[ArgoCD]Install ArgoCD from Helm chart

Install ArgoCD from helm chart with creating pv, pvc

Add repo

helm repo add argo <https://argoproj.github.io/argo-helm>

Install argocd CLI

VERSION=$(curl --silent "<https://api.github.com/repos/argoproj/argo-cd/releases/latest>" | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\\1/')

curl -sSL -o /usr/local/bin/argocd <https://github.com/argoproj/argo-cd/releases/download/$VERSION/argocd-linux-amd64>

chmod +x /usr/local/bin/argocd

Change Password

Get initail password

helm install 이후 명령어 확인

kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

Change password & Delete initail seceret

argocd login argocd-ta.joins.net(argocd-server clusterIP)
argocd account update-password

## delete
k -n argocd delete secrets argocd-initial-admin-secret

Edit argocd helm chart

Set Ingress

Argocd Ingress Config 참고
Ingress Configuration - Argo CD - Declarative GitOps CD for Kubernetes

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: argocd-server-ingress
  namespace: argocd
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    kubernetes.io/ingress.class: nginx
    kubernetes.io/tls-acme: "true"
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
# If you encounter a redirect loop or are getting a 307 response code# then you need to force the nginx ingress to connect to the backend using HTTPS.#nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  rules:
  - host: argocd.ta.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: argocd-server
            port:
              name: https
  tls:
  - hosts:
    - argocd.ta.com
    secretName: argocd-secret# do not change, this is provided by Argo CD

Create pv

apiVersion: v1
kind: PersistentVolume
metadata:
  name: argocd-repo-server
  namespace: argocd
spec:
  capacity:
    storage: 10Gi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  hostPath:
    path: /k8s-nas/argocd/repo-server
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: argocd-server
  namespace: argocd
spec:
  capacity:
    storage: 10Gi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  hostPath:
    path: /k8s-nas/argocd/server
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: argocd-dex-server
  namespace: argocd
spec:
  capacity:
    storage: 10Gi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  hostPath:
    path: /k8s-nas/argocd/dex-server
---

Create pvc

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  annotations:
    helm.sh/resource-policy: keep
  labels:
    app: argocd
    component: dex-server
  name: argocd-repo-server
  namespace: argocd
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
  volumeMode: Filesystem
  volumeName: argocd-repo-server
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  annotations:
    helm.sh/resource-policy: keep
  labels:
    app: argocd
    component: server
  name: argocd-server
  namespace: argocd
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
  volumeMode: Filesystem
  volumeName: argocd-server
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  annotations:
    helm.sh/resource-policy: keep
  labels:
    app: argocd
    component: dex-server
  name: argocd-dex-server
  namespace: argocd
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
  volumeMode: Filesystem
  volumeName: argocd-dex-server
---

Edit value.yaml

argocd-repo-server

volumeMounts:
        - mountPath: /app/config/gpg/keys
          name: gpg-keyring

volumes:
      - name: gpg-keyring
        persistentVolumeClaim:
          claimName: argocd-repo-server

argocd-server

volumes:
      - name: static-files
        persistentVolumeClaim:
          claimName: argocd-server

dex-server

volumeMounts:
        - mountPath: /shared
          name: static-files

volumes:
      - name: static-files
        persistentVolumeClaim:
          claimName: argocd-dex-server-static-files

+) 이중화 구성 필요시 replicas, pod affinity 설정 추가

• application controller, server, repo-server 에 해당하는 values.yaml 변경
• dex, redis 가 필요한 경우 추가 설정

## application controller, server, repo-server
replicas: 2

## application controller
affinity: #{}
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
      - labelSelector:
          matchExpressions:
          - key: app.kubernetes.io/name
            operator: In
            values:
            - argocd-application-controller
        topologyKey: "kubernetes.io/hostname"

--
## server
  affinity: #{}
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
      - labelSelector:
          matchExpressions:
          - key: app.kubernetes.io/name
            operator: In
            values:
            - argocd-server
        topologyKey: "kubernetes.io/hostname"

--
## repo-server
  affinity: #{}
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
      - labelSelector:
          matchExpressions:
          - key: app.kubernetes.io/name
            operator: In
            values:
            - argocd-repo-server
        topologyKey: "kubernetes.io/hostname"

Connect git repo using https

ADD NEW APP

Sync policy option

• Prune Resources: 변경 사항에 따라 리소스를 업데이터할 때, 기존의 리소스를 삭제하고 새로운 리소스를 생성합니다. Job 리소스처럼 매번 새로운 작업을 실행해야 하는 경우 이 옵션을 사용합니다.
• Self Heal: 해당 옵션을 활성화 시키면 ArgoCD가 지속적으로 git repository의 설정값과 운영 환경의 값의 싱크를 맞출려고 합니다. 기본적으로 5초마다 계속해서 sync를 시도하게 됩니다. (default timeout)