Register an account with IAM
visit the service's endpoint is https://iam-pilota.cloud.cnaf.infn.it
Argocd GUI
The user will be able to login at https://argo-test.cloud.cnaf.infn.it using IAM Pilota as the identity provider
After a successful login, the user will be able to deploy within the k8s-wg argocd project
Managing ArgoCD Applications
Due to RBAC policies, the user is only able to deploy ArgoCD applications within the k8s-wg namespace.
Deploy application using the GUI
When clicking on + NEW APP button, the user will be prompted with a form. That form contains all the necessary parameters to deploy an ArgoCD application.
Listing Important parameters
General section:
- Application name needs to have k8s-wg/ prefix otherwise ArgoCD will return permission denied.
- Project name is k8s-wg
Source section can be either Helm or Git.
Destination section:
- Cluster Url is equal to the internal kubernetes api endpoint https://kubernetes.default.svc
- namespace is flexible and can have a value chosen by the user.
Otherwise the user can click on EDIT AS YAML
In this case Application name doesn't need to have a prefix but the namespace of the application has to have the value k8s-wg.
Deploy Application Using ArgoCD CLI
After install ArgoCD CLI https://argo-cd.readthedocs.io/en/stable/cli_installation/, the user can login using single sign-on.
$ argocd login argo-test.cloud.cnaf.infn.it --sso WARN[0000] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web. Opening browser for authentication Performing authorization_code flow login: https://iam-pilota.cloud.cnaf.infn.it/authorize?access_type=offline&client_id=<client id>&code_challenge=<code challenge>&code_challenge_method=S256&redirect_uri=http%3A%2F%2Flocalhost%3A8085%2Fauth%2Fcallback&response_type=code&scope=openid+profile+email+offline_access&state=HQEfPEshjvOrEZmuukxQxOGF Authentication successful 'ahmad.alkhansa@cnaf.infn.it' logged in successfully Context 'argo-test.cloud.cnaf.infn.it' updated