Hello everyone, welcome to the workshop on "Deploy Application in Kubernetes Using GitOps & ArgoCD".
In this workshop we will be working on the following tasks.
Task 1: Deploy an application in your k8 cluster using GitOps and ArgoCD.
Task 2: Deploy a helm chart in your k8 cluster using GitOps and ArgoCD.
Along with these tasks, we will be seeing different functionalities, scopes and best practices of ArgoCD and GitOps.
To follow along with this workshop, you will require a basic understanding of the followings:
- Basic knowledge of Kubernetes and its different resources and components (such as: Deployments, Pods, Services etc).
- Basic understanding of Helm.
- Basic idea of yaml.
- Kubernetes manifests file.
- Basic usage of Kubectl.
- Basic understanding of Docker.
If you full-fill all the requirements, then you are good to go.
Let's start with setting our environment. To start working with ArgoCD.
For this workshop we will be working on our local machine. We'll setup Kubernetes cluster using Kind deploy ArgoCD on our machine.
For production environment, you will need to setup Kubernetes production cluster. ArgoCD setup is same for any environment.
So, before proceeding further, let's setup the environment. To setup environment for the workshop, your local machine should have the following tools pre installed.
We will use kind to create a new cluster on your local machine. Run the following command,
kind create cluster --name kcd-cluster-one
You can check the cluster context and use it.
kubectl config get-contexts
kubectl config use-context kind-kcd-cluster-one
For more info click here
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
Wait until all the required pods are running.
kubectl get secrets/argocd-initial-admin-secret -n argocd --template={{.data.password}} | base64 -d
Since we are working on local machine, we will be exposing the Argocd dashboard through port forwarding. In production, you can use kubernetes Ingress or LoadBalancer to expose ArgoCD Web UI.
Run the following command to port-forward the argocd server. You can expose it to any port.
kubectl port-forward -n argocd svc/argocd-server 8080:80
Login with the username "admin" and password admin password from secret.
Install ArgoCD Cli tool to connect argocd from terminal. The installation guidelines for each operating system are documented here
You can found all the command reference of ArgoCD Cli from here.
Since we are running our argocd in local machine using port forwarding, to connect with the argocd we need to provide the localmachine IP, port and admin credentials. In production, you will need to provide the exposed ArgoCD URL for login along with the admin credentials of ArgoCD.
Run the following command in your machine. Make sure the port-forward is running, before executing the command. To connect with the production ArgoCD, replace the server host and port with your ArgoCD URL along with the admin username and password.
argocd login localhost:8080 --insecure \
--username admin \
--password $(kubectl get secrets/argocd-initial-admin-secret -n argocd --template={{.data.password}} | base64 -d)
Check if its successfully connected or not.
argocd cluster list
Create a new application from ArgoCD UI and deploy the application. Check here for the application descriptors.
We are going to deploy kcd-demo-app in ArgoCD.
REPO URL: https://github.com/shaekhhasanshoron/kcd-demo-app
PATH: kubernetes/manifests
REVISION: HEAD
In manual sync we need to manually sync the updates or commits. ArgoCD supports both of the sync system. However, If you consider GitOps principles, application it needs to automated.
We will update the manifests to check the output. We will update it from Git also from Cluster it-self. We will update the configurations inside the server directly and we will see that ArgoCD will alter that change and move it to the desired state.
Let us see how the re-deploy and rollback feature.
We will create a new project and add another application to that newly created project.
We will set different roles to project.
We will add a git repo in ArgoCD git repo list. We will add kcd-notify-app repo. Run the following command. Here, you will attach token instead of password.
argocd repo get https://github.com/shaekhhasanshoron/kcd-notify-app
Now check the repo list.
argocd repo list
You need to update the argocd-cm configmap and add user data.
kubectl edit cm -n argocd argocd-cm
Add the following code under data and save it.
accounts.shoron: apiKey, login
accounts.shoron.enabled: "true"
Check User list
argocd account list
Since initially newly created your will not have any password, we have to add the password for the new user.
argocd account update-password \
--account shoron \
--current-password $(kubectl get secrets/argocd-initial-admin-secret -n argocd --template={{.data.password}} | base64 -d) \
--new-password Hello@123
By default, new user does not have any permission. You need to provide the permissions to user.
You need to add user permission in a argocd-rbac-cm configmap.
kubectl edit cm -n argocd argocd-rbac-cm
Here is the following format to update permission for user.
p, <role/user/group>, <resource>, <action>, <appproject>/<object>, <allow/deny>
Now edit argocd-rbac-cm configmap and add the following code under data and save it.
policy.csv: |
p, shoron, applications, *, default/*, allow
policy.default: read:readonly
You can add several permissions to it.
policy.csv: |
p, shoron, applications, *, default/*, allow
p, shoron, clusters, get, *, allow
p, shoron, projects, get, default, allow
p, shoron, repositories, *, *, allow
You need to update the argocd-cm configmap and add user data.
kubectl edit cm -n argocd argocd-cm
Create a new application from ArgoCD UI and deploy the application. Check here for the application descriptors.
We are going to deploy kcd-notify-app in ArgoCD.
REPO URL: https://github.com/shaekhhasanshoron/kcd-notify-app
PATH: kubernetes/manifests
REVISION: HEAD
Here we will use ArgoCD CLI to deploy.
argocd app create argocd/applications/kcd-notify.yaml
Hooks can be used while synchronizing your application with ArgoCD. For details click here
Here just to show how does it work, we will create a new file under the manifest folder and add the following code. We are just notify a message to notify service api.
apiVersion: batch/v1
kind: Job
metadata:
generateName: kcd-notify-config-
annotations:
argocd.argoproj.io/hook: PostSync
argocd.argoproj.io/hook-delete-policy: HookSucceeded
argocd.argoproj.io/sync-wave: "1"
spec:
template:
spec:
containers:
- name: kcd-notify
image: curlimages/curl
command:
- "curl"
- "-X"
- "POST"
- "http://kcd-notify.demo:8080/api/notify?message=Synched"
restartPolicy: Never
backoffLimit: 2
We will remove the application.
argocd app delete <app name>
We will create a new application from a public helm repository. We will deploy WildFly app server from https://charts.bitnami.com/bitnami helm repo. We will update parameters and deploy the applications.
REPO URL : https://charts.bitnami.com/bitnami
CHART NAME: wildfly
VERSION: 19.1.1
We have already extracted the WildFly app server chart from https://charts.bitnami.com/bitnami public repo. View the app repository, kcd-wildfly.
REPO URL: https://github.com/shaekhhasanshoron/kcd-wildfly
PATH: helm/wildfly
REVISION: HEAD
We will take a backup of the current state. Run the following command.
argocd -n argocd admin export > backup.yaml
We will update some changes and then import the backup file and check what happens.
argocd -n argocd admin import - < backup.yaml
Please visit Klovercloud.com.