Deploy with ArgoCD some infra...and ArgoCD itself

This post is a continuation of the previous post on how to create an easily reproducible local Kubernetes environment with WSL. Actually, what is described below could work on any Kubernetes cluster, but some of the results could be somewhat different, so if you want to follow-along, I suggest you complete the setup I described in the other post first.

Objectives

1. Deploy ArgoCD using helm

2. Have ArgoCD manage its own deployment

3. Deploy traefik with ArgoCD and configure ArgoCD IngressRoute so ArgoCD UI is accessible on port 443 and /argo subpath

4. Deploy Harbor with ArgoCD and Helm and configure it to be accessible on port 8888

5. Enjoy!

All of this is to set the grounds of deploying a microservice I have been building (it doesn't do much right now, but some day...). I chose to have everything managed by ArgoCD, because once, it is fun, and second, it makes it very easy to recreate this cluster as many times as I want and have everything up and running as configured in no-time! 💪

Steps

I assume you are staring at the prompt of the Minikube WSL, like the one below:

To get started, we need to do a few things:

1. Switch to the ubuntu user

2. Start docker (if you haven't done it when following the instructions in the other post)

3. Create a new cluster (if you have done it, please delete it with minikube delete, we need to create it with the insecure flag) -> we need the insecure flag to be able to pull images in the cluster from the Harbor registry

4. Clone the alpha tag of the argo-play repo

5. Go into the local copy of the repo in the install subfolder

6. Install the argocd Helm chart

7. Install the argocd-apps Helm chart

8. Expose the traefik LoadBalancer with minikube tunnel

su ubuntu && cd ~
sudo service docker start
minikube start --insecure-registry "10.0.0.0/24"
git clone --branch alpha https://github.com/alexchiri/argo-play.git
cd argo-play/install
helm install argocd ./argo-cd \
 --namespace=argocd \
 --create-namespace \
 -f argocd-values.yaml
helm install argocd-apps ./argocd-apps \
 --namespace=argocd \
 --create-namespace \
 -f argocd-apps-values.yaml
minikube tunnel

In a few minutes, you should have everything up and running. Open a new Minikube terminal tab, switch to ubuntu user, get all the resources in the cluster and enjoy the show:

su ubuntu
k get pod -A -w

Once all pods are running, get the external IP of your Traefik LoadBalancer service (for me it is 127.0.0.1):

k get services --namespace infra traefik --output jsonpath='{.status.loadBalancer.ingress[0].ip}'

Now you can go visit the UIs of ArgoCD and Harbor in your browser:

1. ArgoCD: https://127.0.0.1/argo (replace with your IP if different)

2. Harbor: https://127.0.0.1:8888 (replace with your IP if different) - Harbor initial credentials are user admin and pass Harbor12345

Note: I am using a self-signed certificate for securing both ArgoCD and Harbor, so your browser will complain about them being unsafe, that is normal. Just select the option to continue to the unsafe website.

What did I do here?

I will not be able to explain everything, because it would make this post very long, but I will try to give some pointers. For the same reason, I will not go into what ArgoCD and Harbor are, that should be easy to figure out from their websites.

It all starts with the argocd and argocd-apps charts: the first deploys ArgoCD (and I configured the argo-play repo in the values file) and the second creates Application and AppProject resources for the folders where these charts are in the repo and the apps and extra folders where we will add other resources in the future. This way, we can manage ArgoCD and all the applications using ArgoCD. If we want to make a change in ArgoCD, we need to modify the values file, commit and push and argocd will apply the changes to itself in the cluster (all Applications have auto-sync enabled). ArgoCD will apply the changes made to any of the folders it watches from the repo.

Applying these helm charts are the only manual steps we need to do to get everything deployed. After that we need to only make changes to the repo and ArgoCD will make them happen: the beauty of GitOPS!

I chose Traefik instead of a simple ingress controller because it is more powerful and it allowed me to create rules with IPs and not only hosts.

I installed Harbor instead of the default docker registry because I wanted to have the possibility to push helm charts as well. Harbor doesn't support being deployed under a subpath and I created a different entrypoint for it in Traefik (on port 8888).

For TLS I used a self-signed certificate which I committed in plain text in the repository, that is not a good practice for obvious reasons, but in my case it doesn't matter as this serves as a local playground.

I also disabled authentication to the argocd UI, just to make things simpler, also not a good practice but acceptable to me for the same reason as above.

I am sure I messed up and misconfigured some things in this setup, but for now I like it! Will continue to build on top of it and experiment with more and more services, while also learning a bit more about developing for Kubernetes. There is more to come, stay tuned!