Initial commit

skills/gitops-workflow/references/argocd-setup.md

@@ -0,0 +1,134 @@
+# ArgoCD Setup and Configuration
+
+## Installation Methods
+
+### 1. Standard Installation
+```bash
+kubectl create namespace argocd
+kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
+```
+
+### 2. High Availability Installation
+```bash
+kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/ha/install.yaml
+```
+
+### 3. Helm Installation
+```bash
+helm repo add argo https://argoproj.github.io/argo-helm
+helm install argocd argo/argo-cd -n argocd --create-namespace
+```
+
+## Initial Configuration
+
+### Access ArgoCD UI
+```bash
+# Port forward
+kubectl port-forward svc/argocd-server -n argocd 8080:443
+
+# Get initial admin password
+argocd admin initial-password -n argocd
+```
+
+### Configure Ingress
+```yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: argocd-server-ingress
+  namespace: argocd
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: argocd.example.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: argocd-server
+            port:
+              number: 443
+  tls:
+  - hosts:
+    - argocd.example.com
+    secretName: argocd-secret
+```
+
+## CLI Configuration
+
+### Login
+```bash
+argocd login argocd.example.com --username admin
+```
+
+### Add Repository
+```bash
+argocd repo add https://github.com/org/repo --username user --password token
+```
+
+### Create Application
+```bash
+argocd app create my-app \
+  --repo https://github.com/org/repo \
+  --path apps/my-app \
+  --dest-server https://kubernetes.default.svc \
+  --dest-namespace production
+```
+
+## SSO Configuration
+
+### GitHub OAuth
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-cm
+  namespace: argocd
+data:
+  url: https://argocd.example.com
+  dex.config: |
+    connectors:
+      - type: github
+        id: github
+        name: GitHub
+        config:
+          clientID: $GITHUB_CLIENT_ID
+          clientSecret: $GITHUB_CLIENT_SECRET
+          orgs:
+          - name: my-org
+```
+
+## RBAC Configuration
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-rbac-cm
+  namespace: argocd
+data:
+  policy.default: role:readonly
+  policy.csv: |
+    p, role:developers, applications, *, */dev, allow
+    p, role:operators, applications, *, */*, allow
+    g, my-org:devs, role:developers
+    g, my-org:ops, role:operators
+```
+
+## Best Practices
+
+1. Enable SSO for production
+2. Implement RBAC policies
+3. Use separate projects for teams
+4. Enable audit logging
+5. Configure notifications
+6. Use ApplicationSets for multi-cluster
+7. Implement resource hooks
+8. Configure health checks
+9. Use sync windows for maintenance
+10. Monitor with Prometheus metrics