argocd-secops-tutorial
# Install argo CD | |
[centos@ip-172-31-8-215 argocd]$ kubectl create namespace argocd | |
namespace/argocd created | |
[centos@ip-172-31-8-215 argocd]$ kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml | |
customresourcedefinition.apiextensions.k8s.io/applications.argoproj.io created | |
customresourcedefinition.apiextensions.k8s.io/appprojects.argoproj.io created | |
serviceaccount/argocd-application-controller created | |
serviceaccount/argocd-dex-server created | |
serviceaccount/argocd-server created | |
role.rbac.authorization.k8s.io/argocd-application-controller created | |
role.rbac.authorization.k8s.io/argocd-dex-server created | |
role.rbac.authorization.k8s.io/argocd-server created | |
clusterrole.rbac.authorization.k8s.io/argocd-application-controller created | |
clusterrole.rbac.authorization.k8s.io/argocd-server created | |
rolebinding.rbac.authorization.k8s.io/argocd-application-controller created | |
rolebinding.rbac.authorization.k8s.io/argocd-dex-server created | |
rolebinding.rbac.authorization.k8s.io/argocd-server created | |
clusterrolebinding.rbac.authorization.k8s.io/argocd-application-controller created | |
clusterrolebinding.rbac.authorization.k8s.io/argocd-server created | |
configmap/argocd-cm created | |
configmap/argocd-rbac-cm created | |
configmap/argocd-ssh-known-hosts-cm created | |
configmap/argocd-tls-certs-cm created | |
secret/argocd-secret created | |
service/argocd-dex-server created | |
service/argocd-metrics created | |
service/argocd-redis created | |
service/argocd-repo-server created | |
service/argocd-server-metrics created | |
service/argocd-server created | |
deployment.apps/argocd-application-controller created | |
deployment.apps/argocd-dex-server created | |
deployment.apps/argocd-redis created | |
deployment.apps/argocd-repo-server created | |
deployment.apps/argocd-server created | |
[centos@ip-172-31-8-215 argocd]$ | |
# There are 2 CRDs - applications and appprojects. | |
# Configmaps, RBAC permissions | |
# We need to expose argocd-server outside the cluster | |
[centos@ip-172-31-8-215 argocd]$ kubectl get all -n argocd | |
NAME READY STATUS RESTARTS AGE | |
pod/argocd-application-controller-68f8bf79d8-rrtwb 1/1 Running 0 19m | |
pod/argocd-dex-server-5994988c7f-jk42n 1/1 Running 0 19m | |
pod/argocd-redis-78c9595d44-pkgpp 1/1 Running 0 19m | |
pod/argocd-repo-server-775496b8dd-wr7dx 1/1 Running 0 19m | |
pod/argocd-server-56db6f6cb6-rl9ks 1/1 Running 0 19m | |
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE | |
service/argocd-dex-server ClusterIP 10.110.249.95 <none> 5556/TCP,5557/TCP 19m | |
service/argocd-metrics ClusterIP 10.110.6.191 <none> 8082/TCP 19m | |
service/argocd-redis ClusterIP 10.108.93.90 <none> 6379/TCP 19m | |
service/argocd-repo-server ClusterIP 10.111.133.223 <none> 8081/TCP,8084/TCP 19m | |
service/argocd-server ClusterIP 10.96.199.175 <none> 80/TCP,443/TCP 19m | |
service/argocd-server-metrics ClusterIP 10.102.185.137 <none> 8083/TCP 19m | |
NAME READY UP-TO-DATE AVAILABLE AGE | |
deployment.apps/argocd-application-controller 1/1 1 1 19m | |
deployment.apps/argocd-dex-server 1/1 1 1 19m | |
deployment.apps/argocd-redis 1/1 1 1 19m | |
deployment.apps/argocd-repo-server 1/1 1 1 19m | |
deployment.apps/argocd-server 1/1 1 1 19m | |
NAME DESIRED CURRENT READY AGE | |
replicaset.apps/argocd-application-controller-68f8bf79d8 1 1 1 19m | |
replicaset.apps/argocd-dex-server-5994988c7f 1 1 1 19m | |
replicaset.apps/argocd-redis-78c9595d44 1 1 1 19m | |
replicaset.apps/argocd-repo-server-775496b8dd 1 1 1 19m | |
replicaset.apps/argocd-server-56db6f6cb6 1 1 1 19m | |
[centos@ip-172-31-8-215 argocd]$ | |
# Let us expose argocd server using a NodePort for this tutorial | |
[centos@ip-172-31-8-215 argocd]$ kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "NodePort"}}' | |
service/argocd-server patched | |
[centos@ip-172-31-8-215 argocd]$ kubectl get svc -n argocd argocd-server | |
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE | |
argocd-server NodePort 10.96.199.175 <none> 80:32623/TCP,443:30058/TCP 23m | |
[centos@ip-172-31-8-215 argocd]$ | |
# So now we can access argocd server on nodeport 30058 | |
# Let us first change the default password (name of argocd-server pod) for admin user. | |
[centos@ip-172-31-8-215 argocd]$ kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o name | cut -d'/' -f 2 | |
argocd-server-56db6f6cb6-rl9ks | |
[centos@ip-172-31-8-215 argocd]$ argocd login 10.96.199.175 | |
WARNING: server certificate had error: x509: cannot validate certificate for 10.96.199.175 because it doesn't contain any IP SANs. Proceed insecurely (y/n)? y | |
Username: admin | |
Password: | |
'admin' logged in successfully | |
Context '10.96.199.175' updated | |
[centos@ip-172-31-8-215 argocd]$ argocd account update-password | |
*** Enter current password: | |
*** Enter new password: | |
*** Confirm new password: | |
Password updated | |
Context '10.96.199.175' updated | |
[centos@ip-172-31-8-215 argocd]$ | |
# Argo CD ui is very intuitive. Follow through the ui to add your github repo and add your policy folder to sync. | |
# Let us sync via CLI | |
[centos@ip-172-31-8-215 argocd]$ argocd | |
argocd controls a Argo CD server | |
Usage: | |
argocd [flags] | |
argocd [command] | |
Available Commands: | |
account Manage account settings | |
app Manage applications | |
cert Manage repository certificates and SSH known hosts entries | |
cluster Manage cluster credentials | |
completion output shell completion code for the specified shell (bash or zsh) | |
context Switch between contexts | |
help Help about any command | |
login Log in to Argo CD | |
logout Log out from Argo CD | |
proj Manage projects | |
relogin Refresh an expired authenticate token | |
repo Manage git repository connection parameters | |
version Print version information | |
Flags: | |
--auth-token string Authentication token | |
--config string Path to Argo CD config (default "/home/centos/.argocd/config") | |
--grpc-web Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. | |
-h, --help help for argocd | |
--insecure Skip server certificate and domain verification | |
--loglevel string Set the logging level. One of: debug|info|warn|error (default "info") | |
--plaintext Disable TLS | |
--server string Argo CD server address | |
--server-crt string Server certificate file | |
Use "argocd [command] --help" for more information about a command. | |
[centos@ip-172-31-8-215 hep]$ argocd app list | |
NAME CLUSTER NAMESPACE PROJECT STATUS HEALTH SYNCPOLICY CONDITIONS REPO PATH TARGET | |
secops https://kubernetes.default.svc default default OutOfSync Missing <none> <none> https://github.com/bikram20/k8sconfig secops HEAD | |
[centos@ip-172-31-8-215 hep]$ | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment