Another quick note on my very simple Argo CD, Argo Workflows, Argo Rollouts and Argo Events setup in my home lab.

Only the base installation procedures are described here, in later posts I will document how I use this stuff to manage an actual workload.

Argo CD

Okay, so what’s this all about?

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.

Installation

First we need to create a dedicated namespace:

jmaas@k8s$ kubectl create namespace argocd
namespace/argocd created

I prefer to use Helm over plain manifest files for installing Kubernetes packages, so let’s add the repo:

jmaas@k8s$ helm repo add argo https://argoproj.github.io/argo-helm
"argo" has been added to your repositories

Update all Helm repositories:

jmaas@k8s$ helm repo update
Hang tight while we grab the latest from your chart repositories...
<SNIP>
...Successfully got an update from the "argo" chart repository
Update Complete. ⎈Happy Helming!⎈

Finally deploy Argo CD in the argocd namespace:

jmaas@k8s$ helm install argocd argo/argo-cd -n argocd
NAME: argocd
LAST DEPLOYED: Mon Jan 27 08:31:17 2025
NAMESPACE: argocd
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
<SNIP>

Let’s see if all pods have started succesfully, it should resemble this:

jmaas@k8s$ kubectl get pods -n argocd
NAME                                                READY   STATUS    RESTARTS   AGE
argocd-application-controller-0                     1/1     Running   0          3m11s
argocd-applicationset-controller-64f6bd6456-g8b8p   1/1     Running   0          3m19s
argocd-dex-server-5fdcd9df8b-m2dwh                  1/1     Running   0          3m19s
argocd-notifications-controller-778495d96f-7lrqk    1/1     Running   0          3m19s
argocd-redis-69fd8bd669-5hm22                       1/1     Running   0          3m18s
argocd-repo-server-75567c944-vtl6l                  1/1     Running   0          3m15s
argocd-server-5c768cdd96-k9fhj                      1/1     Running   0          3m12s

CLI tools

Download and install the Argo CD CLI tools:

jmaas@k8s$ curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64
jmaas@k8s$ sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd
jmaas@k8s$ rm argocd-linux-amd64

Expose the service

We want to expose the argocd-server to the network as it also provides a lovely UI. We do this by patching the svc and setting the type to LoadBalancer and (optinally) give it a fixed IP from the pool. When using the LoadBalancer we don’t really need the NodePort configuration so it’s safe to disable/remove those settings. Instead of patching it’s also possible to edit the svc instead.

jmaas@k8s$ kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "LoadBalancer", "loadBalancerIP": "172.31.xx.yy", "allocateLoadBalancerNodePorts": false}}'
service/argocd-server patched

The service should now look similar to this:

jmaas@k8s$ kubectl get svc argocd-server -n argocd
NAME            TYPE           CLUSTER-IP      EXTERNAL-IP     PORT(S)          AGE
argocd-server   LoadBalancer   10.96.231.147   172.31.xx.yy   80/TCP,443/TCP   43m

Check the installation

To perform a simple end-to-end test, log in to ArgoCD and verify that the communication between the CLI and the service is functioning correctly. Start by retrieving the admin credentials from the secrets.

Get the password:

jmaas@k8s$ kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo

Login to Argo CD:

jmaas@k8s$ argocd login 172.31.xx.yy:443
WARNING: server certificate had error: tls: failed to verify certificate: x509: cannot validate certificate for 172.31.254.52 because it doesn't contain any IP SANs. Proceed insecurely (y/n)? y
Username: admin
Password:
'admin:login' logged in successfully
Context '172.31.xx.yy:443' updated
jmaas@k8s$ argocd version
argocd: v2.13.3+a25c8a0
  BuildDate: 2025-01-03T19:06:52Z
  GitCommit: a25c8a0eef7830be0c2c9074c92dbea8ff23a962
  GitTreeState: clean
  GoVersion: go1.22.10
  Compiler: gc
  Platform: linux/amd64
argocd-server: v2.13.2+dc43124
  BuildDate: 2024-12-11T18:37:15Z
  GitCommit: dc43124058130db9a747d141d86d7c2f4aac7bf9
  GitTreeState: clean
  GoVersion: go1.23.1
  Compiler: gc
  Platform: linux/amd64
  Kustomize Version: v5.4.3 2024-07-19T16:40:33Z
  Helm Version: v3.15.4+gfa9efb0
  Kubectl Version: v0.31.0
  Jsonnet Version: v0.20.0

Accounts & Credentials

Now that we’ve verified connectivity, the next step is to create a user account, set a secure password, and define an RBAC policy. This ensures proper access control and security within ArgoCD, allowing us to manage permissions effectively. Let’s walk through the process step by step.

Add an user account:

jmaas@k8s$ kubectl edit cm argocd-cm -n argocd
<SNIP>
data:
  accounts.jmaas: login
<SNIP>

Set the password:

jmaas@k8s:~$ argocd account update-password --account jmaas
*** Enter password of currently logged in user (admin): 
*** Enter new password for user jmaas: 
*** Confirm new password for user jmaas: 
Password updated

Now grant more permissions to this new user:

jmaas@k8s$ kubectl edit cm argocd-rbac-cm -n argocd

Update the manifest to match below:

apiVersion: v1
data:
  policy.csv: |
    # custom policies
    g, jmaas, role:admin
  policy.default: role:readonly
<SNIP>

Argo Workflows

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows is implemented as a Kubernetes CRD.

Installation

Let’s create a namespace:

jmaas@k8s$ kubectl create namespace argo-workflows
namespace/argo-workflows created

Next, use Helm to install Argo Workflows:

jmaas@k8s$ helm install argo-workflows argo/argo-workflows -n argo-workflows
NAME: argo-workflows
LAST DEPLOYED: Mon Jan 27 13:21:24 2025
NAMESPACE: argo-workflows
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
<SNIP>

Check if the pods are in the running state:

jmaas@k8s$ kubectl get pods -n argo-workflows
NAME                                                 READY   STATUS    RESTARTS   AGE
argo-workflows-server-65fbc97f46-zh5qv               1/1     Running   0          2m1s
argo-workflows-workflow-controller-665585dd4-ktlll   1/1     Running   0          2m1s

CLI tools

Go the Argo Workflows github releases paged here and follow the installation instructions.

Derived from that script I executed the following:

jmaas@k8s$ curl -sLO "https://github.com/argoproj/argo-workflows/releases/download/v3.6.2/argo-linux-amd64.gz" && gunzip "argo-linux-amd64.gz" && chmod +x "argo-linux-amd64" && sudo mv "argo-linux-amd64" /usr/local/bin/argo

Verify that it’s working:

jmaas@k8s$ argo version
argo: v3.6.2
  BuildDate: 2024-12-02T15:04:56Z
  GitCommit: 741ab0ef7b6432925e49882cb4294adccf5912ec
  GitTreeState: clean
  GitTag: v3.6.2
  GoVersion: go1.23.3
  Compiler: gc
  Platform: linux/amd64

Argo Rollouts

Argo Rollouts is a Kubernetes controller and set of CRDs which provide advanced deployment capabilities such as blue-green, canary, canary analysis, experimentation, and progressive delivery features to Kubernetes.

Installation

Create a namespace:

jmaas@k8s$ kubectl create namespace argo-rollouts
namespace/argo-rollouts created

Use Helm to install Argo Rollouts:

jmaas@k8s$ helm install argo-rollouts argo/argo-rollouts --namespace argo-rollouts
NAME: argo-rollouts
LAST DEPLOYED: Tue Jan 28 16:22:22 2025
NAMESPACE: argo-rollouts
STATUS: deployed
REVISION: 1
TEST SUITE: None

CLI tools

Install the CLI tools using the following procedure:

jmaas@k8s$ VERSION=$(curl -s https://api.github.com/repos/argoproj/argo-rollouts/releases/latest | jq -r '.tag_name')
jmaas@k8s$ curl -sLO https://github.com/argoproj/argo-rollouts/releases/download/${VERSION}/kubectl-argo-rollouts-linux-amd64
jmaas@k8s$ chmod +x ./kubectl-argo-rollouts-linux-amd64 
jmaas@k8s$ sudo mv ./kubectl-argo-rollouts-linux-amd64 /usr/local/bin/kubectl-argo-rollouts

Check the installation

Verify that the pods have started:

jmaas@k8s$ kubectl get pods -n argo-rollouts
NAME                             READY   STATUS    RESTARTS   AGE
argo-rollouts-56d8968f77-82zmq   1/1     Running   0          63s
argo-rollouts-56d8968f77-zk7rc   1/1     Running   0          63s

Using the CLI tool we can verify the installation

jmaas@k8s$ kubectl argo rollouts version
kubectl-argo-rollouts: v1.7.2+59e5bd3
  BuildDate: 2024-08-13T18:26:20Z
  GitCommit: 59e5bd385c031600f86075beb9d77620f8d7915e
  GitTreeState: clean
  GoVersion: go1.21.13
  Compiler: gc
  Platform: linux/amd64

Argo Events

Argo Events is an event-based dependency manager for Kubernetes which helps you define multiple dependencies from a variety of event sources like webhook, s3, schedules, streams etc. and trigger Kubernetes objects after successful event dependencies resolution.

Installation

First, create a namespace:

jmaas@k8s$ kubectl create namespace argo-events
namespace/argo-events created

Use Helm to install Argo Events:

jmaas@k8s$ helm install argo-events argo/argo-events --namespace argo-events
NAME: argo-events
LAST DEPLOYED: Tue Jan 28 20:18:46 2025
NAMESPACE: argo-events
STATUS: deployed
REVISION: 1
TEST SUITE: None

The EventBus component is not installed through Helm but rather through a manifest. If you wanto the EventBus use the following procedure:

jmaas@k8s$ kubectl apply -n argo-events -f https://raw.githubusercontent.com/argoproj/argo-events/stable/examples/eventbus/native.yaml
eventbus.argoproj.io/default created

Verify the installation

Check if everything is okay by checking the status of the Event Controller:

jmaas@k8s$ kubectl get pods -n argo-events
NAME                                              READY   STATUS    RESTARTS   AGE
argo-events-controller-manager-587475cdbb-5slhq   1/1     Running   0          63s

That concludes these quick and dirty instructions for installing the Argo components.