135 lines
2.8 KiB
Markdown
135 lines
2.8 KiB
Markdown
# ArgoCD Setup and Configuration
|
|
|
|
## Installation Methods
|
|
|
|
### 1. Standard Installation
|
|
```bash
|
|
kubectl create namespace argocd
|
|
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
|
|
```
|
|
|
|
### 2. High Availability Installation
|
|
```bash
|
|
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/ha/install.yaml
|
|
```
|
|
|
|
### 3. Helm Installation
|
|
```bash
|
|
helm repo add argo https://argoproj.github.io/argo-helm
|
|
helm install argocd argo/argo-cd -n argocd --create-namespace
|
|
```
|
|
|
|
## Initial Configuration
|
|
|
|
### Access ArgoCD UI
|
|
```bash
|
|
# Port forward
|
|
kubectl port-forward svc/argocd-server -n argocd 8080:443
|
|
|
|
# Get initial admin password
|
|
argocd admin initial-password -n argocd
|
|
```
|
|
|
|
### Configure Ingress
|
|
```yaml
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: argocd-server-ingress
|
|
namespace: argocd
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
|
|
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
|
|
spec:
|
|
ingressClassName: nginx
|
|
rules:
|
|
- host: argocd.example.com
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: argocd-server
|
|
port:
|
|
number: 443
|
|
tls:
|
|
- hosts:
|
|
- argocd.example.com
|
|
secretName: argocd-secret
|
|
```
|
|
|
|
## CLI Configuration
|
|
|
|
### Login
|
|
```bash
|
|
argocd login argocd.example.com --username admin
|
|
```
|
|
|
|
### Add Repository
|
|
```bash
|
|
argocd repo add https://github.com/org/repo --username user --password token
|
|
```
|
|
|
|
### Create Application
|
|
```bash
|
|
argocd app create my-app \
|
|
--repo https://github.com/org/repo \
|
|
--path apps/my-app \
|
|
--dest-server https://kubernetes.default.svc \
|
|
--dest-namespace production
|
|
```
|
|
|
|
## SSO Configuration
|
|
|
|
### GitHub OAuth
|
|
```yaml
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: argocd-cm
|
|
namespace: argocd
|
|
data:
|
|
url: https://argocd.example.com
|
|
dex.config: |
|
|
connectors:
|
|
- type: github
|
|
id: github
|
|
name: GitHub
|
|
config:
|
|
clientID: $GITHUB_CLIENT_ID
|
|
clientSecret: $GITHUB_CLIENT_SECRET
|
|
orgs:
|
|
- name: my-org
|
|
```
|
|
|
|
## RBAC Configuration
|
|
```yaml
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: argocd-rbac-cm
|
|
namespace: argocd
|
|
data:
|
|
policy.default: role:readonly
|
|
policy.csv: |
|
|
p, role:developers, applications, *, */dev, allow
|
|
p, role:operators, applications, *, */*, allow
|
|
g, my-org:devs, role:developers
|
|
g, my-org:ops, role:operators
|
|
```
|
|
|
|
## Best Practices
|
|
|
|
1. Enable SSO for production
|
|
2. Implement RBAC policies
|
|
3. Use separate projects for teams
|
|
4. Enable audit logging
|
|
5. Configure notifications
|
|
6. Use ApplicationSets for multi-cluster
|
|
7. Implement resource hooks
|
|
8. Configure health checks
|
|
9. Use sync windows for maintenance
|
|
10. Monitor with Prometheus metrics
|