Home > OS >  How to login to ArgoCD CLI non-interactive in CI like GitHub Actions?
How to login to ArgoCD CLI non-interactive in CI like GitHub Actions?

Time:02-11

We have a full-blown setup using AWS EKS with Tekton installed and want to use ArgoCD for application deployment.

As the docs state we installed ArgoCD on EKS in GitHub Actions with:

  - name: Install ArgoCD
    run: |
      echo "--- Create argo namespace and install it"
      kubectl create namespace argocd --dry-run=client -o yaml | kubectl apply -f -
      kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

We also exposed the ArgoCD server (incl. dashboard) as the docs told us:

  - name: Expose ArgoCD Dashboard
    run: |
      echo "--- Expose ArgoCD Dashboard via K8s Service"
      kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "LoadBalancer"}}'

      echo "--- Wait until Loadbalancer url is present (see https://stackoverflow.com/a/70108500/4964553)"
      until kubectl get service/argocd-server -n argocd --output=jsonpath='{.status.loadBalancer}' | grep "ingress"; do : ; done

Finally we installed argocd CLI with brew:

      echo "--- Install ArgoCD CLI"
      brew install argocd

Now how can we do a argocd login with GitHub Actions (without human interaction)? The argocd login command wants a username and password...

CodePudding user response:

The same docs tell us how to extract the password for argo with:

kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo

Obtaining the ArgoCD server's hostname is also no big deal using:

kubectl get service argocd-server -n argocd --output=jsonpath='{.status.loadBalancer.ingress[0].hostname}'

And as the argocd login command has the parameters --username and --password, we can craft our login command like this:

argocd login $(kubectl get service argocd-server -n argocd --output=jsonpath='{.status.loadBalancer.ingress[0].hostname}') --username admin --password $(kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo) --insecure

Mind the --insecure to prevent the argo CLI from asking things like WARNING: server certificate had error: x509: certificate is valid for localhost, argocd-server, argocd-server.argocd, argocd-server.argocd.svc, argocd-server.argocd.svc.cluster.local, not a5f715808162c48c1af54069ba37db0e-1371850981.eu-central-1.elb.amazonaws.com. Proceed insecurely (y/n)?.

The successful login should somehow look like this in the GitHub Actions UI (see a full log here):

'admin:login' logged in successfully
Context 'a5f715808162c48c1af54069ba37db0e-1371850981.eu-central-1.elb.amazonaws.com' updated

Now your GitHub Actions workflow should be able to interact with the ArgoCD server.

Page link:https//www.codepudding.com/os/296145.html

Prev:GKE upgrading Kubernetes cluster from 1.21.6-gke.1500 to 1.22.3-gke.1500 fails
Next:Created kubeconfig file but only able to access default namespace
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding