Install ArgoCD in EKS and Set Up GitLab Integration For CI/CD

In this tutorial, we will cover how to install ArgoCD in an EKS (Elastic Kubernetes Service) cluster, set up a private repository in GitLab, sync credentials with the cluster, and deploy a project using ArgoCD.

Prerequisites Link to heading

Before we begin, ensure you have the following:

1. An EKS cluster up and running.
2. kubectl installed and configured to interact with your EKS cluster.
3. Helm installed on your local machine.
4. A GitLab account with a private repository.
5. AWS CLI installed and configured.

Step 1: Install Helm Link to heading

What is Helm? Link to heading

Helm is a package manager for Kubernetes that helps you manage Kubernetes applications. Helm charts are a collection of pre-configured Kubernetes resources that make it easier to deploy and manage applications.

How to Install Helm Link to heading

You can install Helm by following these steps:

1. Download the latest Helm version from the official Helm GitHub releases page.

   curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
   

2. Run the Helm installation script:

   chmod 700 get_helm.sh
   ./get_helm.sh
   

3. Verify the Helm installation:

   helm version
   

Step 2: Install ArgoCD Link to heading

First, install ArgoCD in your EKS cluster using Helm:

helm repo add argo https://argoproj.github.io/argo-helm
helm repo update
kubectl create namespace argocd
helm install argocd argo/argo-cd --namespace argocd

After the installation is complete, you can verify the ArgoCD pods are running:

kubectl get pods -n argocd

Step 3: Access the ArgoCD UI Link to heading

Expose ArgoCD API Server as LoadBalancer

Expose the ArgoCD API server as a LoadBalancer service:

kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "LoadBalancer"}}'

Retrieve the external IP address:

kubectl get svc argocd-server -n argocd

Access the ArgoCD UI by navigating to the external IP address. Log in using the default username admin. Retrieve the initial password:

kubectl get secret argocd-initial-admin-secret -n argocd -o jsonpath="{.data.password}" | base64 -d

Access ArgoCD UI Locally

Alternatively, you can port-forward the ArgoCD server to access it locally:

kubectl port-forward svc/argocd-server -n argocd 8080:443

Access the ArgoCD UI by navigating to https://localhost:8080. Log in using the default username admin. Retrieve the initial password:

kubectl get secret argocd-initial-admin-secret -n argocd -o jsonpath="{.data.password}" | base64 -d

Step 4: Set Up a Private GitLab Repository Link to heading

Create a private repository that only access devops team or admin permission. All applications' configuration place here So :

1. Create a new private repository in GitLab named gitops-argocd.
2. For each project that you have, You should create a folder with name application with contain of this sample helm Template GitOps ArgoCD
3. In setting of this private repo (gitops-argocd), create (generate) a Deploy key with one of supported SSH key type (ED25519 - RSA - …) and put public key on Deploy keys repo setting section.
4. ArgoCD UI setting press CONNECT and put private SSH key generate before here and press connect

Step 5: Setup other repos CI Link to heading

In this part we want update some configuration application content on gitops-argocd private repo that is related to this repo

Add bellow deploy stage in your CI file (.gitlab-ci.yml, …)

variables:
  CD_CHART_REPO: gitops-argocd
  CD_GIT_REPOSITORY: git@gitlab.yourcompanydomain.com:ops/$CD_CHART_REPO.git
  CD_MANIFEST_FILE: Chart.yaml
  TAG: $CI_COMMIT_REF_NAME-$CI_COMMIT_SHORT_SHA

update_manifest:
  stage: deploy
  image: bitsofinfo/cicd-toolbox
  variables:
    GIT_STRATEGY: none
  rules:
    - if: $CI_PIPELINE_SOURCE == "push"
  retry: 2
  script:
    # Add SSH key to root
    - mkdir -p /root/.ssh
    - echo "$SSH_PRIVATE_KEY" > /root/.ssh/id_rsa
    - ssh-keyscan -H gitlab.yourcompanydomain.com > /root/.ssh/known_hosts
    - chmod 600 /root/.ssh/id_rsa
    # Git
    - apk add --no-cache git
    - git config --global user.name $APP_NAME
    - git config --global user.email $APP_NAME"@gitlab.yourcompanydomain.com"
    - git clone --single-branch --branch main $CD_GIT_REPOSITORY
    - cd $CD_CHART_REPO/application-name/application
    # Helm
    - yq write --inplace --verbose "values-${CI_COMMIT_BRANCH}.yaml" image.tag $TAG
    - git commit -am "update image tag" && git push origin main

Just consider that $SSH_PRIVATE_KEY is private key that we generate in step 4-4, So You can define as CI/CD environment variable in admin side to global access or define in CI/CD variables target repo