5. ArgoCD UI
Overview¶
This guide explains how to quickly expose the Argo CD server UI in your Kubernetes cluster and authenticate using the initial admin account.
Expose argocd-server service¶
-
Change Argo CD Service Type:
- Edit the Argo CD server service to change its type to LoadBalancer:
-
Retrieve the External IP:
- Once the service is exposed, get the external IP:
Note
The external IP needs to be generated and it can take a couple of seconds before its visible.
-
Access Argo CD UI:
- Copy and paste the external IP to access the Argo CD UI through a web browser.
Info
The ArgoCD UI will not be secured with a certificate using this approach. You will get a warning stating
Your connection is not private. You can ignore this and proceed by clickingAdvancedandProceed to IP (unsafe).Use the automatically installed
ingress-nginx controllerin your cluster to issue an ingress resource for your ArgoCD UI and remove this warning. -
Retrieve Initial Admin Password:
-
Get the initial admin password from the
argocd-initial-admin-secretin the Argo CD namespace:-
Mac/UNIX:
-
Powershell:
-
-
-
Log In:
- Use the username
adminand the retrieved password to log in to the Argo CD UI.
- Use the username
Conclusion¶
You can now access and manage your Argo CD deployments through the UI with the initial admin credentials.
Next step¶
Note
If your Github repository is public, you can skip directly to deploying your workloads.
5.1 Use Ingress¶
Overview¶
This small guide will show you how to use ArgoCD itself to create the ingress resources required to issue certificates for the argocd-server and securely handle tls for your UI. The ingress resource for the UI will be controlled by the ArgoCD application.
Deploy ingress using ArgoCD¶
- Prerequisites:
- Your own domain
-
AAA Record pointing to Ingress IP
Manifests¶
- Push the following files (with your own values) to your github repository.
Ingress setup manifests:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: <your-email>
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: nginx
podTemplate:
metadata:
labels:
podtype: acme-solver
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: argocd-server-ingress
namespace: argocd
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
kubernetes.io/tls-acme: "true"
spec:
ingressClassName: nginx
rules:
- host: argo.yourdomain.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: argocd-server
port:
name: https
tls:
- hosts:
- argo.yourdomain.com
secretName: argocd-server-tls # Dont change this
Use ArgoCD to deploy its own ingress as application:
- Apply the following ArgoCD application manifest to deploy your ingress resources.
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: argocd-ingress
namespace: argocd
spec:
project: default
source:
repoURL: https://github.com/your-github-username/your-repo-name.git # change this to your repostiroy url
path: path/to/your/kubernetes/manifests # change this to the location of your ingress manifests that you pushed to git earlier
targetRevision: HEAD
destination:
server: https://kubernetes.default.svc
namespace: argocd
syncPolicy:
automated:
prune: false
selfHeal: true
syncOptions:
- CreateNamespace=true
Info
Propagation can take some time depending on your DNS provider. Because of this, the UI might not be available directly after applying these manifests. Give it a couple of minutes.
- Check your ArgoCD UI in the browser by going to
argo.yourdomain.com. - You can also verify the status of your ArgoCD Ingress application by running the following command:
Conclusion¶
- You have successfully exposed the ArgoCD UI with a Kubernetes Ingress resource, using Ingress NGINX, Cert-manager and Lets Encrypt.