If you have been in alert mode for the trends in Automation of applications development and deployment, you must have read about GitOps. GitOps is a Continuous Deployment methodology for the cloud native applications. It is focused on a developer-centric experience for Infrastructure operations, by using tools developers are already familiar with, including Git and Continuous Deployment tools.

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It follows the GitOps pattern of using Git repositories as the source of truth for defining the desired state of your applications. In ArgoCD, Application definitions, configurations, and environments should be declarative and version controlled.

Argo CD automates the deployment of the desired application states in the specified target environments. Application deployments can track updates to branches, tags, or pinned to a specific version of manifests at a Git commit.

Install ArgoCD on OpenShift Cluster

Follow below steps to install ArgoCD onto your OpenShift Container Platform.

Step 1: Create Project namespace

ArgoCD will need to run on its on Namespace. Let’s create it:

--- With oc command ---
$ oc create namespace argocd

--- With kubectl command ---
$ kubectl create namespace argocd

You need to have configured kubectl to run the commands. You can refer to our guide below.

Easily Manage Multiple Kubernetes Clusters with kubectl & kubectx

Step 2: Apply the ArgoCD Manifest on OpenShift

Next we can perform the actual installation of ArgoCD on OpenShift by running the installation manifest.

--- With oc command ---
mkdir argocd
cd argocd
wget https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
oc apply -n argocd -f ./install.yaml

--- With kubectl command ---
mkdir argocd
cd argocd
wget https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
kubectl apply -n argocd -f ./install.yaml

Execution output:

customresourcedefinition.apiextensions.k8s.io/applications.argoproj.io created
customresourcedefinition.apiextensions.k8s.io/appprojects.argoproj.io created
serviceaccount/argocd-application-controller created
serviceaccount/argocd-dex-server created
serviceaccount/argocd-server created
role.rbac.authorization.k8s.io/argocd-application-controller created
role.rbac.authorization.k8s.io/argocd-dex-server created
role.rbac.authorization.k8s.io/argocd-server created
clusterrole.rbac.authorization.k8s.io/argocd-application-controller created
clusterrole.rbac.authorization.k8s.io/argocd-server created
rolebinding.rbac.authorization.k8s.io/argocd-application-controller created
rolebinding.rbac.authorization.k8s.io/argocd-dex-server created
rolebinding.rbac.authorization.k8s.io/argocd-server created
clusterrolebinding.rbac.authorization.k8s.io/argocd-application-controller created
clusterrolebinding.rbac.authorization.k8s.io/argocd-server created
configmap/argocd-cm created
configmap/argocd-rbac-cm created
configmap/argocd-ssh-known-hosts-cm created
configmap/argocd-tls-certs-cm created
secret/argocd-secret created
service/argocd-dex-server created
service/argocd-metrics created
service/argocd-redis created
service/argocd-repo-server created
service/argocd-server-metrics created
service/argocd-server created
deployment.apps/argocd-application-controller created
deployment.apps/argocd-dex-server created
deployment.apps/argocd-redis created
deployment.apps/argocd-repo-server created
deployment.apps/argocd-server created

The pods will be started in a few seconds or minutes.

$ oc get pods -n argocd
NAME                                             READY   STATUS    RESTARTS   AGE
argocd-application-controller-56cc786677-jmlr7   1/1     Running   0          110s
argocd-dex-server-9755c5c9c-mpg8g                1/1     Running   0          110s
argocd-redis-8c568b5db-r6ffj                     1/1     Running   0          110s
argocd-repo-server-778f98fc8f-7gttj              1/1     Running   0          110s
argocd-server-7696cd5f89-v66rn                   1/1     Running   0          110s

Confirm the updated Dex pod is running by executing the following command:

$ oc get pods -l=app.kubernetes.io/name=argocd-dex-server
NAME                                 READY   STATUS    RESTARTS   AGE
argocd-dex-server-78b8dd8b75-qvbjk   1/1     Running   0          4m49s

Step 3: Get the ArgoCD Server password

Once you confirm all pods are running, get the ArgoCD Server initial password which is autogenerated.

ARGOCD_SERVER_PASSWORD=$(oc -n argocd get pod -l "app.kubernetes.io/name=argocd-server" -o jsonpath='{.items[*].metadata.name}')

Confirm the password was saved:

$ echo $ARGOCD_SERVER_PASSWORD
argocd-server-7696cd5f99-v86rn

Step 4: Expose ArgoCD Server using OpenShift Route

We need to Patch ArgoCD Server deployment on OpenShift for the service to be exposed through the OpenShift Route:

oc -n argocd patch deployment argocd-server -p '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"argocd-server"}],"containers":[{"command":["argocd-server","--insecure","--staticassets","/shared/app"],"name":"argocd-server"}]}}}}'

You should get patched in the output if this was successful.

deployment.apps/argocd-server patched

Then you can proceed to expose ArgoCD Server:

oc -n argocd create route edge argocd-server --service=argocd-server --port=http --insecure-policy=Redirect

Confirm the route is created.

$ oc get route -n argocd
NAME            HOST/PORT                                         PATH   SERVICES        PORT   TERMINATION     WILDCARD
argocd-server   argocd-server-argocd.apps.mycluster.example.com          argocd-server   http   edge/Redirect   None

Confirm the web console is accessible by navigating to the location provided by executing the following command:

echo https://$(oc get routes argocd-server -o=jsonpath='{ .spec.host }')

You can update the host name used in the route by editing the yaml configuration on the fly:

$ oc edit route -n argocd

Step 5: Download Argo CD CLI

Download the latest Argo CD version from the releases page.

VERSION=$(curl --silent "https://api.github.com/repos/argoproj/argo-cd/releases/latest" | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/')
curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/download/$VERSION/argocd-linux-amd64

Make the argocd CLI executable:

sudo chmod +x /usr/local/bin/argocd

Check client version:

$ argocd version --client
argocd: v1.5.5+0fdef48
  BuildDate: 2020-05-16T04:02:57Z
  GitCommit: 0fdef4861e12026e133224f7c9413072340e2983
  GitTreeState: clean
  GoVersion: go1.14.1
  Compiler: gc
  Platform: linux/amd64

Using the username admin and the password to login to Argo CD’s IP or hostname:

--- Get route ---
ARGOCD_ROUTE=$(oc -n argocd get route argocd-server -o jsonpath='{.spec.host}')

--- Get Admin password ---
ARGOCD_SERVER_PASSWORD=$(oc -n argocd get pod -l "app.kubernetes.io/name=argocd-server" -o jsonpath='{.items[*].metadata.name}')

--- Login to ArgoCD API ---
argocd --insecure --grpc-web login ${ARGOCD_ROUTE}:443 --username admin --password ${ARGOCD_SERVER_PASSWORD}

Change the password using the command:

argocd --insecure --grpc-web --server ${ARGOCD_ROUTE}:443 account update-password --current-password ${ARGOCD_SERVER_PASSWORD} --new-password [email protected]

Step 6: Access ArgoCD Dashboard

You can then access the ArgoCD console with the route URL.

The login credentials will be

Username: admin

The initial Password can be obtained with:

kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o name | cut -d'/' -f 2

ArgoCD dashboard will be shown in after login.

Resetting Admin Password

By default the password is set to the name of the server pod.

To change the password, you need to:

  • Edit the argocd-secret secret
  • Update the admin.password field with a new bcrypt hash.

You can use a site like https://www.browserling.com/tools/bcrypt to generate a new hash.

Here is an example.

# bcrypt(password)=$2a$10$EGMTnwQa7543lA3Ry28Y7.ZjJbsyDIzmQyAsnoGyVdyaTTM4eP5IW
kubectl -n argocd patch secret argocd-secret \
  -p '{"stringData": {
    "admin.password": "$2a$10$EGMTnwQa7543lA3Ry28Y7.ZjJbsyDIzmQyAsnoGyVdyaTTM4eP5IW",
    "admin.passwordMtime": "'$(date +%FT%T%Z)'"
  }}'

Step 7: Integrating ArgoCD with OpenShift Authentication

Read through the OpenShift Authentication Integration with ArgoCD guide for complete integration.

Visit the ArgoCD documentation page to learn how applications are deployed with ArgoCD GitOps tool. Another useful resource is getting started page.

More Articles on Kubernetes / OpenShift:

How To Migrate Docker Compose Application to Kubernetes With Kompose

Run Ceph toolbox for Rook on Kubernetes / OpenShift

Add Harbor Image Registry Pull Secret to Kubernetes / OpenShift

How To Check Pod / Container Metrics on OpenShift & Kubernetes

LEAVE A REPLY

Please enter your comment!
Please enter your name here