Last active
October 14, 2019 13:17
-
-
Save bikramgupta/9c24c14f0177b9862f7b628a880f7568 to your computer and use it in GitHub Desktop.
argocd-secops-tutorial
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Install argo CD | |
[centos@ip-172-31-8-215 argocd]$ kubectl create namespace argocd | |
namespace/argocd created | |
[centos@ip-172-31-8-215 argocd]$ kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml | |
customresourcedefinition.apiextensions.k8s.io/applications.argoproj.io created | |
customresourcedefinition.apiextensions.k8s.io/appprojects.argoproj.io created | |
serviceaccount/argocd-application-controller created | |
serviceaccount/argocd-dex-server created | |
serviceaccount/argocd-server created | |
role.rbac.authorization.k8s.io/argocd-application-controller created | |
role.rbac.authorization.k8s.io/argocd-dex-server created | |
role.rbac.authorization.k8s.io/argocd-server created | |
clusterrole.rbac.authorization.k8s.io/argocd-application-controller created | |
clusterrole.rbac.authorization.k8s.io/argocd-server created | |
rolebinding.rbac.authorization.k8s.io/argocd-application-controller created | |
rolebinding.rbac.authorization.k8s.io/argocd-dex-server created | |
rolebinding.rbac.authorization.k8s.io/argocd-server created | |
clusterrolebinding.rbac.authorization.k8s.io/argocd-application-controller created | |
clusterrolebinding.rbac.authorization.k8s.io/argocd-server created | |
configmap/argocd-cm created | |
configmap/argocd-rbac-cm created | |
configmap/argocd-ssh-known-hosts-cm created | |
configmap/argocd-tls-certs-cm created | |
secret/argocd-secret created | |
service/argocd-dex-server created | |
service/argocd-metrics created | |
service/argocd-redis created | |
service/argocd-repo-server created | |
service/argocd-server-metrics created | |
service/argocd-server created | |
deployment.apps/argocd-application-controller created | |
deployment.apps/argocd-dex-server created | |
deployment.apps/argocd-redis created | |
deployment.apps/argocd-repo-server created | |
deployment.apps/argocd-server created | |
[centos@ip-172-31-8-215 argocd]$ | |
# There are 2 CRDs - applications and appprojects. | |
# Configmaps, RBAC permissions | |
# We need to expose argocd-server outside the cluster | |
[centos@ip-172-31-8-215 argocd]$ kubectl get all -n argocd | |
NAME READY STATUS RESTARTS AGE | |
pod/argocd-application-controller-68f8bf79d8-rrtwb 1/1 Running 0 19m | |
pod/argocd-dex-server-5994988c7f-jk42n 1/1 Running 0 19m | |
pod/argocd-redis-78c9595d44-pkgpp 1/1 Running 0 19m | |
pod/argocd-repo-server-775496b8dd-wr7dx 1/1 Running 0 19m | |
pod/argocd-server-56db6f6cb6-rl9ks 1/1 Running 0 19m | |
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE | |
service/argocd-dex-server ClusterIP 10.110.249.95 <none> 5556/TCP,5557/TCP 19m | |
service/argocd-metrics ClusterIP 10.110.6.191 <none> 8082/TCP 19m | |
service/argocd-redis ClusterIP 10.108.93.90 <none> 6379/TCP 19m | |
service/argocd-repo-server ClusterIP 10.111.133.223 <none> 8081/TCP,8084/TCP 19m | |
service/argocd-server ClusterIP 10.96.199.175 <none> 80/TCP,443/TCP 19m | |
service/argocd-server-metrics ClusterIP 10.102.185.137 <none> 8083/TCP 19m | |
NAME READY UP-TO-DATE AVAILABLE AGE | |
deployment.apps/argocd-application-controller 1/1 1 1 19m | |
deployment.apps/argocd-dex-server 1/1 1 1 19m | |
deployment.apps/argocd-redis 1/1 1 1 19m | |
deployment.apps/argocd-repo-server 1/1 1 1 19m | |
deployment.apps/argocd-server 1/1 1 1 19m | |
NAME DESIRED CURRENT READY AGE | |
replicaset.apps/argocd-application-controller-68f8bf79d8 1 1 1 19m | |
replicaset.apps/argocd-dex-server-5994988c7f 1 1 1 19m | |
replicaset.apps/argocd-redis-78c9595d44 1 1 1 19m | |
replicaset.apps/argocd-repo-server-775496b8dd 1 1 1 19m | |
replicaset.apps/argocd-server-56db6f6cb6 1 1 1 19m | |
[centos@ip-172-31-8-215 argocd]$ | |
# Let us expose argocd server using a NodePort for this tutorial | |
[centos@ip-172-31-8-215 argocd]$ kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "NodePort"}}' | |
service/argocd-server patched | |
[centos@ip-172-31-8-215 argocd]$ kubectl get svc -n argocd argocd-server | |
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE | |
argocd-server NodePort 10.96.199.175 <none> 80:32623/TCP,443:30058/TCP 23m | |
[centos@ip-172-31-8-215 argocd]$ | |
# So now we can access argocd server on nodeport 30058 | |
# Let us first change the default password (name of argocd-server pod) for admin user. | |
[centos@ip-172-31-8-215 argocd]$ kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o name | cut -d'/' -f 2 | |
argocd-server-56db6f6cb6-rl9ks | |
[centos@ip-172-31-8-215 argocd]$ argocd login 10.96.199.175 | |
WARNING: server certificate had error: x509: cannot validate certificate for 10.96.199.175 because it doesn't contain any IP SANs. Proceed insecurely (y/n)? y | |
Username: admin | |
Password: | |
'admin' logged in successfully | |
Context '10.96.199.175' updated | |
[centos@ip-172-31-8-215 argocd]$ argocd account update-password | |
*** Enter current password: | |
*** Enter new password: | |
*** Confirm new password: | |
Password updated | |
Context '10.96.199.175' updated | |
[centos@ip-172-31-8-215 argocd]$ | |
# Argo CD ui is very intuitive. Follow through the ui to add your github repo and add your policy folder to sync. | |
# Let us sync via CLI | |
[centos@ip-172-31-8-215 argocd]$ argocd | |
argocd controls a Argo CD server | |
Usage: | |
argocd [flags] | |
argocd [command] | |
Available Commands: | |
account Manage account settings | |
app Manage applications | |
cert Manage repository certificates and SSH known hosts entries | |
cluster Manage cluster credentials | |
completion output shell completion code for the specified shell (bash or zsh) | |
context Switch between contexts | |
help Help about any command | |
login Log in to Argo CD | |
logout Log out from Argo CD | |
proj Manage projects | |
relogin Refresh an expired authenticate token | |
repo Manage git repository connection parameters | |
version Print version information | |
Flags: | |
--auth-token string Authentication token | |
--config string Path to Argo CD config (default "/home/centos/.argocd/config") | |
--grpc-web Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. | |
-h, --help help for argocd | |
--insecure Skip server certificate and domain verification | |
--loglevel string Set the logging level. One of: debug|info|warn|error (default "info") | |
--plaintext Disable TLS | |
--server string Argo CD server address | |
--server-crt string Server certificate file | |
Use "argocd [command] --help" for more information about a command. | |
[centos@ip-172-31-8-215 hep]$ argocd app list | |
NAME CLUSTER NAMESPACE PROJECT STATUS HEALTH SYNCPOLICY CONDITIONS REPO PATH TARGET | |
secops https://kubernetes.default.svc default default OutOfSync Missing <none> <none> https://github.com/bikram20/k8sconfig secops HEAD | |
[centos@ip-172-31-8-215 hep]$ | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment