ArgoCD

ArgoCD can be integrated with Delivery Shield by following the steps given below:

Prerequisites:

Delivery Shield
OPA
ArgoCD with applications
Git
Github account with access to applications in gitops repo

Integrating ArgoCD in Delivery Shield:

Follow the steps given below to integrate ArgoCD with Delivery Shield.

Connect to the cluster where ArgoCD is running and run the command given below:

curl -o argocd-notifications-cm.yaml 
https://raw.githubusercontent.com/OpsMx/argocd-ssd/main/argocd-notifications-cm.yaml

Update the values given below in argocd-notifications-cm.yaml.

argocdUrl: Provide the argocd endpoint.
argocdName: Enter a name for the argocd.
argoEnvironmentList: Provide the target cluster env name and IP address. You can provide multiple target cluster details here. For example: dev|https://12.34.56.78;staging|https://kubernetes.default.svc
Url: Provide the SSD RabbitMQ external IP address or DNS endpoint. For example:

kubectl patch cm argocd-notifications-cm -n argocd --type merge --patch-file argocd-notifications-cm.yaml

Replace your SSD RabbitMQ username and password in the commands given below and run in your cluster. Note: Default username and password is given in the commands.

kubectl patch secret argocd-notifications-secret  --patch="{\"data\": { \"rabbitmq-password\"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx" }}" -n argocd

kubectl patch secret argocd-notifications-secret  --patch="{\"data\": { \"rabbitmq-username\"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx" -n argocd

Run the commands given below to add sidecar containers to the argocd-repo-server pod.

kubectl apply -n argocd -f https://raw.githubusercontent.com/OpsMx/argocd-ssd/main/cmp-config.yaml

curl -o volumes.yaml https://raw.githubusercontent.com/OpsMx/argocd-ssd/main/volumes.yaml

kubectl patch deploy argocd-repo-server -n argocd --patch-file volumes.yaml

curl -o argocd-repo-server-patch.yaml https://raw.githubusercontent.com/OpsMx/argocd-ssd/main/argocd-repo-server-patch.yaml

sed -i 's/SSD-OPA.EXAMPLE.COM/<replace with OPA ingress>/g' argocd-repo-server-patch.yaml

kubectl patch deploy argocd-repo-server -n argocd --patch-file argocd-repo-server-patch.yaml

Add the labels given below, in all the services deployment files under the template.metadata.labels.

ssd.admissionreview.accountname: <Target cluster env name>
ssd.admissionreview.appname: <argocd application name >

Edit the opa-config cm of OPA and point the services endpoint to ssd-opa endpoint at target cluster.
The ArgoCD integration to Delivery Shield is completed.

Troubleshooting:

To check if the integration is working, trigger the CI/CD process once again. If the data is visible in Delivery Shield, the integrations works. If you face any issues while integrating ArgoCD to Secure Software Delivery feel free to contact .

PreviousJenkins NextSpinnaker

Last updated 4 months ago

Was this helpful?