Login to azure
az loginget aks credentials which will be stored in the kubeconfig
az aks get-credentials --name <resourcename> --resource-group <resourcegroup>output the list of clusters
az aks list -o tableif needed, set kubectx and kubens accordingly
For windows: as im working with multiple different clusters, i found it useful to separate them to different config files. So when i start a terminal im working on a clean kubeconfig which in my case has the docker desktop cluster as context I save that context as temporary variable kubeconfig_saved, wo which i can later restore the state when im done working on the current cluster
$Env:KUBECONFIG_SAVED=$ENV:KUBECONFIGto switch to another kubeconfig file, i run the following command
$Env:KUBECONFIG="$Env:KUBECONFIG;$HOME\.kube\config_wf"get aks credentials which will be stored in the kubeconfig
az aks get-credentials --name <resourcename> --resource-group <resourcegroup>afterwards i can restore the initial clean state via
$ENV:KUBECONFIG=$Env:KUBECONFIG_SAVEDcommand to display current contexts in kubeconfig
k config get-contextsnot required now but helps to keep clean config location later on
mkdir argocd
cd argocd
Create the new namespace
k create namespace argocd Install argocd from githubs install.yaml
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yamlPatch argocd server from ClusterIP to LoadBalancer
Unix:
kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "LoadBalancer"}}'Windows:
kubectl patch svc argocd-server -n argocd -p '{\"spec\": {\"type\": \"LoadBalancer\"}}'kubectl port-forward svc/argocd-server -n argocd 8080:443https://cpj.argocd.trainings.nvtc.io/argocd/applications
Or you can get the IP address via:
k get ing -n cpj-ns-argocdkubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -dargocd login cpj.argocd.trainings.nvtc.io --coreto login to admin account use:
argocd login cpj.argocd.trainings.nvtc.io --username admin --grpc-web-root-path /argocd
After you have successfully connected your terminal to argocd, you will have to setup the following inside of argocd:
- Add Gitlab Repository to ArgoCD allowed repositories
- Create Users through RBAC
kubect get configmap argocd-cm -n argocd -o yaml > argocd-cm.ymladd the following to argocd-cm.yml
data:
# add an additional local user with apiKey and login capabilities
# apiKey - allows generating API keys
# login - allows to login using UI
accounts.student1: apiKey, loginapply changes
kubectl apply -f .\argocd-cm.ymlverify the new users exists
argocd account list update password of new user
argocd account update-password --account student1 --new-password student1export argo cds rbac configuration to the local directory argocd/
kubectl get configmap argocd-rbac-cm -n argocd -o yaml > argocd-rbac.ymladd following to the bottom of the newly generated file
data:
policy.csv: |
p, role:org-admin, applications, *, */*, allow
p, role:org-admin, clusters, get, *, allow
p, role:org-admin, projects, get, default, allow
p, role:org-admin, projects, get, training, allow
p, role:org-admin, repositories, get, *, allow
p, role:org-admin, repositories, create, *, allow
p, role:org-admin, repositories, update, *, allow
g, student0, role:org-admin
g, student1, role:org-admin
....or set default role to org-admin
k apply -f .\argocd-rbac.ymlNow you should be able to login with the newly created student1 and create repositories,clusters and applications
Here is a list of possible failures with argo and how to correct them
When users set the wrong repository info (wrong credentials, typo, wrong url format) then that repo entry blocks any new repo entries with the same url. Therefore, the repo must first be deleted, which cant be done via UI-
To do this, login with admin credentials as described in line 102. Enter
argocd repo rm <REPO-URL>the repo is now deleted and users can reenter repo info. make sure theyre using the clone-url with the .git ending!!