Install Argo CD

Review the necessary prerequisites and follow the steps to enable Argo CD within KubeRocketCI.

Prerequisites

The following tools must be installed:

• KubeRocketCI
• Kubectl version 1.24+
• Helm version 3.10+
• Keycloak (optional)

Installation

Enabling Argo CD on the platform involves two main steps:

• Argo CD installation
• Argo CD integration with Add-Ons

Argo CD can be installed in several ways, please follow the official documentation for more details. It is also possible to install Argo CD using the edp-cluster-add-ons.

Install With Helm

Follow the steps below to install Argo CD using Helm:

"For the OpenShift users"

When using the OpenShift platform, apply the SecurityContextConstraints resource. Change the namespace in the users section if required.

View: SecurityContextConstraints

allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowPrivilegeEscalation: true
allowPrivilegedContainer: false
allowedCapabilities: null
apiVersion: security.openshift.io/v1
allowedFlexVolumes: []
defaultAddCapabilities: []
fsGroup:
  type: MustRunAs
  ranges:
    - min: 99
      max: 65543
groups: []
kind: SecurityContextConstraints
metadata:
  annotations:
      "helm.sh/hook": "pre-install"
  name: argo-redis-ha
priority: 1
readOnlyRootFilesystem: false
requiredDropCapabilities:
- KILL
- MKNOD
- SETUID
- SETGID
runAsUser:
  type: MustRunAsRange
  uidRangeMin: 1
  uidRangeMax: 65543
seLinuxContext:
  type: MustRunAs
supplementalGroups:
  type: RunAsAny
seccompProfiles:
  - '*'
users:
- system:serviceaccount:argocd:argo-redis-ha
- system:serviceaccount:argocd:argo-redis-ha-haproxy
- system:serviceaccount:argocd:argocd-notifications-controller
- system:serviceaccount:argocd:argo-argocd-repo-server
- system:serviceaccount:argocd:argocd-server
volumes:
- configMap
- downwardAPI
- emptyDir
- persistentVolumeClaim
- projected
- secret

1. Fork the Add-Ons repository to personal account.

2. Run the installation:

   helm dependency update argo-cd
   helm install argocd argo-cd -n argocd --create-namespace

3. Port-forward Argo CD service using kubectl:

   kubectl port-forward svc/argo-argocd-server 8080:80 -n argocd

4. Login to the Argo CD server in browser using login and password:

   info

   By default, to access the console with administrative privileges, use the following credentials:

   • URL: localhost:8080
   • Login: admin
   password

   kubectl get secret -n argocd argocd-initial-admin-secret --template={{.data.password}} | base64 -d

5. Integrate Argo CD with Add-Ons and Install Core Add-Ons

   To ensure the environment functions correctly, it is necessary to install the following core components:

   • Nginx Ingress Controller: Provides external endpoint management through ingress resources.
   • External Secrets Operator (ESO): Manages secure provisioning and access to secrets.
   • Keycloak (KK): Enables Single Sign-On (SSO) for authentication.
   • Keycloak Operator: Simplifies the configuration and management of Keycloak instances.

   These components can be installed using the prepared add-ons repository. Detailed installation instructions are available in the add-ons installation guide.

   To configure these components, refer to the relevant sections in values.yaml, which include the required parameters for enabling and customizing the add-ons.

   

   After completing the installation of these components, proceed with the configuration of Argo CD.

6. Update Argo CD helm chart:

   note

   After installing the necessary add-ons, such as the External Secrets Operator, it is recommended to add ESO components for all secrets that were manually created during the integration of add-ons with Argo CD. An example can be found here.

   info

   Make sure Kubernetes resources have the required labels for Argo CD to manage them.

   metadata:
     label:
       app.kubernetes.io/part-of: argocd

   To enable features such as ingress, login via oidc provider, provisioning secret using ESO need to update Argo CD with values below:

   kubernetes values.yaml

   argo-cd:
     global:
       # -- Default domain used by all components
       ## Used for ingresses, certificates, SSO, notifications, etc.
       domain: argocd.example.com
     configs:
       cm:
         # required when SSO is enabled
         url: "https://argocd.example.com"
       oidc.config: |
         issuer: https://keycloak.example/auth/realms/shared
     server:
       ingress:
         enabled: true
         hosts:
           - "argocd.example.com"
   oidc:
     enabled: true
   eso:
     enabled: true
   View: openshift values.yaml

   argo-cd:
   global:
     # -- Default domain used by all components
     ## Used for ingresses, certificates, SSO, notifications, etc.
     domain: argocd.example.com
   configs:
     cm:
       # required when SSO is enabled
       url: "https://argocd.example.com"
     oidc.config: |
       issuer: https://keycloak.example/auth/realms/shared
   server:
     route:
       enabled: true
       hostname: "argocd.example.com"
       termination_type: edge
       termination_policy: Redirect
   oidc:
   enabled: true
   eso:
   enabled: true

Next Step

• Install third-party tools via Add-Ons
• Install KubeRocketCI

After completing the steps outlined in this documentation, the following results should be achieved:

1. Centralized Argo CD Instance:

   • A fully deployed and operational Argo CD instance installed using Helm.

2. Add-Ons Repository Configured:

   • Add-ons repository integrated and configured with Argo CD for managing additional components.

3. Core Components Deployed:

   • Essential infrastructure components, such as:
     • External Secrets Operator (ESO) for secure secret management.
     • Keycloak and Keycloak Operator for Single Sign-On (SSO).
     • Nginx Ingress Controller for external endpoint management.

Related Articles

• Argo CD Integration
• Install via Add-Ons