Deploy app into single or multiple Kubernetes Clusters using ArgoCD

Hi all, this article describes how to deploy applications into single or multiple Kubernetes Clusters using ArgoCD.

GitOps is a set of practices to manage infrastructure and app configuration using Git. ArgoCD is a CD (continuous delivery) tool for Kubernetes, a part of GitOps. It pulls code changes from the Git repository and deploys directly on the K8s cluster after comparing the application state with the current state. It also monitors the progress of the change in the K8s cluster.

ArgoCD have 3 basic components-

API- a REST API server (frontend) that manages applications, and invokes app operations like action, sync, and rollback. It also manages cluster credentials stored as K8s secrets, authentication and authorization of third-party identity, RBAC enforcement etc.

Repository Service- an internal repository service that interacts with the Git repository, generates K8s manifests and returns them based on inputs like Repo URL, app path, revision etc.

Application Controller- it is a K8s controller that monitors the applications and compares the target state in the Repository and the current state. Then it implements the changes.

Here I have taken an Azure Kubernetes cluster and installed ArgoCD using Helm in a namespace named argocd

helm repo add argo-cd https://argoproj.github.io/argo-helm
helm repo update
kubectl create namespace argocd
helm install argocd argo-cd/argo-cd -n argocd        

Then to see ArcoCD objects run this command-

kubectl get all -n argocd        

We have 7 pods-

argocd-server- the ArgoCD API server.

argocd-repo-server- the ArgoCD repository service.

argocd-redis- it keeps the state as cache.

argocd-notifications-controller- a newly introduced component that continuously monitors applications and provides notifications about important changes.

argocd-dex-server- used for OIDC, Oauth config.

argocd-applicationset-controller- it automates the deployment of applications to a large set of clusters.

argocd-application-controller- the ArgoCD Application controller.

Also, we have 5 ClusterIP services- argocd-applicationset-controller, argocd-dex-server, argocd-redis, argocd-repo-server and argocd-server.

To access the ArgoCD UI, I have edited the service named argocd-server (kubectl edit svc argocd-server -n argocd) and under spec updated the type from ClusterIP to LoadBalancer.

Then opened the IP in a new browser tab and got the login page.

The default username is admin and to get the password run-

kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath=”{.data.password}” | base64 -d        

If base64 doesn’t work on the command line, then use https://www.base64decode.org to decode.

After login, the home page looks like this-

Clicked on the ‘Create Application’ button in the middle and filled up the fields. Here I have entered https://github.com/argoproj/argocd-example-apps as the Repository URL and guestbook as the Path (because the sample code resides inside the ‘guestbook’ directory in the repository) in the SOURCE section to create a sample ArgoCD app. Then in the DESTINATION section, I've selected the same cluster where this ArgoCD has been installed and then the default namespace. Then I clicked on the CREATE button.

Be careful while selecting the namespace, the application may fail to deploy. Also, if you update the application code and push it to the Repository then the correct namespace should be there on the code, otherwise, SYNC will fail with the status SyncFailed.

After a few moments, the status of the application has become Healthy and Synced.

Then I clicked on it; a detailed page appeared that described the tree structure of the application.

Next, to view different settings, I clicked on the Settings icon from the left menu of the home page.

Clicked on Repositories and added details of one of my Azure DevOps Repository. I have generated a PAT token in Azure DevOps and entered it in the password field.

After clicking on CONNECT a new page has come with the Repository. From the menu (3 dots at the end) I clicked on Create application.

Again, filled in the required fields. This time Repository URL automatically appeared in the SOURCE section, just selected the Revision (branch) and path. Then I clicked on the Create button.

After a few moments, the status of the application has become Healthy and Synced. Clicked on it to view details.

I can view the details of the application. There are multiple options in the UI.

We can use manifest files to define the ArgoCD app, settings, project etc and can run kubectl apply to apply them. For example-

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: customapp
  namespace: namespace1
spec:
  project: default
  syncPolicy:
    automated:  {}
  source:
    repoURL: https://github.com/argoproj/argocd-example-apps.git
    targetRevision: HEAD
    path: customapp
  destination:
    server: https://kubernetes.default.svc
    namespace: namespace1        

By default, ArgoCD pulls from the Git repository every 3 minutes. But we can click on the REFRESH button to get the new result immediately instead of waiting for synchronization. Then if the SYNC STATUS become OutOfSync we can click on the SYNC button and from the sidebar click on the SYNCHRONIZE button. The second step is not required if, in the manifest file the syncPolicy is set as automated: {}

If we delete any K8s object/resource and push the code to the Git Repository, then after a refresh the SYNC STATUS of the application will become OutOfSync and if the prune option is enabled during sync the object/resource will be deleted. In the manifest file, we can add the following code snippet under syncPolicy to make this process automated.

automated:
     prune: true        

We can enable auto-heal sync in ArgoCD. If we make any change on the live cluster using the K8s imperative command or some other way, this will be automatically synced- ArgoCD will automatically correct the difference between the current state of the cluster and the desired state in the Repository. To enable auto-healing we need to add the below code snippet in the manifest file-

automated:
     selfHeal: true        

On the Application details page, by clicking on SYNC we can view and configure different synchronization options and click on the Synchronization button.

In the ArgoCD application page by clicking on Details from the top options, we can see more details- SUMMARY, PARAMETERS, MANIFEST and EVENTS.

I can view the deployment in the AKS portal as well.

Multi-cluster

We can add multiple K8s clusters in ArgoCD. Here I have created an AWS EKS cluster which I would add to ArgoCD. I have installed ArgoCD in the AKS cluster, so it is called the hub cluster. And whatever other cluster I’ll add is called the spoke cluster.

There are 2 ways to add spoke cluster in ArgoCD - HTTPS mode and HTTP mode.

For HTTPS mode we need Certificate Authority (CA), a self-signed certificate to use it on the ArgoCD API server.

HTTP mode doesn’t require this. In this article, I have shown this HTTP mode.

In the ArgoCD server, all the environment variables are referenced from a configmap named argocd-cmd-params-cm

I have edited that configmap-

kubectl edit cm argocd-cmd-params-cm -n argocd        

And at the end added-

data:
  server.insecure: "true"        

Next, I’ve downloaded the ArgoCD CLI from https://github.com/argoproj/argo-cd/releases/latest/download/argocd-windows-amd64.exe and saved it in a folder in C drive. Then added path variable.

Now from ArgoCD CLI, I've logged in to our ArgoCD server by running-

argocd login IP        

[For me it is the IP address of the AKS Load Balancer service which I created earlier. It can be the domain name of AWS Load Balancer if you are using AWS EKS as the hub cluster. Or it can be NodePort service IP]

Entered y [proceed insecurely (y/n)] then the username & password of argocd when prompted.

After login, to add the spoke cluster into ArgoCD we need the K8s cluster context saved in our desktop/laptop (config file). To get this run-

kubectl config get-contexts

Copied the context of another cluster (for me it’s the AWS EKS cluster’s context). Then run-

argocd cluster add CONTEXT --server IP        

On the prompt enter y

After some time, the cluster was added. To verify, log into the ArgoCD portal (UI) and opened Settings-> Clusters

Next, created another application with the name myawsapp and in the DESTINATION section selected the cluster URL of the newly added AWS cluster and default namespace.

After clicking on CREATE the application appeared on the dashboard. Please see the Destination indicates the AWS EKS cluster.

The deployment happened on my AWS EKS cluster.

This way we can add multiple spoke clusters and then deploy our application on them.

Thanks for reading this article.

Please click here to get my other articles.