Feedback

Chat Icon

GitOps the Hard Way, with Argo CD

Build Real GitOps Pipelines From Empty Clusters to Automated Deploys

Your First Argo CD Application: From CLI to Declarative Manifests
41%

A Better Way: Define the Same Setup as Manifests

To recap, we did the following:

  • We added the GitLab repository to Argo CD.
  • We created a Kubernetes Secret to allow the Kubernetes cluster to pull the image from the private registry.
  • We created an Argo CD Application resource to manage the application.

If we want to reproduce the same steps, we have to retype the same commands. This is not efficient and can lead to errors and inconsistencies. It is also not the best way to reproduce the same setup in different environments, share it with others, and version-control it. Instead of using the CLI, we can use a better approach: creating manifests that define the desired state of the system.

Everything we did previously can be defined as a set of manifests. To start, we will delete the following:

  • The GitLab repository registration.
  • The Kubernetes Secret.
  • The Argo CD Application resource.

Run the following commands:

# Remove the GitLab repository registration
argocd repo rm $GITLAB_URL

# Delete the Kubernetes Secret
kubectl delete secret gitlab-registry

# Delete the Argo CD Application resource
argocd app delete todo-app -y

Now, let's start creating our Kubernetes manifests. We will start with the GitLab repository registration. In Argo CD, a repository is registered as a Secret in the argocd namespace with a specific label. Here is the manifest:

cat < $HOME/todo/app/manifests/git-repo.yaml
apiVersion: v1
kind: Secret
metadata:
  name: gitlab-repo
  namespace: argocd
  labels:
    argocd.argoproj.io/secret-type: repository
stringData:
  type: git
  url: ${GITLAB_URL}
  password: ${GITLAB_TOKEN}
  username: ${GITLAB_USERNAME}
EOF

Apply the manifest:

kubectl apply -f $HOME/todo/app/manifests/git-repo.yaml

Next, we will create the Kubernetes Secret for the GitLab registry. This is not an Argo CD resource, but a Kubernetes one. It involves creating a Docker configuration JSON that contains the GitLab registry credentials. Let's create the configuration JSON:

cat < /tmp/docker-config.json
{
  "auths": {
    "registry.gitlab.com": {
      "username": "${GITLAB_USERNAME}",
      "password": "${GITLAB_TOKEN}",
      "email": "${GITLAB_EMAIL}",
      "auth": "$(echo -n "${GITLAB_USERNAME}:${GITLAB_TOKEN}" | base64 -w 0)"
    }
  }
}
EOF

Create a variable called DOCKER_CONFIG_JSON that contains the base64-encoded Docker configuration JSON:

export DOCKER_CONFIG_JSON=$(cat /tmp/docker-config.json | base64 -w 0)

(i) Both base64 calls use the -w 0 option. By default, GNU base64 wraps its output every 76 characters. A line break inside the auth value would make the Docker configuration JSON invalid, and a line break in the final encoded value would make the Kubernetes Secret invalid. -w 0 disables wrapping in both cases.

Now, we can use the DOCKER_CONFIG_JSON variable to create the Kubernetes Secret manifest:

GitOps the Hard Way, with Argo CD

Build Real GitOps Pipelines From Empty Clusters to Automated Deploys

Enroll now to unlock all content and receive all future updates for free.

Unlock now   $20.99 Learn More
Previous Next