Set the logs free for your Sitecore developers in Kubernetes using ArgoCD

Hello friends! I hope you are all good out there and are enjoying life ??

I just watched an episode from the lovely series?Ted Lasso.

If you are a football fan, you have to watch it. Football is life ??

Before we start… Don’t forget the big event in Boston next week –?Sitecore DX 2023 Boston

Let’s continue with today’s post ??

Today's theme is all about logs – Set the logs free!

When working in a Kubernetes cluster, it’s important to have logs available for the developers, especially in dev, test, and stage environments.

How can we make the logs available for the developers??There are many ways how to access logs in Kubernetes ??

However, I found a wonderful gem for accessing logs; I’m talking about?ArgoCD.?Yes,?ArgoCD?is used for deploying manifests to Kubernetes – GitOps (pulling changes from Git)

But… It’s also great for reading logs ???

ArgoCD?has a great?CLI tool. Guess what you can do with it? Yes, you guessed correctly ?? Read logs!

The idea is this. We will let the developers access the pod logs using ArgoCD’s CLI tool.

*I will not go through how to setup?ArgoCD, but it’s very straightforward –?Getting Started

Let’s begin ??

First up is to create a user and set up read access?in?ArgoCD?to some selected pods. This means we will create a new user => sitecoredevs and give it read access to some pods.

To add a user, we will have to grab argocd-cm (Configmap) from the Kubernetes cluster:

kubectl get configmap argocd-cm -n argocd -o yaml > argocd-cm.yaml        

And here is the file:

apiVersion: v1
kind: ConfigMap
metadata:
? name: argocd-cm
? namespace: argocd
? labels:
? ? app.kubernetes.io/name: argocd-cm
? ? app.kubernetes.io/part-of: argocd        

We will add a "Data" section and add the new user, let's call it sitecoredevs:

data
? accounts.sitecoredevs: apiKey, login:        

Here is the updated file:

apiVersion: v1
kind: ConfigMap
metadata:
? name: argocd-cm
? namespace: argocd
? labels:
? ? app.kubernetes.io/name: argocd-cm
? ? app.kubernetes.io/part-of: argocd
data:
? accounts.sitecoredevs: apiKey, login        

Next, we will apply the changes in Kubernetes by running the following:

kubectl apply -f argocd-cm.yml        

The next step is to set the password to the new user. We will use the ArgoCD Cli tool for this.

Let's download the CLI tool. You can follow the instructions in the docs => https://argo-cd.readthedocs.io/en/stable/cli_installation/

Or install it using chocolatey => choco install argocd-cli

Verify that it works by logging in to ArgoCD with the following command:

.\argocd-windows-amd64.exe login <hostname to ArgoCD> --username admin --grpc-web-root-path /        

Cool! We are logged in as administrators. It's time to set the password for the new user with the following command:

.\argocd-windows-amd64.exe account update-password --account sitecoredevs --new-password <a password>        

Now for the roles(RBAC), we will create a new role => "dev" and assign it to the new user.

Let's grab argcd-rbac (RBAC ConfigMap):?

kubectl get configmap argocd-rbac-cm -n argocd -o yaml > argocd-rbac.yml        

Here is the file:

apiVersion: v1
kind: ConfigMap
metadata:
? labels:
? ? app.kubernetes.io/name: argocd-rbac-cm
? ? app.kubernetes.io/part-of: argocd
? name: argocd-rbac-cm
? namespace: argocd        

We will update the ConfigMap file with a "Data" section. Now we can add the new role "dev" and give it read(get) permission to the pods(CM, CD, all the ssr and nextjs pods)

data:
? policy.csv: |
? ? p, role:dev, applications, get, <your namespace>/pods-cm, allow
? ? p, role:dev, applications, get, <your namespace>/pods-cd, allow
? ? p, role:dev, applications, get, <your namespace>/ssrproxy-*, allow
? ? p, role:dev, applications, get, <your namespace>/nextjsproxy-*, allow
? ? g, sitecoredevs, role:dev
? policy.default: role:''        

*the g, sitecoredevs, role:dev will assign the "dev" role to the new user "sitecoredevs"

Let's apply the RBAC config map by running the following command:

kubectl apply -f argcd-rbac.yml        

Wonderful!

Let us try it out :-) We will log in with the sitecoredevs user and grab the logs from the CM pod:

.\argocd-windows-amd64.exe login <hostname to ArgoCD> --insecure --username sitecoredevs --password <a password> --grpc-web-root-path/ 
.\argocd-windows-amd64.exe app logs pods-cm --follow        

Success :-)

To make it easier for the developers, we will use bat files. A bat file for each pod:

• TestGetCDLog.bat
• TestGetCMLog.bat
• TestGetNextJsApp1Log.bat
• TestGetNextJsApp2Log.bat
• ...

Here is an example of a bat file for viewing logs from CD:

.\argocd-windows-amd64.exe login <hostname to ArgoCD> --insecure --username sitecoredevs --password <a password> --grpc-web-root-path/ 
.\argocd-windows-amd64.exe app logs pods-cd --follow        

Now the developers just have to click on the bat files to read the logs!

That’s all for now folks ??