# ArgoCD Installation Guide

This guide describes how to install and configure ArgoCD in a Kubernetes cluster.

<br/>

## Prerequisites

- Kubernetes cluster
- Helm 3
- Ingress controller (nginx)
- Domain for ArgoCD (e.g., argocd.somaz.link)

<br/>

## Installation Steps

<br/>

### 1. Prepare Helm Chart

```bash
# Clone repository
git clone https://github.com/argoproj/argo-helm.git
# Add Helm repository
helm repo add argo https://argoproj.github.io/argo-helm
# Copy and prepare files
cp -r argo-helm/charts/argo-cd .
cd argo-cd/
mkdir -p values
cp values.yaml values/mgmt.yaml
# Update dependencies
helm dependency update
# Clean up
rm -rf argo-helm
```

<br/>

### 2. Configure SSH Known Hosts
Get the SSH known hosts keys for your Git repositories:

```bash
ssh-keyscan gitlab.your-domain.com
```

<br/>

### 3. Configure values.yaml
Create `values/mgmt.yaml` with the following configuration (adjust according to your needs):

```yaml
global:
  domain: argocd.your-domain.com

configs:
  params:
    create: true
    server.insecure: true # TODO: If you want to use SSL, please set this to false

  ssh:
    extraHosts: |
      # Add your SSH known hosts here
      gitlab.concrit.us ssh-rsa AAAAB3N...
      gitlab.concrit.us ecdsa-sha2-nistp256...
      gitlab.concrit.us ssh-ed25519 AAAA..

controller:
  replicas: 1

dex:
  enabled: true

redis:
  enabled: true

server:
  replicas: 1
  ingress:
    enabled: true
    annotations:
      nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
      nginx.ingress.kubernetes.io/ssl-passthrough: "false"
    ingressClassName: "nginx"
    path: /
    pathType: Prefix

repoServer:
  replicas: 1

applicationSet:
  replicas: 1

notifications:
  enabled: true
```

<br/>

### 4. Install with Helm
```bash
# Validate configuration
helm lint --values ./values/mgmt.yaml

# Preview installation (optional)
helm install argocd . -n argocd -f ./values/mgmt.yaml --create-namespace --dry-run --debug

# Install
helm install argocd . -n argocd -f ./values/mgmt.yaml --create-namespace

# Upgrade (if needed)
helm upgrade argocd . -n argocd -f ./values/mgmt.yaml
```

<br/>

### 5. Verify Installation
```bash
kubectl get po -n argocd
```

<br/>

### 6. Get Initial Admin Password
```bash
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
```

<br/>

## Post-Installation Configuration

<br/>

### 1. Install ArgoCD CLI
```bash
brew install argocd
```

<br/>

### 2. Login to ArgoCD
```bash
argocd login argocd.your-domain.com
```

<br/>

### 3. Add Cluster to ArgoCD
```bash
argocd cluster add your-context@your-cluster --name your-cluster-name --system-namespace argocd
```

<br/>

### 4. Configure CI/CD User

1. Create a CI/CD user account in your Git provider
2. Generate SSH key for CI/CD:
```bash
ssh-keygen -t rsa -b 4096 -C "cicd@your-domain.com" -f ~/.ssh/id_rsa_cicd
```

3. Add the public key to the CI/CD user's SSH keys in your Git provider

<br/>

### 5. Create Repository Secret

Create a secret for Git repository access:

```yaml
apiVersion: v1
kind: Secret
metadata:
  name: gitlab-appset-repo-secret
  namespace: argocd
  labels:
    argocd.argoproj.io/secret-type: repository
stringData:
  type: git
  url: git@gitlab.your-domain.com:your-group/your-repo.git
  sshPrivateKey: |
    -----BEGIN OPENSSH PRIVATE KEY-----
    [Your private key content here]
    -----END OPENSSH PRIVATE KEY-----
```

Apply the secret:
```bash
kubectl apply -f gitlab-appset-repo-secret.yaml -n argocd
```

<br/>

## Key Features
- Web UI for application deployment and management
- SSO integration with Dex
- Git repository integration
- Automated sync and deployment
- Application health monitoring
- Notifications support

<br/>

## Security Notes
- Change the default admin password immediately after installation
- Configure SSL/TLS for secure access
- Review and update SSH known hosts as needed
- Consider enabling additional security features based on your requirements
- Store SSH keys and secrets securely
- Use dedicated CI/CD accounts with limited permissions
- Regularly rotate SSH keys and credentials
- Monitor repository access and activities

<br/>

## References
- https://argo-cd.readthedocs.io/en/stable/getting_started/
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
- https://argo-cd.readthedocs.io/en/stable/operator-manual/security/
- https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/