Introduction to ArgoCD

Prerequisites

• WSL
• Minikube
• Kubectl
• Helm
• Kustomize
• ArgoCD
• HashiCorp Vault

What is ArgoCD?

ArgoCD is a GitOps or Continous Delivery(CD) tool that ensures that the git state remains synchronized with the K8s state.

Architecture

Project Structure

I decided to split the project into 3 different repos Frontend, Backend and K8s Infrastructure.

• Both Frontend and Backend repositories make up the the CI phase of this GitOps poject. They Build Test and Deploy Artifacts to Docker Hub.
• K8s Infrastructure repository stores the K8s manifest.
• We have the ArgoCD application deployed on MiniKube within my local cluster. It is responsible for Checking new images on for both frontend and backend applications. If there are any new images pushed ArgoCD will commit the - K8s Infrastructure repo and then detect a drift between the k8s environment and the manifest files and then update the deployed kubernetes environment to match the state in the - K8s Infrastructure repository

Getting started

1. Make sure Docker hub is running

2. Set up k8s local environment

minikube start --kubernetes-version=v1.32.1 --driver=docker

• This command spins up a k8s cluster and enables it to run kubernetes nodes as docker containers

• Usually you cannot run pods on the master but minikube removes the taints from the master node because it uses 1 node as a both a controller & worker node.

Github SSH Keys

The ArgoCD Image Updater needs write access to my K8s Infrastructure repository in order to commit new images it retrieves from DockerHub hence I will generate a ssh key.

ssh-keygen -t ed25519 -C "argocd@thab310.com" -f ~/.ssh/argocd_ed25519

• Then upload the public key located at ~/.ssh/argocd_ed25519.pub to K8s Infrastructure repository

• The private key will be used ArgoCD in order to Authenticate with K8s Infrastructure repository

Create a Slack Application

How to create a slack application Follow the process and make sure to store the bot token safely because you will need to store it as a secret inside Hashicorp vault.

Now create a channel "#alerts" under the workspace that has your slack bot. Invite the bot into the channel but tagging it in a message.

Create Hashicorp vault secrets

In this project I will be using Vault as my secret store.

vault server -dev

Copy & Paste this commad on another bash terminal

  $ export TF_VAR_vault_token='<Root-Token>'

To verify status of vault server run:

vault status

Retrive private ssh key:

cat ~/.ssh/argocd_ed25519

Add secrets in vault:

vault kv put secret/github_ssh_key gh_ssh_private_key="$(cat ~/.ssh/argocd_ed25519)"

vault kv put secret/argocd-notifications-secret \
  slack-token="********"

3. Setup ArgoCD Helm repository

Installation of helm charts :)

Tip

Instead of of using the traditional approach of installing helm charts using helm cli commands we will take a step further by using terraform and helm providers

resource "helm_release" "argocd" {
  name             = "argocd"

  repository       = "https://argoproj.github.io/argo-helm" #helm repo list
  chart            = "argo-cd"
  create_namespace = true #Create ns if it does not exist in the cluster
  namespace        = "argo-cd"
  version          = "7.8.2" #To get the chart version "helm search repo argocd"
  values           = [ file("values/argocd.yaml") ]
}

To get the terraform specific helm release details run the helm commands below

Apply terraform script

Confirm installation of ArgoCD Helm chart in specified namespace.

Accessing ArgoCD dashboard

1. Retrieve ArgoCD password

2. Access the dashboard on localhost port 8080. The username is admin and password is contents of base64 decoded secret argocd-initial-admin-secret in ns argo-cd.

Accessing the application

Note

Minikube is running in an isolated docker environment so we need a way to expose services within the cluster.

kubectl get svc

#Run this command to expose it to your local machine
minikube service <svc> --url