zhongwei/gh-anton-abyzov-specweave-plugins-specweave-kubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
gh-anton-abyzov-specweave-p…/skills/gitops-workflow/references/argocd-setup.md
Zhongwei Li b441ad1cf4 Initial commit
2025-11-29 17:56:51 +08:00

2.8 KiB
Raw Permalink Blame History

ArgoCD Setup and Configuration

Installation Methods

1. Standard Installation

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

2. High Availability Installation

kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/ha/install.yaml

3. Helm Installation

helm repo add argo https://argoproj.github.io/argo-helm
helm install argocd argo/argo-cd -n argocd --create-namespace

Initial Configuration

Access ArgoCD UI

# Port forward
kubectl port-forward svc/argocd-server -n argocd 8080:443

# Get initial admin password
argocd admin initial-password -n argocd

Configure Ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: argocd-server-ingress
  namespace: argocd
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  ingressClassName: nginx
  rules:
  - host: argocd.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: argocd-server
            port:
              number: 443
  tls:
  - hosts:
    - argocd.example.com
    secretName: argocd-secret

CLI Configuration

Login

argocd login argocd.example.com --username admin

Add Repository

argocd repo add https://github.com/org/repo --username user --password token

Create Application

argocd app create my-app \
  --repo https://github.com/org/repo \
  --path apps/my-app \
  --dest-server https://kubernetes.default.svc \
  --dest-namespace production

SSO Configuration

GitHub OAuth

apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-cm
  namespace: argocd
data:
  url: https://argocd.example.com
  dex.config: |
    connectors:
      - type: github
        id: github
        name: GitHub
        config:
          clientID: $GITHUB_CLIENT_ID
          clientSecret: $GITHUB_CLIENT_SECRET
          orgs:
          - name: my-org

RBAC Configuration

apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-rbac-cm
  namespace: argocd
data:
  policy.default: role:readonly
  policy.csv: |
    p, role:developers, applications, *, */dev, allow
    p, role:operators, applications, *, */*, allow
    g, my-org:devs, role:developers
    g, my-org:ops, role:operators

Best Practices

  1. Enable SSO for production
  2. Implement RBAC policies
  3. Use separate projects for teams
  4. Enable audit logging
  5. Configure notifications
  6. Use ApplicationSets for multi-cluster
  7. Implement resource hooks
  8. Configure health checks
  9. Use sync windows for maintenance
  10. Monitor with Prometheus metrics
Reference in New Issue View Git Blame Copy Permalink