github.com/argoproj-labs/argocd-operator@v0.10.0/docs/usage/ingress.md (about) 1 # Ingress 2 3 The Argo CD Operator offers support for managing Ingress resources to access the Argo CD resources. 4 5 ## Cluster 6 7 This guide builds on the [OLM Install Guide][install_olm] and assumes a Kubernetes cluster based on [minikube](https://minikube.sigs.k8s.io/). 8 9 ### Ingress Controller 10 11 Ensure that the `ingress` addon is enabled for the minikube cluster. 12 13 ```bash 14 minikube addons list -p argocd 15 ``` 16 ```bash 17 - addon-manager: enabled 18 - dashboard: enabled 19 - default-storageclass: enabled 20 - efk: disabled 21 - freshpod: disabled 22 - gvisor: disabled 23 - heapster: disabled 24 - helm-tiller: disabled 25 - ingress: enabled 26 - ingress-dns: disabled 27 - logviewer: disabled 28 - metrics-server: disabled 29 - nvidia-driver-installer: disabled 30 - nvidia-gpu-device-plugin: disabled 31 - registry: disabled 32 - registry-creds: disabled 33 - storage-provisioner: enabled 34 - storage-provisioner-gluster: disabled 35 ``` 36 37 The addon is disabled by default, enable it if necessary. 38 39 ```bash 40 minikube addons enable ingress -p argocd 41 ``` 42 43 Verify that the ingress Pod is running. 44 45 ```bash 46 kubectl get pods -A 47 ``` 48 ```bash 49 NAMESPACE NAME READY STATUS RESTARTS AGE 50 argocd example-argocd-application-controller-bdf64bc95-x9t7d 1/1 Running 0 92m 51 argocd example-argocd-dex-server-6b7b48d55d-xx4gn 1/1 Running 0 92m 52 argocd example-argocd-redis-7667b47db5-hpfzq 1/1 Running 0 92m 53 argocd example-argocd-repo-server-c7f9889cd-555ld 1/1 Running 0 92m 54 argocd example-argocd-server-d468768b-l5wnf 1/1 Running 0 92m 55 kube-system coredns-5644d7b6d9-8rn4c 1/1 Running 0 2d11h 56 kube-system coredns-5644d7b6d9-ps44w 1/1 Running 0 2d11h 57 kube-system etcd-minikube 1/1 Running 0 2d11h 58 kube-system kube-addon-manager-minikube 1/1 Running 0 2d11h 59 kube-system kube-apiserver-minikube 1/1 Running 0 2d11h 60 kube-system kube-controller-manager-minikube 1/1 Running 0 2d11h 61 kube-system kube-proxy-8g2n4 1/1 Running 0 2d11h 62 kube-system kube-scheduler-minikube 1/1 Running 0 2d11h 63 kube-system nginx-ingress-controller-6fc5bcc8c9-vg26z 1/1 Running 0 9h 64 kube-system storage-provisioner 1/1 Running 0 2d11h 65 kubernetes-dashboard dashboard-metrics-scraper-76585494d8-2ksmc 1/1 Running 0 5h55m 66 kubernetes-dashboard kubernetes-dashboard-57f4cb4545-w26nl 1/1 Running 0 5h55m 67 olm catalog-operator-7dfcfcb46b-xxjdq 1/1 Running 0 2d11h 68 olm olm-operator-76d446f94c-pn6kx 1/1 Running 0 2d11h 69 olm operatorhubio-catalog-h4hc8 1/1 Running 0 2d11h 70 olm packageserver-8478b89d9d-mtp56 1/1 Running 0 45m 71 olm packageserver-8478b89d9d-vvswc 1/1 Running 0 45m 72 ``` 73 74 In this example, the ingress controller is running in the `kube-system` namespace. 75 76 ## ArgoCD Resource 77 78 Create an ArgoCD resource that enables ingress. Note that in this case we run the Argo CD server in insecure mode and 79 terminate TLS at the Ingress controller. See `examples/argocd-ingress.yaml` for this example. 80 81 ```yaml 82 apiVersion: argoproj.io/v1alpha1 83 kind: ArgoCD 84 metadata: 85 name: example-argocd 86 labels: 87 example: ingress 88 spec: 89 server: 90 ingress: 91 enabled: true 92 insecure: true 93 ``` 94 95 Create the ArgoCD with Ingress support. 96 97 ```bash 98 kubectl create -n argocd -f examples/argocd-ingress.yaml 99 ``` 100 101 By default, the Argo CD Operator creates two Ingress resources; one for the HTTP API/UI and the other for GRPC. 102 103 ```bash 104 kubectl get ingress -n argocd 105 ``` 106 ```bash 107 NAME HOSTS ADDRESS PORTS AGE 108 example-argocd example-argocd 192.168.39.234 80, 443 68m 109 example-argocd-grpc example-argocd-grpc 192.168.39.234 80, 443 68m 110 ``` 111 112 By default, the Host for each Ingress is based on the name of the ArgoCD resource. The Host can be overridden if needed. 113 114 ## Access 115 116 In this example there are two hostnames that we will use to access the Argo CD cluster. 117 118 Add entries to the `/etc/hosts` file on the local machine, which is needed to access the services running locally on 119 minikube. 120 121 ```bash 122 echo "`minikube ip -p argocd` example-argocd example-argocd-grpc example-argocd-prometheus" | sudo tee -a /etc/hosts 123 ``` 124 ```text 125 192.168.39.234 example-argocd example-argocd-grpc example-argocd-prometheus 126 ``` 127 128 ### GRPC 129 130 The `argocd` client uses GRPC to communicate with the server. We can perform a login to verify access to the Argo CD 131 server. 132 133 The default password for the admin user can be obtained using the below command. 134 135 ```bash 136 kubectl get secret example-argocd-cluster -n argocd -ojsonpath='{.data.admin\.password}' | base64 -d ; echo 137 ``` 138 139 The `--insecure` flag is required because we are using the default self-signed certificate. 140 141 ```bash 142 argocd login example-argocd-grpc --insecure --username admin 143 ``` 144 ```text 145 'admin' logged in successfully 146 Context 'example-argocd-grpc' updated 147 ``` 148 149 Create the example guestbook application based on the Argo CD [documentation][docs_argo]. 150 151 ```bash 152 argocd app create guestbook \ 153 --insecure \ 154 --repo https://github.com/argoproj/argocd-example-apps.git \ 155 --path guestbook \ 156 --sync-policy automated \ 157 --dest-server https://kubernetes.default.svc \ 158 --dest-namespace argocd 159 ``` 160 ```text 161 application 'guestbook' created 162 ``` 163 164 Verify the application was created and has been synced. 165 166 ```bash 167 argocd app list --insecure 168 ``` 169 ```text 170 NAME CLUSTER NAMESPACE PROJECT STATUS HEALTH SYNCPOLICY CONDITIONS REPO PATH TARGET 171 guestbook https://kubernetes.default.svc argocd default Synced Healthy Auto <none> https://github.com/argoproj/argocd-example-apps.git guestbook 172 ``` 173 174 Delete the application when finished. 175 176 ```bash 177 argocd app delete guestbook --insecure 178 ``` 179 180 ### UI 181 182 The server UI should be available at https://example-argocd/ and the default password for the admin user can be obtained using the below command. 183 184 ```bash 185 kubectl get secret example-argocd-cluster -n argocd -ojsonpath='{.data.admin\.password}' | base64 -d ; echo 186 ``` 187 188 ## Cleanup 189 190 ```bash 191 kubectl delete -n argocd -f examples/argocd-ingress.yaml 192 ``` 193 194 [install_olm]:../install/olm.md 195 [docs_argo]:https://argoproj.github.io/argo-cd/getting_started/#creating-apps-via-cli 196 197 ### Host for Ingress in Argo CD Status 198 199 When setting up access to Argo CD via an Ingress, one can easily retrieve hostnames used for accessing the Argo CD installation through the ArgoCD Operand's `status` field. To expose the `host` field, run `kubectl edit argocd argocd` and then edit the Argo CD instance server to have ingress enabled as `true`, like so: 200 201 ```yaml 202 server: 203 autoscale: 204 enabled: false 205 grpc: 206 ingress: 207 enabled: false 208 ingress: 209 enabled: true 210 route: 211 enabled: false 212 service: 213 type: "" 214 tls: 215 ca: {} 216 ``` 217 If an ingress is found, hostname(s) of the ingress can now be accessed by inspecting your Argo CD instance. This data could be the hostname and/or the IP address(es), depending on what data is available. It will look like the following: 218 219 ```yaml 220 status: 221 applicationController: Running 222 dex: Running 223 host: 172.24.0.7 224 phase: Available 225 redis: Running 226 repo: Running 227 server: Running 228 ssoConfig: Unknown 229 ``` 230 231 If both Route and Ingress are enabled in the Argo CD spec and a route is available, the status for the Route will be prioritized over the Ingress's. In that case, the `host` for the Ingress is not shown in the `status`. 232 233 Unlike with Routes, an Ingress does not go to pending status. Hence, this will not affect the overall status of the Operand.