# Argo CD Setup on E2E Kubernetes ## What is Argo CD? Argo CD is a Kubernetes-native Continuous Deployment (CD) tool that follows the GitOps model. It continuously monitors running Kubernetes clusters and ensures that the actual cluster state matches the desired state defined in Git repositories. Unlike traditional CD tools that use push-based deployments, Argo CD works in a pull-based manner. It pulls application manifests from Git and automatically applies them to Kubernetes. Git becomes the single source of truth for both application configuration and infrastructure. {/* TODO: Add GitOps architecture diagram */} ## Step 1: Prerequisites Make sure you have: - Running E2E Kubernetes cluster - `kubectl` access - Domain - Public LB IP available for Gateway - Git repository with Kubernetes manifests Verify cluster: ```bash kubectl get nodes ``` ## Step 2: Install the Gateway API CRDs and Envoy Gateway ```bash helm install eg oci://docker.io/envoyproxy/gateway-helm \ --version v1.6.1 \ -n envoy-gateway-system \ --create-namespace ``` ## Step 3: Wait for Envoy Gateway to Become Available ```bash kubectl wait --timeout=5m \ -n envoy-gateway-system \ deployment/envoy-gateway \ --for=condition=Available ``` Verify pods: ```bash kubectl get pods -n envoy-gateway-system ``` Reference for installation: https://gateway.envoyproxy.io/v1.6/install/install-helm/ ## Step 4: Create GatewayClass A GatewayClass tells Kubernetes which controller manages Gateways. Create `gatewayclass.yaml`: ```yaml apiVersion: gateway.networking.k8s.io/v1 kind: GatewayClass metadata: name: envoy-gateway-class spec: controllerName: gateway.envoyproxy.io/gatewayclass-controller ``` ```bash kubectl apply -f gatewayclass.yaml kubectl get gatewayclass ``` ## Step 5: Create Gateway Create `gateway.yaml`: ```yaml apiVersion: gateway.networking.k8s.io/v1 kind: Gateway metadata: name: api-gateway namespace: default spec: gatewayClassName: envoy-gateway-class listeners: - name: http protocol: HTTP port: 80 allowedRoutes: namespaces: from: All - name: https protocol: HTTPS port: 443 tls: mode: Terminate certificateRefs: - name: apigateway-tls allowedRoutes: namespaces: from: All ``` ```bash kubectl apply -f gateway.yaml ``` Get the Gateway's external IP: ```bash kubectl get gateway ``` ## Step 6: DNS Configuration Create an A record in your domain provider pointing your subdomain to the Gateway's external IP: | Type | Name | Value | |------|------|-------| | A | argocd | `` | Verify DNS propagation: ```bash dig argocd.yourdomain.com ``` ## Step 7: Install cert-manager cert-manager automates TLS certificate issuance and renewal. ```bash kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.5/cert-manager.yaml ``` Verify: ```bash kubectl get pods -n cert-manager ``` ## Step 8: Create Let's Encrypt ClusterIssuer Create `clusterissuer.yaml`: ```yaml apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt-prod spec: acme: email: your-email@yourdomain.com server: https://acme-v02.api.letsencrypt.org/directory privateKeySecretRef: name: letsencrypt-prod-key solvers: - http01: gatewayHTTPRoute: parentRefs: - name: api-gateway ``` ```bash kubectl apply -f clusterissuer.yaml kubectl get clusterissuer ``` ## Step 9: Request TLS Certificate Create `certificate.yaml`: ```yaml apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: apigateway-cert spec: secretName: apigateway-tls issuerRef: name: letsencrypt-prod kind: ClusterIssuer dnsNames: - argocd.yourdomain.com # This is for Argo CD Dashboard - argoapp.yourdomain.com # This is for Application ``` ```bash kubectl apply -f certificate.yaml ``` ## Step 10: Install Argo CD Reference: https://argo-cd.readthedocs.io/en/stable/getting_started/ ```bash kubectl create namespace argocd kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml ``` > **Note:** You can also use Helm to install Argo CD. Verify pods are running: ```bash kubectl get pods -n argocd ``` ### Disable HTTPS Redirect in Argo CD When Argo CD is deployed behind a Gateway or Load Balancer that terminates TLS, the Argo CD server must be configured to trust the upstream TLS termination: ```bash kubectl patch configmap argocd-cmd-params-cm -n argocd \ --type merge \ -p '{"data":{"server.insecure":"true"}}' ``` After applying the patch, restart the Argo CD server: ```bash kubectl rollout restart deployment argocd-server -n argocd ``` ## Step 11: Create HTTPRoutes Create `httproute.yaml` to route traffic to the Argo CD dashboard: ```yaml apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: argocd-route namespace: argocd spec: parentRefs: - name: api-gateway namespace: default hostnames: - argocd.yourdomain.com rules: - matches: - path: type: PathPrefix value: / backendRefs: - name: argocd-server namespace: argocd port: 80 ``` ```bash kubectl apply -f httproute.yaml ``` Create `app-http-route.yaml` to route traffic to your application: ```yaml apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: host-route namespace: default spec: parentRefs: - name: api-gateway namespace: default hostnames: - apigateway.yourdomain.com rules: - matches: - path: type: PathPrefix value: / backendRefs: - name: backend-1 port: 80 ``` ```bash kubectl apply -f app-http-route.yaml ``` Verify routes: ```bash kubectl get httproute -A ``` ## Step 12: Securely Access Argo CD Once DNS is configured and TLS is issued, access the Argo CD dashboard at: ``` https://argocd.yourdomain.com ``` ## Step 13: Login to the Dashboard **Username:** `admin` Retrieve the initial admin password: ```bash kubectl get secret argocd-initial-admin-secret -n argocd \ -o jsonpath="{.data.password}" | base64 -d ``` Use the retrieved password along with username `admin` to log in. ## Step 14: Configure an Argo CD Application 1. Log in to the **Argo CD UI** 2. Click **New App** or **Create Application** 3. Enter the **Application Name** 4. Select the **Project** (use `default` if no custom project is created) 5. Under **Source**: - **Repository URL**: Provide the GitHub repository URL - **Revision**: Specify the branch name (e.g., `main`) - **Path**: Enter the path where Kubernetes YAML files are located 6. Under **Destination**: - **Cluster URL**: Select or enter the target Kubernetes cluster - **Namespace**: Specify the namespace for deployment 7. Configure the **Sync Policy**: - **Automatic** — for auto-deployment - **Manual** — for manual sync 8. Click **Create** to save the application 9. Click **Sync** to deploy the resources ## Step 15: Access the Application After the application is successfully deployed to the Kubernetes cluster using Argo CD, it is exposed externally using the Kubernetes Gateway API and can be accessed via the configured domain name: ``` https://argoapp.yourdomain.com ``` --- *This concludes the application deployment process on the E2E Kubernetes cluster using Argo CD.* ---