This repository contains some helpers to integrate Argo CD Application updates with your CI system.
mkkubeconfigis a tool to help generate a KUBECONFIG file from a ServiceAccount's credentials.deployis a script that will attempt to update the tag for an Application's image.
-
Create a ServiceAccount:
apiVersion: v1 kind: ServiceAccount metadata: name: argocd-app-deployer namespace: argocd
-
Create a Role with minimal privileges:
apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: argocd-app-deployer namespace: argocd rules: - apiGroups: - argoproj.io resources: - applications verbs: - get - update - patch
-
Create a RoleBinding:
apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: argocd-app-deployer namespace: argocd roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: argocd-app-deployer subjects: - kind: ServiceAccount name: argocd-app-deployer namespace: argocd
-
Generate a KUBECONFIG for the new ServiceAccount:
$ KUBECONFIG_BODY=$(docker run --rm -v ~/.kube:/root/.kube:ro codekoala/argocd-app-deployer:v0.0.5 mkkubeconfig argocd argocd-app-deployer | base64 -w 0) -
Copy the encoded output and put it into your CI system. It could be as a variable that gets injected into your build environment, which you can then write out and use. For example:
$ mkdir -p ~/.kube/ $ echo "${KUBECONFIG_BODY}" | base64 -d > ~/.kube/config
-
Attempt to deploy an update:
$ docker run --rm -e KUBECONFIG_BODY="${KUBECONFIG_BODY}" codekoala/argocd-app-deployer:v0.0.5 deploy my-postgres postgres 11.2-alpine