Argo CD Setup on E2E Kubernetes

What is Argo CD?

Argo CD is a Kubernetes-native Continuous Deployment (CD) tool that follows the GitOps model. It continuously monitors running Kubernetes clusters and ensures that the actual cluster state matches the desired state defined in Git repositories.

Unlike traditional CD tools that use push-based deployments, Argo CD works in a pull-based manner. It pulls application manifests from Git and automatically applies them to Kubernetes.

Git becomes the single source of truth for both application configuration and infrastructure.

Step 1: Prerequisites

Make sure you have:

Running E2E Kubernetes cluster
kubectl access
Domain
Public LB IP available for Gateway
Git repository with Kubernetes manifests

Verify cluster:

kubectl get nodes

Step 2: Install the Gateway API CRDs and Envoy Gateway

helm install eg oci://docker.io/envoyproxy/gateway-helm \
  --version v1.6.1 \
  -n envoy-gateway-system \
  --create-namespace

Step 3: Wait for Envoy Gateway to Become Available

kubectl wait --timeout=5m \
  -n envoy-gateway-system \
  deployment/envoy-gateway \
  --for=condition=Available

Verify pods:

kubectl get pods -n envoy-gateway-system

Reference for installation: https://gateway.envoyproxy.io/v1.6/install/install-helm/

Step 4: Create GatewayClass

A GatewayClass tells Kubernetes which controller manages Gateways.

Create gatewayclass.yaml:

apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
  name: envoy-gateway-class
spec:
  controllerName: gateway.envoyproxy.io/gatewayclass-controller

kubectl apply -f gatewayclass.yaml
kubectl get gatewayclass

Step 5: Create Gateway

Create gateway.yaml:

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: api-gateway
  namespace: default
spec:
  gatewayClassName: envoy-gateway-class
  listeners:
    - name: http
      protocol: HTTP
      port: 80
      allowedRoutes:
        namespaces:
          from: All
    - name: https
      protocol: HTTPS
      port: 443
      tls:
        mode: Terminate
        certificateRefs:
          - name: apigateway-tls
      allowedRoutes:
        namespaces:
          from: All

kubectl apply -f gateway.yaml

Get the Gateway's external IP:

kubectl get gateway

Step 6: DNS Configuration

Create an A record in your domain provider pointing your subdomain to the Gateway's external IP:

Type	Name	Value
A	argocd	`<Gateway-External-IP>`

Verify DNS propagation:

dig argocd.yourdomain.com

Step 7: Install cert-manager

cert-manager automates TLS certificate issuance and renewal.

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.5/cert-manager.yaml

Verify:

kubectl get pods -n cert-manager

Step 8: Create Let's Encrypt ClusterIssuer

Create clusterissuer.yaml:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    email: your-email@yourdomain.com
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-prod-key
    solvers:
      - http01:
          gatewayHTTPRoute:
            parentRefs:
              - name: api-gateway

kubectl apply -f clusterissuer.yaml
kubectl get clusterissuer

Step 9: Request TLS Certificate

Create certificate.yaml:

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: apigateway-cert
spec:
  secretName: apigateway-tls
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
  dnsNames:
    - argocd.yourdomain.com    # This is for Argo CD Dashboard
    - argoapp.yourdomain.com   # This is for Application

kubectl apply -f certificate.yaml

Step 10: Install Argo CD

Reference: https://argo-cd.readthedocs.io/en/stable/getting_started/

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

Note: You can also use Helm to install Argo CD.

Verify pods are running:

kubectl get pods -n argocd

Disable HTTPS Redirect in Argo CD

When Argo CD is deployed behind a Gateway or Load Balancer that terminates TLS, the Argo CD server must be configured to trust the upstream TLS termination:

kubectl patch configmap argocd-cmd-params-cm -n argocd \
  --type merge \
  -p '{"data":{"server.insecure":"true"}}'

After applying the patch, restart the Argo CD server:

kubectl rollout restart deployment argocd-server -n argocd

Step 11: Create HTTPRoutes

Create httproute.yaml to route traffic to the Argo CD dashboard:

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: argocd-route
  namespace: argocd
spec:
  parentRefs:
    - name: api-gateway
      namespace: default
  hostnames:
    - argocd.yourdomain.com
  rules:
    - matches:
        - path:
            type: PathPrefix
            value: /
      backendRefs:
        - name: argocd-server
          namespace: argocd
          port: 80

kubectl apply -f httproute.yaml

Create app-http-route.yaml to route traffic to your application:

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: host-route
  namespace: default
spec:
  parentRefs:
    - name: api-gateway
      namespace: default
  hostnames:
    - apigateway.yourdomain.com
  rules:
    - matches:
        - path:
            type: PathPrefix
            value: /
      backendRefs:
        - name: backend-1
          port: 80

kubectl apply -f app-http-route.yaml

Verify routes:

kubectl get httproute -A

Step 12: Securely Access Argo CD

Once DNS is configured and TLS is issued, access the Argo CD dashboard at:

https://argocd.yourdomain.com

Username: admin

Retrieve the initial admin password:

kubectl get secret argocd-initial-admin-secret -n argocd \
  -o jsonpath="{.data.password}" | base64 -d

Use the retrieved password along with username admin to log in.

Step 14: Configure an Argo CD Application

Log in to the Argo CD UI
Click New App or Create Application
Enter the Application Name
Select the Project (use default if no custom project is created)
Under Source:
- Repository URL: Provide the GitHub repository URL
- Revision: Specify the branch name (e.g., main)
- Path: Enter the path where Kubernetes YAML files are located
Under Destination:
- Cluster URL: Select or enter the target Kubernetes cluster
- Namespace: Specify the namespace for deployment
Configure the Sync Policy:
- Automatic — for auto-deployment
- Manual — for manual sync
Click Create to save the application
Click Sync to deploy the resources

Step 15: Access the Application

After the application is successfully deployed to the Kubernetes cluster using Argo CD, it is exposed externally using the Kubernetes Gateway API and can be accessed via the configured domain name:

https://argoapp.yourdomain.com

This concludes the application deployment process on the E2E Kubernetes cluster using Argo CD.

What is Argo CD?​

Step 1: Prerequisites​

Step 2: Install the Gateway API CRDs and Envoy Gateway​

Step 3: Wait for Envoy Gateway to Become Available​

Step 4: Create GatewayClass​

Step 5: Create Gateway​

Step 6: DNS Configuration​

Step 7: Install cert-manager​

Step 8: Create Let's Encrypt ClusterIssuer​

Step 9: Request TLS Certificate​

Step 10: Install Argo CD​

Disable HTTPS Redirect in Argo CD​

Step 11: Create HTTPRoutes​

Step 12: Securely Access Argo CD​

Step 13: Login to the Dashboard​

Step 14: Configure an Argo CD Application​

Step 15: Access the Application​