Login to azure
az login
get aks credentials which will be stored in the kubeconfig
az aks get-credentials --name <resourcename> --resource-group <resourcegroup>
output the list of clusters
az aks list -o table
if needed, set kubectx and kubens accordingly
For windows: as im working with multiple different clusters, i found it useful to separate them to different config files. So when i start a terminal im working on a clean kubeconfig which in my case has the docker desktop cluster as context I save that context as temporary variable kubeconfig_saved, wo which i can later restore the state when im done working on the current cluster
$Env:KUBECONFIG_SAVED=$ENV:KUBECONFIG
to switch to another kubeconfig file, i run the following command
$Env:KUBECONFIG="$Env:KUBECONFIG;$HOME\.kube\config_wf"
get aks credentials which will be stored in the kubeconfig
az aks get-credentials --name <resourcename> --resource-group <resourcegroup>
afterwards i can restore the initial clean state via
$ENV:KUBECONFIG=$Env:KUBECONFIG_SAVED
command to display current contexts in kubeconfig
k config get-contexts
not required now but helps to keep clean config location later on
mkdir argocd
cd argocd
Create the new namespace
k create namespace argocd
Install argocd from githubs install.yaml
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
Patch argocd server from ClusterIP to LoadBalancer
Unix:
kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "LoadBalancer"}}'
Windows:
kubectl patch svc argocd-server -n argocd -p '{\"spec\": {\"type\": \"LoadBalancer\"}}'
kubectl port-forward svc/argocd-server -n argocd 8080:443
https://cpj.argocd.trainings.nvtc.io/argocd/applications
Or you can get the IP address via:
k get ing -n cpj-ns-argocd
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
argocd login cpj.argocd.trainings.nvtc.io --core
to login to admin account use:
argocd login cpj.argocd.trainings.nvtc.io --username admin --grpc-web-root-path /argocd
After you have successfully connected your terminal to argocd, you will have to setup the following inside of argocd:
- Add Gitlab Repository to ArgoCD allowed repositories
- Create Users through RBAC
kubect get configmap argocd-cm -n argocd -o yaml > argocd-cm.yml
add the following to argocd-cm.yml
data:
# add an additional local user with apiKey and login capabilities
# apiKey - allows generating API keys
# login - allows to login using UI
accounts.student1: apiKey, login
apply changes
kubectl apply -f .\argocd-cm.yml
verify the new users exists
argocd account list
update password of new user
argocd account update-password --account student1 --new-password student1
export argo cds rbac configuration to the local directory argocd/
kubectl get configmap argocd-rbac-cm -n argocd -o yaml > argocd-rbac.yml
add following to the bottom of the newly generated file
data:
policy.csv: |
p, role:org-admin, applications, *, */*, allow
p, role:org-admin, clusters, get, *, allow
p, role:org-admin, projects, get, default, allow
p, role:org-admin, projects, get, training, allow
p, role:org-admin, repositories, get, *, allow
p, role:org-admin, repositories, create, *, allow
p, role:org-admin, repositories, update, *, allow
g, student0, role:org-admin
g, student1, role:org-admin
....
or set default role to org-admin
k apply -f .\argocd-rbac.yml
Now you should be able to login with the newly created student1 and create repositories,clusters and applications
Here is a list of possible failures with argo and how to correct them
When users set the wrong repository info (wrong credentials, typo, wrong url format) then that repo entry blocks any new repo entries with the same url. Therefore, the repo must first be deleted, which cant be done via UI-
To do this, login with admin credentials as described in line 102. Enter
argocd repo rm <REPO-URL>
the repo is now deleted and users can reenter repo info. make sure theyre using the clone-url with the .git ending!!