I was exploring the other day in my homelab, what if I create a separate utility like light k8 that I can use to manage k8 cluster, to keep some housekeeping of apps in sperate micro cluster. I deployed microk8s and installed ArgoCD. Now, while I am reading on how to add cluster(s) to ArgoCD what I found is an interesting process of adding k8's to ArgoCD. I looked into what are other way to add new K8 cluster's for fun and worked on a quick process to use as part of Bootstrap for every new k8 clusters.
PreReq's:
- ArgoCD Cluster in a Mgmt like K8 cluster
- ArgoCD CLI (https://argo-cd.readthedocs.io/en/stable/cli_installation/)
One Time Setup:
Login to ArgoCD Server
argocd login 10.152.183.141
Create a user with only access to add Clusters via RBAC access [ This will be distributed to users as parameter or should be part of Bootstrap process pulling from Vault or similar]
Export-Current Config:-
kubectl get configmap argocd-cm -n argocd -o yaml > argocd-cm.yaml
Update content with below
data:
accounts.argo-account: apiKey, login accounts.argocd-cluster-add-account: apiKey
Export-Current Config:-
kubectl get configmap argocd-rbac-cm -n argocd -o yaml > argocd-rbac-cm.yaml
Update content with below
data:
policy.csv: |
g, argocd-cluster-add-account, role:argocd-cluster-add-role
p, role:argocd-cluster-add-role, clusters, create, *, allow
Apply the new updated Yaml's
kubectl apply -f argocd-cm.yaml
kubectl apply -f argocd-rbac-cm.yamlEx:- argocd-cm.yaml
apiVersion: v1
kind: ConfigMap
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"ConfigMap","metadata":{"annotations":{},"labels":{"app.kubernetes.io/name":"argocd-cm","app.kubernetes.io/part-of":"argocd"},"name":"argocd-cm","namespace":"argocd"}}
creationTimestamp: "2024-06-05T00:29:49Z"
labels:
app.kubernetes.io/name: argocd-cm
app.kubernetes.io/part-of: argocd
name: argocd-cm
namespace: argocd
data:
accounts.argocd-cluster-add-account: apiKeyEx:- argocd-rbac-cm.yaml
apiVersion: v1
kind: ConfigMap
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"ConfigMap","metadata":{"annotations":{},"labels":{"app.kubernetes.io/name":"argocd-rbac-cm","app.kubernetes.io/part-of":"argocd"},"name":"argocd-rbac-cm","namespace":"argocd"}}
creationTimestamp: "2024-06-05T00:29:49Z"
labels:
app.kubernetes.io/name: argocd-rbac-cm
app.kubernetes.io/part-of: argocd
name: argocd-rbac-cm
namespace: argocd
data:
policy.csv: |
g, argocd-cluster-add-account, role:argocd-cluster-add-role
p, role:argocd-cluster-add-role, clusters, create, *, allowVerify Account Creation
argocd account list
Create Token for this user
AUTH_TOKEN=$(argocd account generate-token --account argocd-cluster-add-account)
For every new K8 cluster
After cluster creation, below need to be applied as part of Bootstrap process
K8_CLUSTER_NAME="homelab-k8-cluster"
ARGOCD_SERVER_Address="10.0.0.239:32144"
k8_Context_NAME="kubernetes-admin@kubernetes"
AUTH_TOKEN="code generated in above one time step"
argocd cluster add context --name homelab-k8-cluster --server cluster-name --auth-token $AUTH_TOKEN --server ArgocdServerIP --insecure --kubeconfig ~/.kube/config -yBonus:- (Draft)
Helm Chart - To deploy init container that will create ArgoCD connector Role and copies cert info to Argo CD.
Repo:-
KPReposSteps:
helm repo add kprepos-helm-charts-public https://kprepos.github.io/helm-charts-public/
helm repo update
helm search repo kprepos-helm-charts-public
Updates Values.Yaml
helm install argo-cd-auto-connector kprepos-helm-charts-public/argo-cd-auto-connector --namespace temp-ns --create-namespace
sleep 150
helm uninstall argo-cd-auto-connector --namespace temp-ns