This guide can be used for deploying any helm chart for a 3rd party repository through Argo. I am basing this around NGINX though.

My problem is I want everything, literally everything, managed by Argo. This includes the ingress controller. I will cover how to connect to the Argo UI without the ingress controller at the end so you can monitor the progress of the sync, and if necessary, kick it off yourself.

I will be assuming that Argo is in the argocd namespace and that NGINX will go in the nginx namespace. The chart will be stored in a directory named nginx in the root of your git repository.

File layout

We will have 2 files in our git directory, Chart.yaml and Values.yaml. As a bonus I'll show the Argo Application manifest I used as well, only needed if you use Argo to manage Argo.

Chart.yaml

The chart file is simple, it is a barebones chart manifest with an additional area added, dependencies.

Mine looks like this:

apiVersion: v2
name: nginx
description: A Helm chart for Kubernetes
type: application
version: 0.0.1
appVersion: 0.0.1

dependencies:
- name: ingress-nginx
  repository: https://kubernetes.github.io/ingress-nginx
  version: 3.23.0

The dependencies section is the area that we really care about. The name of the chart we want to install is ingress-nginx and the repository hosting it is https://kubernetes.github.io/ingress-nginx. The most recent version as of this time is 3.23.0.

You can get the most recent version number with the following commands.

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm show chart ingress-nginx/ingress-nginx

Values.yaml

This file is where we will put in the configuration for NGINX.

Depending on your needs, this may be different. However, this config will run NGINX on every worker node as a DaemonSet and listen to port 80 and 443.

The contents are:

ingress-nginx:
  controller:
    hostPort:
      enabled: true
    kind: DaemonSet
    metrics:
      enabled: true
    publishService:
      enabled: false
    extraArgs:
      default-ssl-certificate: "nginx/default-ssl-certificate"
    service:
      enabled: false
    resources:
      limits:
        cpu: 100m
        memory: 90Mi
      requests:
        cpu: 100m
        memory: 90Mi

You will notice that everything is under ingress-nginx. That is because that is the name of the sub chart.

Applications.yaml

This is the application manifest for Argo. Only needed if you let Argo manage your Argo instance (which is really cool).

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: nginx
spec:
  project: default
  source:
    repoURL: 'git@ssh.dev.azure.com:v3/example/kubernetes/kubernetes'
    path: nginx
    targetRevision: HEAD
  destination:
    namespace: nginx
    name: in-cluster
  syncPolicy:
    automated: {}
    syncOptions:
      - CreateNamespace=true

Just replace the repoURL with your git repository URL.

Connecting to Argo without Ingress

To connect to the Argo CD container without an ingress controller we will use the kubectl proxy command.

First, get the name of the container using kubectl get pods -n argocd. The name of the container will start with argocd-server. The command should output something like this:

NAME                                  READY   STATUS    RESTARTS   AGE
argocd-application-controller-0       1/1     Running   0          2d1h
argocd-dex-server-xxxxxxxxxx-xxxxx    1/1     Running   0          2d1h
argocd-redis-xxxxxxxxxx-xxxxx         1/1     Running   0          2d1h
argocd-repo-server-xxxxxxxxxx-xxxxx   1/1     Running   0          2d1h
argocd-server-xxxxxxxxxx-xxxxx        1/1     Running   0          2d1h

Next run the proxy to forward port 8080 from the container to your local desktop. replacing podname with the name of the argocd-server pod.

kubectl port-forward podname 8080:8080 -n argocd

Now open your browser and go to http://localhost:8080. That is all there is to accessing Argo without an ingress controller.

Conclusion

I personally dislike NGINX as my ingress controller. I don't like that it restarts on every change in the cluster. The free version will not hot re-load the config so it kills itself and starts fresh. I tried HAProxy, it does not play nicely with Argo because it will not update the ingress object to mark that it was handled. Traefik does not allow using a default TLS certificate for the ingress objects and instead requires you to have a certificate assigned to every ingress. So, back to simple NGINX. At least now Argo manages it for me, so that is a win.

Bootstrapping a new cluster is now as simple as the initial application of the argocd namespace.

Links

Welcome - NGINX Ingress Controller
Subcharts and Global Values
Interacting with a subchart’s and global values.
Argo CD - Declarative GitOps CD for Kubernetes
Letting Argo CD manage itself
I’m playing with GitOps and I’m using ArgoCD for my orchestration engine. I want to let it rule itself through the git repository.