Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It allows you to define and manage the desired state of your Kubernetes applications and resources. In this post, I’ll walk you through the process of installing Argo CD on a Kubernetes cluster using Helm and setting up necessary configurations for SSL with Let’s Encrypt and Traefik as the ingress controller.

Prerequisites

• A Kubernetes cluster
• Helm installed
• kubectl configured to communicate with your cluster
• Cert-manager installed for SSL certificate management
• Traefik ingress configured

1. Add the Argo Helm Repository First, add the Argo project’s Helm repository and update your local Helm chart repository list:

   helm repo add argo https://argoproj.github.io/argo-helm
   helm repo update
   

   This allows you to install the latest Argo CD chart directly from its source.

2. Create Argo CD Namespace and Issuer Configuration Argo CD needs its namespace and a cert-manager issuer for handling SSL:

   Create a file named argocd-issuer.yaml:

   This YAML defines a cert-manager issuer for Argo CD, specifying the ACME server (Let’s Encrypt staging in this case) and the email to use.

       apiVersion: cert-manager.io/v1
       kind: Issuer
       metadata:
         name: argo-issuer
         namespace: argocd
       spec:
         acme:
           server: https://acme-staging-v02.api.letsencrypt.org/directory
           email: [email protected]
           privateKeySecretRef:
             name: argocd-tls-prod
           solvers:
           - http01:
               ingress:
                 class: traefik
   

   Save this content in argocd-issuer.yaml.

3. Configure Argo CD Ingress To expose Argo CD outside your cluster, create an ingress resource:

   Create a file named argocd-ingress.yaml:

   This YAML file sets up an ingress resource for Argo CD, utilizing the Traefik ingress controller and the cert-manager issuer we defined earlier.

      apiVersion: networking.k8s.io/v1
      kind: Ingress
      metadata:
        name: argocd-server-ingress
        namespace: argocd
        annotations:
          kubernetes.io/ingress.class: "traefik"
          cert-manager.io/issuer: "argo-issuer"
          traefik.ingress.kubernetes.io/redirect-entry-point: "https"
      spec:
        rules:
          - host: argo.yourdomain.com
            http:
              paths:
                - backend:
                    service:
                      name: argocd-server
                      port:
                        number: 80
                  path: /
                  pathType: Prefix
                - backend:
                    service:
                      name: argocd-server
                      port:
                        number: 80
                  path: /api/dex/callback
                  pathType: Prefix
        tls:
        - hosts:
          - argo.yourdomain.com
          secretName: argocd-tls-prod
   

   Save this in argocd-ingress.yaml.

4. Configure Argo CD Certificate

   Create a file named argocd-cert.yaml:

        apiVersion: cert-manager.io/v1
        kind: Certificate
        metadata:
          name: argocd-tls-prod
          namespace: argocd
        spec:
          secretName: argocd-tls-prod
          issuerRef:
            name: argo-issuer
          commonName: argo.yourdomain.com
          dnsNames:
          - argo.yourdomain.com
   

   Save this in argocd-cert.yaml.

5. Install Argo CD Using Helm

   Install Argo CD in the argocd namespace using Helm:

   Create a file named argocd-values.yaml:

     configs:
       params:
         "server.insecure": "true"
     # Server-specific configurations
     server:
       service:
         type: ClusterIP
       ingress:
         enabled: false
   

   Save this in argocd-values.yaml.

     helm upgrade --install -f argocd-values.yaml argocd argo/argo-cd -n argocd --create-namespace
   

   The argocd-values.yaml file contains specific configurations for your Argo CD setup.

6. Apply Additional Configuration Finally, apply additional configurations like certificate:

    kubectl apply -f argocd-issuer.yaml argocd-cert.yaml argocd-ingress.yaml
   

   This command will set up SSL for Argo CD, configure it as per your requirements (defined in the ConfigMap and RBAC ConfigMap), and ensure it’s exposed correctly via the ingress.

Conclusion

You’ve now successfully installed Argo CD on your Kubernetes cluster. Argo CD will help you manage your Kubernetes resources in a declarative way using GitOps principles.

The setup includes SSL encryption for secure access and is configured to work with Traefik as the ingress controller.

Remember, this is just the beginning. Explore Argo CD’s capabilities to manage and synchronize your Kubernetes applications and resources effectively.

Note: This post assumes a basic understanding of Kubernetes, Helm, and Cert-manager. Adjust the configurations according to your specific cluster setup and requirements.