Register an account with IAM

visit the service's endpoint is https://iam-pilota.cloud.cnaf.infn.it

Cloud@CNAF > Argocd > image-2024-4-23_9-21-34.png

Argocd GUI

The user will be able to login at https://argo-test.cloud.cnaf.infn.it using IAM Pilota as the identity provider

Cloud@CNAF > Argocd > image-2024-4-23_9-27-3.png

After a successful login, the user will be able to deploy within the k8s-wg argocd project

Cloud@CNAF > Argocd > image-2024-4-23_9-30-8.png

Managing ArgoCD Applications

Due to RBAC policies, the user is only able to deploy ArgoCD applications within the k8s-wg namespace.

Deploy application using the GUI

When clicking on + NEW APP button, the user will be prompted with a form. That form contains all the necessary parameters to deploy an ArgoCD application.

Cloud@CNAF > Argocd > image-2024-4-23_9-37-5.png

Listing Important parameters

General section:

Application name needs to have k8s-wg/ prefix otherwise ArgoCD will return permission denied.
Project name is k8s-wg

Source section can be either Helm or Git.

Destination section:

Cluster Url is equal to the internal kubernetes api endpoint https://kubernetes.default.svc
namespace is flexible and can have a value chosen by the user.

Otherwise the user can click on EDIT AS YAML

In this case Application name doesn't need to have a prefix but the namespace of the application has to have the value k8s-wg.

Sync Application

click on Sync if the user choose manual sync.

Cloud@CNAF > Argocd > image-2024-4-23_10-30-22.png

Deploy Application Using ArgoCD CLI

After install ArgoCD CLI https://argo-cd.readthedocs.io/en/stable/cli_installation/, the user can login using single sign-on.

$ argocd login argo-test.cloud.cnaf.infn.it --sso
WARN[0000] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web.
Opening browser for authentication
Performing authorization_code flow login: https://iam-pilota.cloud.cnaf.infn.it/authorize?access_type=offline&client_id=<client id>&code_challenge=<code challenge>&code_challenge_method=S256&redirect_uri=http%3A%2F%2Flocalhost%3A8085%2Fauth%2Fcallback&response_type=code&scope=openid+profile+email+offline_access&state=HQEfPEshjvOrEZmuukxQxOGF
Authentication successful
'ahmad.alkhansa@cnaf.infn.it' logged in successfully
Context 'argo-test.cloud.cnaf.infn.it' updated

Listing Applications

$ argocd app list
WARN[0000] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web.
NAME           CLUSTER                         NAMESPACE  PROJECT  STATUS  HEALTH   SYNCPOLICY  CONDITIONS  REPO                                                 PATH       TARGET
k8s-wg/testwg  https://kubernetes.default.svc  pippo      k8s-wg   Synced  Healthy  <none>      <none>      https://github.com/argoproj/argocd-example-apps.git  guestbook  HEAD

Create Applications

Create a manifest of the application

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: test3
  namespace: k8s-wg
spec:
  destination:
    name: ''
    namespace: test3
    server: 'https://kubernetes.default.svc'
  source:
    path: guestbook
    repoURL: 'https://github.com/argoproj/argocd-example-apps.git'
    targetRevision: HEAD
  sources: []
  project: k8s-wg
  # Sync policy that allows autocreation of namespace
  syncPolicy:
    syncOptions:
    - CreateNamespace=true

Use manifest file as input for ArgoCD CLI

$ argocd app create -f argocd-app-test.yaml
WARN[0000] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web.
application 'test3' created

Check if the has been create

$ argocd app list
WARN[0000] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web.
NAME           CLUSTER                         NAMESPACE  PROJECT  STATUS     HEALTH   SYNCPOLICY  CONDITIONS  REPO                                                 PATH       TARGET
k8s-wg/test2   https://kubernetes.default.svc  test2      k8s-wg   OutOfSync  Missing  <none>      <none>      https://github.com/argoproj/argocd-example-apps.git  guestbook  HEAD
k8s-wg/test3   https://kubernetes.default.svc  test3      k8s-wg   OutOfSync  Missing  <none>      <none>      https://github.com/argoproj/argocd-example-apps.git  guestbook  HEAD
k8s-wg/testwg  https://kubernetes.default.svc  pippo      k8s-wg   Synced     Healthy  <none>      <none>      https://github.com/argoproj/argocd-example-apps.git  guestbook  HEAD

Sync the application

$ argocd app sync k8s-wg/test3
WARN[0000] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web.
TIMESTAMP                  GROUP        KIND   NAMESPACE                  NAME    STATUS    HEALTH        HOOK  MESSAGE
2024-04-23T10:23:03+02:00            Service       test3          guestbook-ui  OutOfSync  Missing
2024-04-23T10:23:03+02:00   apps  Deployment       test3          guestbook-ui  OutOfSync  Missing
2024-04-23T10:23:07+02:00          Namespace                             test3   Running   Synced              namespace/test3 created
2024-04-23T10:23:11+02:00            Service       test3          guestbook-ui    Synced  Healthy
2024-04-23T10:23:12+02:00            Service       test3          guestbook-ui    Synced   Healthy              service/guestbook-ui created
2024-04-23T10:23:12+02:00   apps  Deployment       test3          guestbook-ui  OutOfSync  Missing              deployment.apps/guestbook-ui created
2024-04-23T10:23:12+02:00   apps  Deployment       test3          guestbook-ui    Synced  Progressing              deployment.apps/guestbook-ui created

Name:               k8s-wg/test3
Project:            k8s-wg
Server:             https://kubernetes.default.svc
Namespace:          test3
URL:                https://argo-test.cloud.cnaf.infn.it/applications/k8s-wg/test3
Repo:               https://github.com/argoproj/argocd-example-apps.git
Target:             HEAD
Path:               guestbook
SyncWindow:         Sync Allowed
Sync Policy:        <none>
Sync Status:        Synced to HEAD (d7927a2)
Health Status:      Progressing

Operation:          Sync
Sync Revision:      d7927a27b4533926b7d86b5f249cd9ebe7625e90
Phase:              Succeeded
Start:              2024-04-23 10:23:01 +0200 CEST
Finished:           2024-04-23 10:23:11 +0200 CEST
Duration:           10s
Message:            successfully synced (all tasks run)

GROUP  KIND        NAMESPACE  NAME          STATUS   HEALTH       HOOK  MESSAGE
       Namespace              test3         Running  Synced             namespace/test3 created
       Service     test3      guestbook-ui  Synced   Healthy            service/guestbook-ui created
apps   Deployment  test3      guestbook-ui  Synced   Progressing        deployment.apps/guestbook-ui created

The application is synced

$ argocd app list
WARN[0000] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web.
NAME           CLUSTER                         NAMESPACE  PROJECT  STATUS  HEALTH   SYNCPOLICY  CONDITIONS  REPO                                                 PATH       TARGET
k8s-wg/test2   https://kubernetes.default.svc  test2      k8s-wg   Synced  Healthy  <none>      <none>      https://github.com/argoproj/argocd-example-apps.git  guestbook  HEAD
k8s-wg/test3   https://kubernetes.default.svc  test3      k8s-wg   Synced  Healthy  <none>      <none>      https://github.com/argoproj/argocd-example-apps.git  guestbook  HEAD
k8s-wg/testwg  https://kubernetes.default.svc  pippo      k8s-wg   Synced  Healthy  <none>      <none>      https://github.com/argoproj/argocd-example-apps.git  guestbook  HEAD