Bootstrap FreeKB - ArgoCD - Add Cluster using the CLI
ArgoCD - Add Cluster using the CLI
Updated:   |  ArgoCD articles

If possible, I find it helpful to remove my users /home/<username>/.kube/config file so that I when I log into Kubernetes or OpenShift, a new .kube/config file will be created.

If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.

The following commands must be run on the Kubernetes or OpenShift cluster that you want to add to ArgoCD.

Let's us the kubectl (Kuberetes) or oc (OpenShift) login command to log into the Kubernetes or OpenShift cluster that we want to add to ArgoCD as a user that has permission to create a Service Account, Cluster Role and Cluster Role Binding.

~]$ oc login -u john.doe api.dev.openshift.example.com:6443
Authentication required for https://api.dev.openshift.example.com:6443 (openshift)
Console URL: https://api.dev.openshift.example.com:6443/console
Username: john.doe
Password:
Login successful.
You have access to 432 projects, the list has been suppressed. You can list all projects with 'oc projects'
Using project "default".
Welcome! See 'oc help' to get started.

 

The auth can-i command can be used to determine if you have permission to create a Service Account.

~]$ oc auth can-i create serviceaccount
yes

 

Let's use the the kubectl (Kuberetes) or oc (OpenShift) create serviceaccount command to create a Service Account in the kube-system namespace.

kubectl create serviceaccount argocd-manager --namespace kube-system

 

Let's create a YAML file that contains the following YAML to create a Cluster Role named argocd-manager-role.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: argocd-manager-role
rules:
- apiGroups:
  - '*'
  resources:
  - '*'
  verbs:
  - '*'
- nonResourceURLs:
  - '*'
  verbs:
  - '*'

 

The kubectl (Kubernetes) or oc (OpenShift) apply command can be used to create the Cluster Role using the YAML file.

kubectl apply -f cluster_role.yaml

 

The kubectl (Kubernetes) or oc (OpenShift) create clusterrolebinding command can be used to create a Cluster Role Binding that maps the Service Account to the Cluster Role.

oc create clusterrolebinding argocd-manager-role-binding --clusterrole argocd-manager-role --serviceaccount kube-system:argocd-manager

 

The Cluster Role Binding should now show that the Service Account has the Cluster Role in the kube-system namespace.

~]$ oc describe clusterrolebinding argocd-manager-role-binding
Name:         argocd-manager-role-binding
Labels:       <none>
Annotations:  <none>
Role:
  Kind:  ClusterRole
  Name:  argocd-manager-role
Subjects:
  Kind            Name                Namespace
  ----            ----                ---------
  ServiceAccount  argocd-manager      kube-system

 

There should be a secret containing a token that the Service Account can use to authenticate to Kubernetes or OpenShift. Let's make note of this token, we will need this token in a moment.

~]$ kubectl get secret argocd-manager-token-js959 --namespace kube-system --output jsonpath="{.data.token}" | base64 --decode
eyJhbGciOiJSUzI1NiIsImtpZCI6InhlOXdWYjdVYV9qOXk2RVZ2X0JVV1ZZTnZXTy0yR2xRVDhMOEpOUVBnVmsifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJvcGVuc2hpZnQtZ2l0b3BzIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6Im15LXNlcnZpY2UtYWNjb3VudC10b2tlbi1qczk1OSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJteS1zZXJ2aWNlLWFjY291bnQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJhZjE2NjQyOS1jMzgzLTRlNzEtOGRmZS0yYTYyY2JhYmE0NWYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6b3BlbnNoaWZ0LWdpdG9wczpteS1zZXJ2aWNlLWFjY291bnQifQ.Idd7VeoZhDofAiu8ebo8kUxVleeIlkzv8srwpWX0pdefTsqlgJPhzj5rnntK5QyhoQbFRAjPgcnNIixAeiYzUvmUf1H1KlRF2oTih0a7BknIjNRGovn3v3YaWJf6lkkJMWLRGuPWo7tEREOZJtMi-_3Nck5o0R7zSfNCUPC8fwx4es2x4EF4Lm6jaR0IJfcgHuGEjyO4gGTOyZScwzBgrl-HRiNqb2RBeY7_hBAckln3ceX3HKu8XovMgFIoNgk-TXxBs4MHjofCMcj8mxgJObLZwAfgIKvixUQMMKFbGHD0-QO9XcLj6E9X4oM2WeD67RJZcu3TYFnP0V4LiZZ_GWq1HCvH7h7hy9tKd9_9Cbioxw4YO1WtBxapZghtE_ZVnVDX8U-xcO1n0T9WyUkkWFHKipvbZBnDkAtjX3I1Du33pPmg1Xo8mf7EMzNRkqZdP2xyGMwss6Pw9B0PG7P3U1aPguF_dGhxVNvAI4zZIDRpmiLwHvd2t7D3gGCFTCM06pyZjImOFZg4LvrqaYQZAnNWzUBqdXNg-LAuRIGz3X3SfAun1aPTFG9xA8eh08c8aKD8KvjPkfwG_QldYOzcwgumwWlzRRBeA_ozZF-66a83A91nLApcgRLXupcucrNJuMiirUL_Dl7mTnwiaxhMjT3o86RRx_hMS2z5c9liwV8

 

Let's log out of Kubernetes or OpenShift.

kubectl logout

 

Let's create a YAML file that will be used to create a secret which will add the cluster to ArgoCD.

apiVersion: v1
kind: Secret
metadata:
  namespace: openshift-gitops <- must be the namespace ArgoCD was installed in
  name: api-dev-openshift-example-com
  labels:
    argocd.argoproj.io/secret-type: cluster
type: Opaque
stringData:
  name: api-dev-openshift-example-com
  server: https://api.dev.openshift.example.com:6443
  config: |
    {
      "bearerToken": "<bearer token>", <- this is the token you made note of a moment ago
      "tlsClientConfig": {
        "insecure": true <- this can be true for SSL - I'm just going with false to simplify this tutorial
      }
    }

 

Let's log into our Kubernetes or OpenShift cluster that ArgoCD is installed on.

oc login -u john.doe api.controller.openshift.example.com:6443

 

The auth can-i command can be used to determine if you have permission to create a Secret.

~]$ oc auth can-i create secret
yes

 

And then use the kubectl (Kubernetes) or oc (OpenShift) apply command to create the secret in the namespace ArgoCD is installed in (usually the argocd or openshift-gitops namespace). The creation of this secret should add the cluster to ArgoCD.

kubectl apply -f cluster.yaml --namespace <the namespace argocd is in - usually argocd or openshift-gitops>

 

There should now be a secret.

~]$ oc get secret my-cluster --namespace <the namespace argocd is in - usually argocd or openshift-gitops>
NAME                                    TYPE     DATA   AGE
api-dev-openshift-example-com           Opaque   3      5d4h

 

And the argocd cluster list command should include the cluster you just added. Awesome! Don't worry that the status is "Unknown" with message "Cluster has no applications and is not being monitored." This simply appears because no application have been created on the newly added cluster. Once an application is created and sync'd on the newly added cluster, the status should update to "Successful." So let's Create Application using the CLI.

~]$ argocd cluster list --grpc-web
SERVER                                      NAME                VERSION  STATUS      MESSAGE                                                  PROJECT
https://api.dev.openshift.example.com:6443  dev-cluster                  Unknown     Cluster has no applications and is not being monitored.
https://kubernetes.default.svc              in-cluster          1.27     Successful

 

 

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 809659 in the box below so that we can be sure you are a human.