first of all we need a kubernetes cluster we will use a minikube in my mac with docker daemon desktop application
docker images minikube start --kubernetes-version=v1.30.0 --driver=docker
it wil allow minikube to create kubernetes nodes as docker container if you choose virtualbox , minikube will create a virtual machine as kubernetes when you run it, it will pull a docker images and bootstrap the kubernetes cluster locally and configure kubectl to talk to the cluster.
kubectl get nodes we have one node that is control plane too kubectl get pods kubectl get services kubectl describe node minikube | less
Taints: minikube removes the taints from control plane, which prevents the scheduling of new pods
we use helm charts beacause now is the most common way if you dont want to use helm, you can run helm template command to generate the yaml file
add argocd helm chart: helm repo add argo https://argoproj.github.io/argo-helm
everytime you add a new repo, you must uodate the index helm repo update
helm search repo argocd argo/argo-cd 3.35.4 v2.2.5 A Helm chart for ArgoCD, a declarative, GitOps ...
most of the time, we want to override at least a few defaults variables to get defaults, we can run: helm show values argo/argo-cd --version 3.35.4 > argo-cd-defaults.yaml
now we want to install helm directly and with terraform
first we create a terraform folder and terraform files and we need to initialize it
terraform init terraform apply
in another terminal we can run:
helm status argocd -n argocd
or if it is failed, we run helm without terraform first clean up with this command:
helm list --pending -A helm uninstall argocd -n argocd
verify argocd is installed:
helm list -A kubectl get pods -n argocd
by default, this helm chart will generate an admin password and store it in kubernetes secret which is called initial admin secret and is used only once, you can change it if you wish
kubectl get secrets -n argocd
to get a password , let's get this secret in yaml format it will be encoded in base64 kubectl get secrets argocd-initial-admin-secret -o yaml -n argocd
to decode the secret, we can use echo and pipe it to the base64 utility.
echo "RWs1WElqRTVLdFIxVDRGTw==" | base64 --decode echo "RWs1WElqRTVLdFIxVDRGTw==" | base64 -d
Ek5XIjE5KtR1T4FO% the percent sign indicates the end of the string; don't copy it.
to access argocd, we can use post-forward command: kubectl port-forward svc/argocd-server -n argocd 8080:80
the username is admin go to site argoCD
-
first of all, we create a public github repository
-
in dockerhub account we find nginx images we log in to dockerhub account with docker login --username later we need to push the images pull the nginx image
-
docker pull nginx:1.27.0
to simulate CD pipeline, we would need to incerment image tags to deploy new versions
- docker tag nginx:1.27.0 rhosrow/nginx:v0.1.0 docker push rhosrow/nginx:v0.1.0
now we deploy kubernetes for this new docker image with new public repo , we created before
and then we say to argocd to watch this particuler repo in main project for first example:
we create a first argocd yaml file for to track our repo, we need to manually
kubectl apply -f 1-example/app.yaml
% kubectl get pods -n prod No resources found in prod namespace.
then we go to argocd interface and sync manually with public repo when we click sync , this is good practice for prod environment
- simulate a CI/CD pipeline and release a new version of our app
docker tag nginx:1.27.0 rhosrow/nginx:0.1.1 docker push rhosrow/nginx:0.1.1
in the project gitOPS, we change the tag in deployment manifest and make a git commit an push it to the repo
it takes some minutes for argo without setting up a webhook also to set up a webhook means you need to expose argocd to the internet that isnt a good way for security of companies
if you host your own git like gitlab, you can set up a webhook inside your environment to speed up the process
then we can add sync policy &option
create a .sh file and make it executable
chmod +x build-agent.sh
for deleteing app we can add to metadata of argo manifest
- kubectl delete -f 1-example/app.yaml
finalizers: - resources-finalizer.argocd.argoproj.io
it looks like argocd remove it from the UI but the app is still running i acctually want delete a kubernetes as well when i delete the application resource to do that we add a finalizers the metadeta yaml
it is the thing most of the time, especially helpful for app of apps pattern
when you have a lot of application that you want to deploy to kubernetes, you want to create them manually. the most common approach that poeple use it is the app of apps pattern, when you mange the creation & deletion of the apps using same gitOps repo.
uodate the namespace to foo #first app and create second app so we have two app
then add my-app.yaml and my-app-2 in environment/staging/apps
so we have kubernetes deployment files and corresponding argocd app resources to register them with argoCD the workflow for the helm and kustomize is similar except that you target helm charts and the push to github
git add . git commit -m "" git push origin main -f
so in the main folder we create folder 2 and add the path: environments/staging/apps
so this app resource will apply all of them