├── .gitignore ├── argocd-projects ├── argocd-example-apps.yml ├── my-project.yaml └── example.yml ├── argocd-local-users ├── 3-apply.sh ├── 1-get-current-config.sh ├── disable-admin.yaml ├── admin-user.yaml ├── read-user.yaml ├── sync-user.yaml ├── 2-add-user-to-manifest.sh └── README.md ├── argocd-rbac ├── 3-apply.sh ├── 1-get-current-config.sh ├── read-user.yaml ├── admin-user.yaml ├── sync-user.yaml ├── 2-add-policy-to-manifest.sh └── README.md ├── my-apps ├── nginx │ └── nginx.yaml └── inflate │ └── inflate.yml ├── application-sets ├── README.md ├── argocd-example-apps.yml └── my-apps.yml ├── argocd-example-apps └── guestbook.yaml └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | argocd-local-users/argocd-cm*.yml 2 | argocd-rbac/argocd-rbac-cm*.yml 3 | argocd-rbac/merged*.yml 4 | -------------------------------------------------------------------------------- /argocd-projects/argocd-example-apps.yml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: AppProject 3 | metadata: 4 | name: argocd-example-apps 5 | namespace: argocd 6 | spec: 7 | description: Project to argocd examples 8 | -------------------------------------------------------------------------------- /argocd-local-users/3-apply.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | CONFIG_MAP="argocd-cm" 3 | 4 | if [ ! -f "${CONFIG_MAP}.yml" ]; then 5 | echo "Error: First execute ./1-get-current-config.sh" 6 | exit 1 7 | fi 8 | 9 | kubectl apply -f ${CONFIG_MAP}.yml -n argocd 10 | -------------------------------------------------------------------------------- /argocd-rbac/3-apply.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | CONFIG_MAP="argocd-rbac-cm" 3 | 4 | if [ ! -f "${CONFIG_MAP}.yml" ]; then 5 | echo "Error: First execute ./1-get-current-config.sh" 6 | exit 1 7 | fi 8 | 9 | kubectl apply -f ${CONFIG_MAP}.yml -n argocd 10 | -------------------------------------------------------------------------------- /argocd-local-users/1-get-current-config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | CONFIG_MAP="argocd-cm" 3 | 4 | kubectl get configmap ${CONFIG_MAP} -n argocd -o yaml > ${CONFIG_MAP}.yml 5 | 6 | # Create a backup of current file 7 | CURR_DATETIME=$(date +"%Y-%m-%d-%H-%M") 8 | cp ${CONFIG_MAP}.yml ${CONFIG_MAP}_bkp-$CURR_DATETIME.yml 9 | -------------------------------------------------------------------------------- /argocd-rbac/1-get-current-config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | CONFIG_MAP="argocd-rbac-cm" 3 | 4 | kubectl get configmap ${CONFIG_MAP} -n argocd -o yaml > ${CONFIG_MAP}.yml 5 | 6 | # Create a backup of current file 7 | CURR_DATETIME=$(date +"%Y-%m-%d-%H-%M") 8 | cp ${CONFIG_MAP}.yml ${CONFIG_MAP}_bkp-$CURR_DATETIME.yml 9 | -------------------------------------------------------------------------------- /argocd-local-users/disable-admin.yaml: -------------------------------------------------------------------------------- 1 | # Yaml ilustrative to knowledge 2 | # Your yaml needs information from actual yaml file 3 | # This manifest will be merged with the current to generate the correct one 4 | apiVersion: v1 5 | kind: ConfigMap 6 | metadata: 7 | name: argocd-cm 8 | namespace: argocd 9 | data: 10 | admin.enabled: "false" 11 | -------------------------------------------------------------------------------- /argocd-rbac/read-user.yaml: -------------------------------------------------------------------------------- 1 | # Yaml ilustrative to knowledge 2 | # Your yaml needs information from actual yaml file 3 | # This manifest will be merged with the current to generate the correct one 4 | apiVersion: v1 5 | kind: ConfigMap 6 | metadata: 7 | name: argocd-rbac-cm 8 | namespace: argocd 9 | data: 10 | policy.default: role:readonly 11 | -------------------------------------------------------------------------------- /argocd-local-users/admin-user.yaml: -------------------------------------------------------------------------------- 1 | # Yaml ilustrative to knowledge 2 | # Your yaml needs information from actual yaml file 3 | # This manifest will be merged with the current to generate the correct one 4 | apiVersion: v1 5 | kind: ConfigMap 6 | metadata: 7 | name: argocd-cm 8 | namespace: argocd 9 | data: 10 | accounts.adminuser: apiKey, login 11 | accounts.adminuser.enabled: "true" 12 | -------------------------------------------------------------------------------- /argocd-local-users/read-user.yaml: -------------------------------------------------------------------------------- 1 | # Yaml ilustrative to knowledge 2 | # Your yaml needs information from actual yaml file 3 | # This manifest will be merged with the current to generate the correct one 4 | apiVersion: v1 5 | kind: ConfigMap 6 | metadata: 7 | name: argocd-cm 8 | namespace: argocd 9 | data: 10 | accounts.readuser: apiKey, login 11 | accounts.readuser.enabled: "true" 12 | -------------------------------------------------------------------------------- /argocd-local-users/sync-user.yaml: -------------------------------------------------------------------------------- 1 | # Yaml ilustrative to knowledge 2 | # Your yaml needs information from actual yaml file 3 | # This manifest will be merged with the current to generate the correct one 4 | apiVersion: v1 5 | kind: ConfigMap 6 | metadata: 7 | name: argocd-cm 8 | namespace: argocd 9 | data: 10 | accounts.syncuser: apiKey, login 11 | accounts.syncuser.enabled: "true" 12 | -------------------------------------------------------------------------------- /argocd-rbac/admin-user.yaml: -------------------------------------------------------------------------------- 1 | # Yaml ilustrative to knowledge 2 | # Your yaml needs information from actual yaml file 3 | # This manifest will be merged with the current to generate the correct one 4 | apiVersion: v1 5 | kind: ConfigMap 6 | metadata: 7 | name: argocd-rbac-cm 8 | namespace: argocd 9 | data: 10 | policy.default: role:readonly 11 | policy.csv: | 12 | g, adminuser, role:admin 13 | -------------------------------------------------------------------------------- /argocd-rbac/sync-user.yaml: -------------------------------------------------------------------------------- 1 | # Yaml ilustrative to knowledge 2 | # Your yaml needs information from actual yaml file 3 | # This manifest will be merged with the current to generate the correct one 4 | apiVersion: v1 5 | kind: ConfigMap 6 | metadata: 7 | name: argocd-rbac-cm 8 | namespace: argocd 9 | data: 10 | policy.default: role:readonly 11 | policy.csv: | 12 | p, syncuser, applications, sync, default/*, allow -------------------------------------------------------------------------------- /my-apps/nginx/nginx.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: nginx-deployment 5 | labels: 6 | app: nginx 7 | spec: 8 | # do not include replicas in the manifests if you want replicas to be controlled by HPA 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | app: nginx 13 | template: 14 | metadata: 15 | labels: 16 | app: nginx 17 | spec: 18 | containers: 19 | - name: nginx 20 | image: nginx 21 | ports: 22 | - containerPort: 80 -------------------------------------------------------------------------------- /argocd-projects/my-project.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: AppProject 3 | metadata: 4 | name: my-project 5 | namespace: argocd 6 | spec: 7 | description: My example project 8 | sourceRepos: 9 | - https://github.com/gustavoapolinario/gitops-argocd-sample.git 10 | destinations: 11 | - namespace: '!kube-system' 12 | server: '*' 13 | - namespace: '*' 14 | server: '*' 15 | clusterResourceWhitelist: 16 | - group: '*' 17 | kind: '*' 18 | namespaceResourceBlacklist: 19 | - group: '*' 20 | kind: 'Secret' 21 | -------------------------------------------------------------------------------- /application-sets/README.md: -------------------------------------------------------------------------------- 1 | # About 2 | 3 | Appication Sets generate the Application Projects. 4 | 5 | It is usefull to load multiple projects dynamically in a single scripts with *. 6 | 7 | The project my-apps.yml creates application for all application on folder my-apps/ of this git. 8 | 9 | # How to 10 | 11 | ## Create 12 | ```bash 13 | argocd appset create application-sets/argocd-example-apps.yml --port-forward --port-forward-namespace argocd 14 | ``` 15 | 16 | ## Delete 17 | ```bash 18 | argocd appset delete my-apps --port-forward --port-forward-namespace argocd 19 | ``` 20 | 21 | ## List 22 | ```bash 23 | argocd appset list --port-forward --port-forward-namespace argocd 24 | ``` 25 | -------------------------------------------------------------------------------- /argocd-local-users/2-add-user-to-manifest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | CONFIG_MAP="argocd-cm" 3 | 4 | if [ ! -f "${CONFIG_MAP}.yml" ]; then 5 | echo "Error: First execute the 1-get-current-config.sh" 6 | exit 1 7 | fi 8 | 9 | # Check if exactly one parameter is provided 10 | if [ "$#" -ne 1 ]; then 11 | echo "Error: Need the name of the file to with user information." 12 | echo "ex:" 13 | echo "$0 admin-user.yaml" 14 | echo "$0 read-user.yaml" 15 | echo "$0 sync-user.yaml" 16 | exit 1 17 | fi 18 | 19 | yq() { 20 | docker run --rm -i -v "${PWD}":/workdir mikefarah/yq "$@" 21 | } 22 | yq eval-all '. as $item ireduce ({}; . * $item)' ${CONFIG_MAP}.yml $1 | tee merged.yml 23 | 24 | mv merged.yml ${CONFIG_MAP}.yml 25 | -------------------------------------------------------------------------------- /my-apps/inflate/inflate.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: inflate 5 | spec: 6 | securityContext: 7 | runAsNonRoot: true 8 | allowPrivilegeEscalation: false 9 | seccompProfile: 10 | type: RuntimeDefault 11 | 12 | # do not include replicas in the manifests if you want replicas to be controlled by HPA 13 | replicas: 0 14 | 15 | selector: 16 | matchLabels: 17 | app: inflate 18 | template: 19 | metadata: 20 | labels: 21 | app: inflate 22 | spec: 23 | terminationGracePeriodSeconds: 0 24 | containers: 25 | - name: inflate 26 | image: public.ecr.aws/eks-distro/kubernetes/pause:3.7 27 | resources: 28 | requests: 29 | cpu: 1 30 | -------------------------------------------------------------------------------- /argocd-example-apps/guestbook.yaml: -------------------------------------------------------------------------------- 1 | # This is the static way to create the application. 2 | # For dynamic creation use Application Set 3 | # With Application Set, you can declare multiples directories inside yout rep 4 | apiVersion: argoproj.io/v1alpha1 5 | kind: Application 6 | metadata: 7 | name: guestbook 8 | namespace: argocd 9 | spec: 10 | project: default 11 | source: 12 | repoURL: 'https://github.com/argoproj/argocd-example-apps.git' 13 | path: guestbook 14 | targetRevision: HEAD 15 | destination: 16 | server: 'https://kubernetes.default.svc' 17 | namespace: guestbook 18 | syncPolicy: 19 | automated: 20 | prune: true 21 | selfHeal: true 22 | syncOptions: 23 | - CreateNamespace=true 24 | - Replace=true 25 | revisionHistoryLimit: 10 26 | -------------------------------------------------------------------------------- /argocd-rbac/2-add-policy-to-manifest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | CONFIG_MAP="argocd-rbac-cm" 3 | 4 | if [ ! -f "${CONFIG_MAP}.yml" ]; then 5 | echo "Error: First execute the 1-get-current-config.sh" 6 | exit 1 7 | fi 8 | 9 | # Check if exactly one parameter is provided 10 | if [ "$#" -ne 1 ]; then 11 | echo "Error: Need the name of the file to with user information." 12 | echo "ex:" 13 | echo "$0 admin-user.yaml" 14 | echo "$0 read-user.yaml" 15 | echo "$0 sync-user.yaml" 16 | exit 1 17 | fi 18 | 19 | yq() { 20 | docker run --rm -i -v "${PWD}":/workdir mikefarah/yq "$@" 21 | } 22 | yq eval-all ' 23 | select(fileIndex == 0) as $base | 24 | select(fileIndex == 1) as $new | 25 | $base.data."policy.csv" += "\n" + $new.data."policy.csv" | 26 | $base.data."policy.csv" style="literal" | 27 | . as $item ireduce ({}; . * $item) | 28 | .data."policy.csv" = $base.data."policy.csv"' ${CONFIG_MAP}.yml $1 | tee merged.yml 29 | 30 | mv merged.yml ${CONFIG_MAP}.yml 31 | -------------------------------------------------------------------------------- /application-sets/argocd-example-apps.yml: -------------------------------------------------------------------------------- 1 | # argocd appset create application-sets/argocd-example-apps.yml --port-forward --port-forward-namespace argocd 2 | # argocd appset delete argocd-example-apps --port-forward --port-forward-namespace argocd 3 | apiVersion: argoproj.io/v1alpha1 4 | kind: ApplicationSet 5 | metadata: 6 | name: argocd-example-apps 7 | spec: 8 | generators: 9 | - git: 10 | repoURL: https://github.com/argoproj/argocd-example-apps.git 11 | revision: HEAD 12 | directories: 13 | - path: guestbook/ 14 | template: 15 | metadata: 16 | name: '{{path.basename}}' 17 | spec: 18 | project: "argocd-example-apps" 19 | source: 20 | repoURL: https://github.com/argoproj/argocd-example-apps.git 21 | targetRevision: HEAD 22 | path: '{{.path.path}}' 23 | destination: 24 | server: https://kubernetes.default.svc 25 | namespace: '{{path.basename}}' 26 | syncPolicy: 27 | syncOptions: 28 | - CreateNamespace=true 29 | automated: 30 | selfHeal: true 31 | prune: true 32 | allowEmpty: true 33 | -------------------------------------------------------------------------------- /application-sets/my-apps.yml: -------------------------------------------------------------------------------- 1 | # argocd appset create application-sets/my-apps.yml --port-forward --port-forward-namespace argocd 2 | # argocd appset create application-sets/my-apps.yml --port-forward --port-forward-namespace argocd --upsert # Update 3 | # argocd appset delete my-apps --port-forward --port-forward-namespace argocd 4 | apiVersion: argoproj.io/v1alpha1 5 | kind: ApplicationSet 6 | metadata: 7 | name: my-apps 8 | spec: 9 | generators: 10 | - git: 11 | repoURL: https://github.com/gustavoapolinario/gitops-argocd-sample.git 12 | revision: HEAD 13 | directories: 14 | - path: my-apps/* 15 | template: 16 | metadata: 17 | name: '{{path.basename}}' 18 | spec: 19 | project: "my-project" 20 | source: 21 | repoURL: https://github.com/gustavoapolinario/gitops-argocd-sample.git 22 | targetRevision: HEAD 23 | path: '{{path}}' 24 | destination: 25 | server: https://kubernetes.default.svc 26 | namespace: '{{path.basename}}' 27 | 28 | syncPolicy: 29 | syncOptions: 30 | - CreateNamespace=true 31 | automated: 32 | selfHeal: true 33 | prune: true 34 | allowEmpty: true 35 | 36 | # # https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Controlling-Resource-Modification/ 37 | # # Sync policy. The Application will be sync with the ApplicationSet? 38 | # applicationsSync: create-only # create-update, create-delete sync 39 | 40 | # # Ignore application difference temporarily. It is usefull to do a maintenance on the application and the applicationsSync is sync 41 | # ignoreApplicationDifferences: 42 | # - jsonPointers: 43 | # - /spec/syncPolicy 44 | -------------------------------------------------------------------------------- /argocd-local-users/README.md: -------------------------------------------------------------------------------- 1 | # About 2 | 3 | The RBAC is a Role Based Access Controller. The scripts will create local users to test the RBAC policies inside ArgoCD. 4 | 5 | This project create local users to give permission to understand the policies. 6 | 7 | ## How it works 8 | 9 | This folder has 3 scripts: 10 | 11 | 1-get-current-config.sh 12 | 13 | 2-add-user-to-manifest.sh 14 | 15 | 3-apply.sh 16 | 17 | The first get the current config and save to a file argocd-cm.yml 18 | 19 | execute: 20 | ```bash 21 | ./1-get-current-config.sh 22 | ``` 23 | 24 | On the second script, the current config will be merged with another manifest to generate 25 | 26 | execute: 27 | ```bash 28 | ./2-add-user-to-manifest.sh admin-user.yaml 29 | ./2-add-user-to-manifest.sh read-user.yaml 30 | ./2-add-user-to-manifest.sh sync-user.yaml 31 | ``` 32 | 33 | For last, with the config merged, the third script will apply the configuration on argoCD 34 | 35 | execute: 36 | ```bash 37 | ./3-apply.sh 38 | ``` 39 | 40 | # Change a user password 41 | 42 | ## Login on argocd cli 43 | 44 | 45 | Default login is *admin* 46 | Default admin password is generated. You can get by the command: 47 | ```bash 48 | kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo 49 | ``` 50 | 51 | Now, login the admin credentials: 52 | 53 | ```bash 54 | argocd login --port-forward --port-forward-namespace argocd -- 55 | ``` 56 | 57 | ## Set/Change the user password 58 | 59 | To change password, you need to the below command. 60 | 61 | You need specify the user who will be changed the password and the new password for this user. 62 | 63 | The command needs your current password too. The password of the same user logged, in other words, the password used on argocd login command. 64 | 65 | ```bash 66 | argocd account update-password --account USER_NAME --new-password NEW_USER_PASSWORD --current-password ARGOCD_ADMIN_LOGGED_PASSWORD --port-forward --port-forward-namespace argocd 67 | ``` 68 | 69 | to facilitate the understanting, this is the same script, but with variables: 70 | 71 | ```bash 72 | ARGOCD_ADMIN_LOGGED_PASSWORD=$(kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo) 73 | 74 | USER_NAME="adminuser" 75 | NEW_USER_PASSWORD="new-adminuser-password" 76 | 77 | argocd account update-password --account $USER_NAME --new-password $NEW_USER_PASSWORD --current-password $ARGOCD_ADMIN_LOGGED_PASSWORD --port-forward --port-forward-namespace argocd 78 | ``` 79 | -------------------------------------------------------------------------------- /argocd-rbac/README.md: -------------------------------------------------------------------------------- 1 | # About 2 | 3 | The RBAC is a Role Based Access Controller. the scripts will create policy to users inside ArgoCD. 4 | 5 | First create the user on argocd-local-users folder (if lab), or create the SSO. 6 | 7 | This project create local users and give permission to understand the policies. 8 | 9 | 10 | ## How it works 11 | 12 | This folder has 3 scripts: 13 | 14 | 1-get-current-config.sh 15 | 16 | 2-add-policy-to-manifest.sh 17 | 18 | 3-apply.sh 19 | 20 | The first get the current config and save to a file argocd-rbac-cm.yml 21 | 22 | execute: 23 | ```bash 24 | ./1-get-current-config.sh 25 | ``` 26 | 27 | On the second script, the current config will be merged with another manifest to generate 28 | 29 | execute: 30 | ```bash 31 | ./2-add-policy-to-manifest.sh admin-user.yaml 32 | ./2-add-policy-to-manifest.sh read-user.yaml 33 | ./2-add-policy-to-manifest.sh sync-user.yaml 34 | ``` 35 | 36 | For last, with the config merged, the third script will apply the configuration on argoCD 37 | 38 | execute: 39 | ```bash 40 | ./3-apply.sh 41 | ``` 42 | 43 | 44 | # Change user password 45 | 46 | ## Login on argocd cli 47 | 48 | 49 | Default login is *admin* 50 | Default admin password is generated. You can get by the command: 51 | ```bash 52 | kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo 53 | ``` 54 | 55 | Now, login the admin credentials: 56 | 57 | ```bash 58 | argocd login --port-forward --port-forward-namespace argocd -- 59 | ``` 60 | 61 | ## Change the user password 62 | 63 | To change password, you need to the below command. 64 | 65 | You need specify the user who will be changed the password and the new password for this user. 66 | 67 | The command needs your current password too. The password of the same user logged, in other words, the password used on argocd login command. 68 | 69 | ```bash 70 | argocd account update-password --account USER_NAME --new-password NEW_USER_PASSWORD --current-password ARGOCD_ADMIN_PASSWORD --port-forward --port-forward-namespace argocd 71 | ``` 72 | 73 | To improve the understanting, I make this script. It is the same command agove, but with variables: 74 | 75 | ```bash 76 | ARGOCD_ADMIN_LOGGED_PASSWORD=$(kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo) 77 | 78 | USER_NAME="adminuser" 79 | NEW_USER_PASSWORD="new-adminuser-password" 80 | 81 | argocd account update-password --account $USER_NAME --current-password $ARGOCD_ADMIN_PASSWORD --new-password $NEW_USER_PASSWORD --port-forward --port-forward-namespace argocd 82 | ``` 83 | 84 | # Validate the manifest 85 | 86 | ```bash 87 | argocd admin settings rbac validate --policy-file argocd-rbac-cm.yml --port-forward --port-forward-namespace argocd 88 | ``` 89 | -------------------------------------------------------------------------------- /argocd-projects/example.yml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: AppProject 3 | metadata: 4 | name: my-project 5 | namespace: argocd 6 | spec: 7 | description: My example project 8 | sourceRepos: 9 | # Do not use the test repo in argoproj 10 | - '!ssh://git@GITHUB.com:argoproj/test' 11 | # Nor any Gitlab repo under group/ 12 | - '!https://gitlab.com/group/**' 13 | # Any other repo is fine though 14 | - '*' 15 | destinations: 16 | # Do not allow any app to be installed in `kube-system` 17 | - namespace: '!kube-system' 18 | server: '*' 19 | # Or any cluster that has a URL of `team1-*` 20 | - namespace: '*' 21 | server: '!https://team1-*' 22 | # Any other namespace or server is fine though. 23 | - namespace: '*' 24 | server: '*' 25 | clusterResourceWhitelist: 26 | - group: '*' 27 | kind: '*' 28 | namespaceResourceBlacklist: 29 | - group: '*' 30 | kind: 'Secret' 31 | 32 | # Example to roles on project 33 | roles: 34 | - name: admin 35 | description: Admin role with full permissions 36 | policies: 37 | - p, proj:my-project:admin, applications, *, my-project/*, allow 38 | groups: 39 | - my-org:admin 40 | - name: sync 41 | description: Admin role with full permissions 42 | policies: 43 | - p, proj:my-project:admin, applications, *, my-project/*, allow 44 | groups: 45 | - my-org:admin 46 | - name: read-only 47 | description: Read-only role with view permissions 48 | policies: 49 | - p, proj:example-project:read-only, applications, get, example-project/*, allow 50 | groups: 51 | - example-org:read-only 52 | - name: read-sync 53 | description: Role allowing get and sync actions 54 | policies: 55 | - p, proj:example-project:read-sync, applications, get, example-project/*, allow 56 | - p, proj:example-project:read-sync, applications, sync, example-project/*, allow 57 | groups: 58 | - example-org:read-sync 59 | 60 | # Example sync allowing change after 18h and before 5h. Saturday allowed and sunday blocked. 61 | syncWindows: 62 | - kind: deny 63 | schedule: "0 6 * * 1-5" # Monday to Friday at 06:00 UTC 64 | duration: 12h # Block until 18:00 UTC 65 | applications: 66 | - '*' 67 | - kind: deny 68 | schedule: "0 0 * * 0" # Sunday at 00:00 UTC 69 | duration: 24h # Block all day Sunday 70 | applications: 71 | - '*' 72 | - kind: allow 73 | schedule: "0 18 * * 1-5" # Monday to Friday at 18:00 UTC 74 | duration: 12h # Allow until 06:00 UTC next day 75 | applications: 76 | - '*' 77 | - kind: allow 78 | schedule: "0 0 * * 6" # Saturday at 00:00 UTC 79 | duration: 24h # Allow all day Saturday 80 | applications: 81 | - '*' 82 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # About 2 | 3 | This project is a lab to test GitOps with ArgoCD. 4 | 5 | You need a local environment first, with it you can install ArgoCD and the ApplicationSet manifests to test the funcionalities of this rep. 6 | 7 | With this rep you can: 8 | - configure local users (to test policies) 9 | - configure policies 10 | - create project 11 | - create application 12 | - create application set 13 | 14 | # Local Environment 15 | 16 | Install a Kubernetes local environment like Minikube 17 | 18 | https://minikube.sigs.k8s.io/docs/start/ 19 | 20 | ## Minikube 21 | 22 | minikube start 23 | 24 | minikube dashboard 25 | 26 | 27 | # ArgoCD 28 | 29 | 30 | ## Install 31 | kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.5.8/manifests/install.yaml 32 | 33 | kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/applicationset/master/manifests/install.yaml 34 | 35 | ## Install argocd CLI 36 | 37 | https://argo-cd.readthedocs.io/en/stable/cli_installation/ 38 | 39 | ## Delete 40 | kubectl delete -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.5.8/manifests/install.yaml 41 | 42 | kubectl delete -n argocd -f https://raw.githubusercontent.com/argoproj/applicationset/master/manifests/install.yaml 43 | 44 | ## Port-forwarding to use the UI 45 | 46 | kubectl port-forward svc/argocd-server -n argocd 8080:443 47 | 48 | ## Get the admin password 49 | 50 | kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo 51 | 52 | ## Login on argocd cli 53 | 54 | Default login is *admin* 55 | 56 | Default admin password is generated. You can get the admin login with the command above. 57 | 58 | Now, login the admin credentials: 59 | 60 | ```bash 61 | argocd login --port-forward --port-forward-namespace argocd -- 62 | ``` 63 | 64 | ## Alias 65 | 66 | I reccomend make a alias to use argocd without repeatidaly put the parameters "--port-forward --port-forward-namespace argocd" 67 | 68 | ```bash 69 | alias argocd="argocd --port-forward --port-forward-namespace argocd" 70 | ``` 71 | 72 | Now, all argocd commands runs these parameters automatically 73 | 74 | 75 | # Install project 76 | 77 | kubectl apply -f argocd-projects/my-project.yaml 78 | 79 | # Application 80 | 81 | You can apply a ArgoCD Application with: 82 | 83 | ```bash 84 | kubectl apply -f argocd-example-apps/guestbook.yaml 85 | ``` 86 | 87 | It will generate 1 Application, to improve efficiency, you could use Application Set and install multiple Applications dynamically. 88 | 89 | # Application Set 90 | 91 | See the doc on [application-sets](./application-sets/README.md) 92 | 93 | # Example of applications 94 | 95 | The ArgoCD example apps repository have a lot of examples. 96 | 97 | You can use manifest directly, you can use helm (inside this git or external), kustomize, etc. 98 | 99 | https://github.com/argoproj/argocd-example-apps/tree/master 100 | 101 | --------------------------------------------------------------------------------