwu Kinikachi
Kachi

Kachi

Managing Kubernetes Applications using GitOps Approach

Managing Kubernetes Applications using GitOps Approach

Setting up ArgoCD to manage Kubernetes applications on one or more clusters

Okwu Kinikachi's photo
Okwu Kinikachi

Published on Jul 11, 2021

5 min read

Subscribe to my newsletter and never miss my upcoming articles

Kubernetes, also known as K8s, is an open-source system for automating deployment, scaling, and management of containerized applications.

Managing several applications deployed on one or several K8s clusters can be stressful, difficult and time consuming and one of the solution to this problem is by utilizing gitOps for our application management.

What is gitOps? from the website gitops.tech, GitOps is a way of implementing Continuous Deployment for cloud native applications. It focuses on a developer-centric experience when operating infrastructure, by using tools developers are already familiar with, including Git and Continuous Deployment tools.

There are several tools that can help us achieve this but i will focusing on using a combination of ArgoCD, Git and Kustomize.

From the main ArgoCD website, Argo CD follows the GitOps pattern of using Git repositories as the source of truth for defining the desired application state. it also automates the deployment of the desired application states in the specified target environments.

Reference

We will substitute the following words with their defined shortcuts.

  • Kubernetes - K8s

Prerequisites

To effectively follow through in this guide, you will be required to have a K8s cluster with an existing application running on any cloud provider of your choice and also have K8s setup locally on your system.

For this guide i will be using DigitalOcean Kubernetes Service, any k8s service can be used. For setup information on DigitalOcean, use this guide How to Configure DigitalOcean Kubernetes Infrastructure.

Also you need to have ArgoCD installed on your system, use this ArgoCD installation guide to complete the setup.

Initial Setup

We will assume you have already setup your k8s cluster and connected your local K8s to fully manage the cluster on your provider. Let's proceed to setup ArgoCD on our cluster

Install ArgoCD

Run the commands below to setup the namespace to hold the ArgoCD installations.

kubectl create namespace argocd

Then run this to install ArgoCD in the new namespace created.

kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

We have successfully installed ArgoCD on our cluster, next we will be exposing our ArgoCD installation via a website url to enable easy access and management using it's UI.

Accessing The ArgoCD installation

We can either choose to access ArgoCD via the CLI or it's in-built UI and I will guide you on how to setup the UI.

There are various way to expose the UI with an external IP but I will using the Ingress Controller method using let's encrypt for https certificate management.

Setup Let's Encrypt Cert Manager

Install cert manager using the command below

kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.16.1/cert-manager.yaml

Verify cert-manager installation using the command below, you should see it's pods running

kubectl get pods --namespace cert-manager

Install Cluster Issuer script to manage the certificate creation and renewal. Create a file to hold cluster issuer configuration

touch my_cert_issuer.yaml

Paste the configuration below into the file, editing the appropriate name, then save it

apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: letsencrypt-any-name
  namespace: cert-manager
spec:
  acme:
    # The ACME server URL
    server: https://acme-v02.api.letsencrypt.org/directory

    # Email address used for ACME registration
    email: your_email_address_here

    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-any-name

    # Enable the HTTP-01 challenge provider
    solvers:
    - http01:
        ingress:
          class: nginx

Roll out cluster issuer using the newly created file

kubectl create -f my_cert_issuer.yaml

You should see the following output:

clusterissuer.cert-manager.io/letsencrypt-any-name created

Install ArgoCD Ingress Configuration

We have successfully created our let's encrypt cert manager, let us go ahead and setup our ingress config to expose our ArgoCD installation.

Create a file and paste the code below, updating the cluster issuer and also the host url to use for accessing UI.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: argocd-server-ingress
  namespace: argocd
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-any-name
    kubernetes.io/ingress.class: nginx
    kubernetes.io/tls-acme: "true"
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    # If you encounter a redirect loop or are getting a 307 response code 
    # then you need to force the nginx ingress to connect to the backend using HTTPS.
    #
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  rules:
  - host: argocd.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service: 
            name: argocd-server
            port:
              name: https
  tls:
  - hosts:
    - argocd.example.com
    secretName: argocd-secret # do not change, this is provided by Argo CD

Once this is done, we have successfully configured our ArgoCD to be accessed from a url.

Before you proceed to the next step, ensure you have configured the host name in your ingress config file to match with the IP address of the load balancer managing your K8s access.

Login Using UI

For us to be able to log in to our ArgoCD portal, we need to get the password to access the UI. ArgoCD comes with an initial admin password.

To get the initial password, we will be using the CLI. The command below returns the password, copy and store it somewhere safe, we will be using it to reset our password

kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

Let us log in to our ArgoCD via the CLI and reset the password

argocd login <ARGOCD_SERVER>(host name or load balance IP)

Reset Password

argocd account update-password

Let's Access the UI and Login

Screenshot 2021-07-08 at 19-31-49 Applications - Argo CD.png

Add Existing Cluster To ArgoCD

We have successfully setup and expose the ArgoCD installation to manage our application. Let us add our existing clusters to ArgoCD to enable it access our applications.

First list all clusters contexts in your current kubeconfig:

kubectl config get-contexts -o name

Choose a context name from the list and supply it to argocd cluster add . For example, for docker-desktop context, run:

argocd cluster add docker-desktop

Access the ArgoCD UI using the host url, under Settings check the clusters to confirm your cluster is there.

Screenshot 2021-07-08 at 19-31-29 Settings - Argo CD.png

 
Share this