ArgoCD Installation
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
helm repo add argo https://argoproj.github.io/argo-helm ### Add repository
helm install my-argo-cd argo/argo-cd --version 4.8.0
curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64
chmod +x /usr/local/bin/argocd
ArgoCD Application
argocd app create color-app \
--repo https://github.com/sid/app-1.git \
--path team-a/color-app \
--dest-namespace color \
--dest-server https://kubernetes.default.svc
OU
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: color-app
namespace: argocd
spec:
project: default
source:
repoURL: https://github.com/sid/app-1.git
targetRevision: HEAD
path: team-a/color
destination:
server: https://kubernetes.default.svc
namespace: color
syncPolicy:
automated:
selfHeal: true
syncOptions:
- CreateNamespace=true
ArgoCD AppProject
kubectl get appproject -n argocd
kubectl get appproject default -o yaml -n argocd
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: default
namespace: argocd
spec:
clusterResourceWhitelist:
- group: '*'
kind: '*'
destinations:
- namespace: '*'
server: '*'
sourceRepos:
- '*'
ArgoCD - Deploy HELM Chart
argocd app create random-shapes \
--repo https://github.com/sidd-harth/test-cd.git \
--path helm-chart \ --helm-set replicaCount=2 \
--helm-set color.circle=pink \
--helm-set color.square=violet \
--helm-set service.type=NodePort \
--dest-namespace default \
--dest-server https://kubernetes.default.svc
Depuis un Repo:
argocd app create nginx \
--repo https://charts.bitnami.com/bitnami \
--helm-chart nginx \
--revision 12.0.3 \
--values-literal-file values.yaml \
--dest-namespace default \
--dest-server https://kubernetes.default.svc
Afficher l'application
argocd app get nginx
Name: nginx
Project: default
Server: https://kubernetes.default.svc
Namespace: default
URL: https://10.99.148.201/applications/nginx
Repo: https://charts.bitnami.com/bitnami
Target: 12.0.3
SyncWindow: Sync Allowed
Sync Status: Synced to 12.0.3
Health Status: Healthy
GROUP KIND NAMESPACE NAME STATUS HEALTH MESSAGE
Service default nginx Synced Healthy service/nginx created
apps Deployment default nginx Synced Healthy deployment.apps/nginx created
ArgoCD Multi-Cluster Deployment
kubectl config set-cluster prod --server=https://1.2.3.4 \
--certificate-authority=prod.crt User "admin"
kubectl config set-context admin-prod --cluster=prod \
--user=admin --namespace=prod-app Context "admin-prod"
kubectl config set-context admin-prod --cluster=prod \
--user=admin --namespace=prod-app Context "admin-prod"
Ajoute de cluster
argocd cluster add admin-prod
INFO[0011] ServiceAccount "argocd-manager" created in namespace "kube-system"
INFO[0011] ClusterRole "argocd-manager-role" created
INFO[0011] ClusterRoleBinding "argocd-manager-role-binding" created Cluster 'https://1.2.3.4' added
User Management
$ argocd account list
NAME ENABLED CAPABILITIES
admin true login
jai true apiKey, login
Créer un account
$ kubectl -n argocd patch configmap argocd-cm --patch='{"data":{"accounts.jai": "apiKey,login"}}'
configmap/argocd-cm patched
$ kubectl -n argocd patch configmap argocd-cm --patch='{"data":{"accounts.ali": "apiKey,login"}}'
configmap/argocd-cm patched
MAJ de Password
$ argocd account update-password --account devops
*** Enter password of currently logged in user (admin):
*** Enter new password for user jai:
*** Confirm new password for user devops:
RBAC La règle:
p, <role/user/group>, <resource>, <action>, <project>/<object>
La commande:
$ kubectl -n argocd patch configmap argocd-rbac-cm \
--patch='{"data":{"policy.default": "role:readonly"}}'
$ kubectl -n argocd patch configmap argocd-rbac-cm \
--patch='{"data":{"policy.csv":"p, role:create-cluster, clusters, create, *, allow\ng, jai, role:create-cluster"}}'
Test:
argocd account can-i create clusters '*'
Projet Kia Admin
$ kubectl -n argocd patch configmap argocd-rbac-cm
\ --patch='{"data":{"policy.csv": "p, role:kia-admins, applications, *, kia-project/*, allow\ng, ali, role:kia-admins"}}'
Test
$ argocd account can-i sync applications kia-project/*
Cmd
kubectl edit cm argocd-cm
Edit
apiVersion: v1
data:
accounts.adminuser: apiKey,login
accounts.exploit: apiKey,login
accounts.dev: admin,apiKey,login
accounts.devops: admin,apiKey,login
accounts.exploit: apiKey,login
accounts.jai: apiKey,login
admin.enabled: "true"
application.instanceLabelKey: argocd.argoproj.io/instance
exec.enabled: "false"
server.rbac.log.enforce.enable: "false"
timeout.hard.reconciliation: 0s
timeout.reconciliation: 180s
kind: ConfigMap
metadata:
annotations:
meta.helm.sh/release-name: argo-cd
meta.helm.sh/release-namespace: default
creationTimestamp: "2024-10-25T17:11:22Z"
labels:
app.kubernetes.io/component: server
app.kubernetes.io/instance: argo-cd
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: argocd-cm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: v2.8.4
helm.sh/chart: argo-cd-5.46.8
name: argocd-cm
namespace: default
resourceVersion: "18748871"
uid: 9247e5d2-b313-4137-86f2-78addcb5635b
**
RBAC des Users
Commande
kubectl edit cm argocd-rbac-cm
Edit
apiVersion: v1
data:
policy.csv: |
p, role:devops-role, *, *, *, allow
p, role:read-only-role, *, *, get, allow
g, devops, role:devops-role
g, dev, role:read-only-role
policy.default: role:readonly
scopes: '[groups]'
kind: ConfigMap
metadata:
annotations:
meta.helm.sh/release-name: argo-cd
meta.helm.sh/release-namespace: default
creationTimestamp: "2024-10-25T17:11:22Z"
labels:
app.kubernetes.io/component: server
app.kubernetes.io/instance: argo-cd
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: argocd-rbac-cm
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: v2.8.4
helm.sh/chart: argo-cd-5.46.8
name: argocd-rbac-cm
namespace: default
resourceVersion: "18948190"
uid: 5d964882-3073-4c38-bfa0-17b90bbefbb1
Plus des commande sur user argocd cli
List accounts
argocd account list
Update the current user's password
argocd account update-password
Can I sync any app?
argocd account can-i sync applications '*'
Get User information
argocd account get-user-info
Plus d info: argocd_account