To deploy this example application, you need a running Kubernetes cluster. You can get one using Minikube.
You also need to have GnuPG, Sops, Helm (version 3 and optionally version 2) and Helm Sops installed on your workstation.
Helm Sops must be installed to transparently wrap Helm. The recommended setup is to have Helm 3 installed as the _helm3 binary with a _helm symlink pointing to it and Helm 2 installed as the _helm2 binary. This way, you can easily switch from Helm 3 to Helm 2 as your default Helm version. Helm Sops must then be installed as the helm binary with helm3 and helm2 symlinks pointing to it. The result should look like this:
lrwxrwxrwx. 1 user user 6 Apr 9 17:25 _helm -> _helm3
-rwxr-xr-x. 1 user user 40460288 Apr 14 21:42 _helm2
-rwxr-xr-x. 1 user user 38461440 Mar 12 19:38 _helm3
-rwxr-xr-x. 1 user user 22390865 Apr 3 18:02 helm
lrwxrwxrwx. 1 user user 4 Apr 3 18:02 helm2 -> helm
lrwxrwxrwx. 1 user user 4 Apr 3 18:03 helm3 -> helm
Finally, clone this repository and open a terminal at its root.
There is an example GPG keyring in the gpg-keyring directory which contains the secret key of an administrator named John Doe (which you will impersonate) and the public key of the Argo CD instance which you're about to install. The Sops configuration file (.sops.yaml) in the repository references these GPG keys. Argo CD's private key is configured in the argocd/secrets.yaml file.
To make use of this GPG keyring, execute the following command in the terminal.
export GNUPGHOME="$(realpath gpg-keyring)"Of course, in a real setup, you would generate a dedicated private key for Argo CD and use your own GPG key (or generate a new one) instead of John Doe's.
Run the following commands in the terminal (ensure Helm 3 is your default Helm version):
cd argocd
kubectl create namespace argocd
helm template argocd argo-cd-2.2.3.tgz --namespace=argocd --values=values.yaml --values=secrets.yaml --include-crds | kubectl apply --namespace=argocd --filename=-
kubectl --namespace=argocd wait deployment/argocd-server --for=condition=Available --timeout=300s
kubectl --namespace=argocd port-forward service/argocd-server 8080:80 &Open a browser at the location http://localhost:8080/, ignore the invalid certificate warning (Argo CD comes with a self-signed certificate unless you customize it) and log in using admin as username and password as password (of course you would customize it in a real setup).
In your browser, navigate to the help page (last icon on the left bar or http://localhost:8080/help), download the CLI and install it.
Then log into Argo CD by running the following command in the terminal (use the same credentials used to log into the web interface):
argocd login localhost:8080Run the following commands in the terminal (choose which version of Helm you want to use):
- if you want to deploy the application using Helm 3:
kubectl apply --namespace=argocd --filename=hello-world.yaml
cd ../hello-world- else if you want to deploy the application using Helm 2:
kubectl apply --namespace=argocd --filename=hello-world-legacy.yaml
cd ../hello-world-legacyThen go to Argo CD web interface, click on the sync button of the hello-world application and wait for it to sync before executing the next commands in the terminal:
kubectl --namespace=hello-world wait deployment/hello-world --for=condition=Available --timeout=300s
kubectl --namespace=hello-world port-forward service/hello-world 8081:80 &Open a browser at the location http://localhost:8081/ and note the decrypted secret ;-)
Execute the following commands in the terminal to:
- edit the secret:
sops secrets.yaml- change the deployment replica count:
sed --regexp-extended --in-place 's/(replicaCount): 1/\1: 2/' values.yaml- see what will be applied when redeploying the application:
argocd app diff hello-world --local .- redeploy the modified application:
argocd app sync hello-world --local .- verify that the modified application has been deployed (then reload the application in your browser):
kill %2
kubectl --namespace=hello-world wait deployment/hello-world --for=condition=Available --timeout=300s
kubectl --namespace=hello-world port-forward service/hello-world 8081:80 &- commit the modifications:
git add secrets.yaml
git diff --staged
git commit -m "Update the secret"