This repo is a boilerplate to get argo-cd up and running in a self-managed state quickly and easily with a private github repo. (also works for public repos)
- kubectl - Kubernetes cli tool
- kustomize - Templating utility for kubernetes manifests
- kubeseal - Utility for generating sealed secrets
When using a public repo we're not going to need to setup sealed secrets (At least for the core argo-cd setup). You'll want to make the following changes:
-
Delete the following files/folders:
apps/templates/sealed-secrets.yaml kustom/sealed-secrets kustom/argo-cd/base/argocd-repo-key.yaml
-
Then change
apps/kustomization.yamland remove the following line:- templates/sealed-secrets.yaml -
Finally change
kustom/argo-cd/kustomization.yamland remove the following line:- base/argocd-repo-key.yaml
End of public repo setup
-
Fork this repository.
-
Change all of the git refrences to match your repository:
git urls are located in the following files:
apps/templates/* kustom/argo-cd/base/argocd-cm -
Spin up a fresh kubernetes cluster and then clone your forked repository to your local machine.
-
Open a shell in the cloned repo and run the following command to initialize argo-cd:
kustomize build kustom/argo-cd/ | kubectl apply -n argocd -f - -
Run the following command to get the argo password:
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
-
Port forward the webui to your local port 8080:
kubectl port-forward svc/argocd-server -n argocd 8080:443
-
Open the argo-cd ui, login, and click on the settings cog in the left bar. Add your forked github repo and generate a new ssh key that your're going to be using (make sure you've added it to your github account). Once finished, click on connect.
-
Now that the repo credentials have been added to argo-cd we're going to add our apps to argo-cd with the following command:
kustomize build apps/ | kubectl -n argocd apply -f - -
You should see the apps appear in the argo-cd UI.
The argo-cd app will encounter a sync error if you're using a private repo, this is normal. We're going to generate a sealed secret in order to give argo-cd access to the repo for that app. (this sealed secret is going to be a private key with read access to our git repo, it's safe to put into the repo because it's been asymmetrically encrypted with a key stored on the kubernetes cluster)
-
Once the sealed-secrets app is synced you're going to copy the secret that was created when we initially added the repo via the UI above (should be in the argocd namespace with a name similar to repo-1340168060). Save this as key.yaml.
kubectl get secret -n argocd repo-1340168060 -o yaml > key.yaml -
Run the following command to generate a sealed key and then move it to the right location with the right name:
kubeseal --controller-namespace sealed-secrets --format yaml < key.yaml > sealedkey.yaml mv sealedkey.yaml kustom/argo-cd/base/argocd-repo-key.yaml -
Change the name key's value in kustom/argo-cd/base/argocd-repo-key.yaml to argo-github-key
-
Commit this change and push it to the repo in order for argo to finish the setup for argo-cd to manage the cluster and itself.