Open in app

Sign in

Write

Sign in

ArgoCD with AWS ALB | EKS

Timam
2 min readDec 11, 2021

For last couple of days I was trying to expose argocd with AWS Application load balancer. I tried to follow eks workshop doc and argo official doc. But unfortunately those didn’t work for me. Here is my configuration details.

My kubernetes version is 1.21, for obvious reason eks master noeds are in private subent and my aws-ingress-controller virsion is v2.1.3.

If you are having same issues follow me and hopefully the issue will be resolved.

As you already guessed, I am using argocd namespace for argocd resources.

$ kubectl create namespace argocd

Here is the easiest way to install argocd in argocd namespace.

$ kubectl create -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.0.4/manifests/install.yaml

Now, as instructed in official doc, we are going to create argogrpc service.

$ cat argogrpc.yamlapiVersion: v1
kind: Service
metadata:
  annotations:
    alb.ingress.kubernetes.io/backend-protocol-version: HTTP2 #This tells AWS to send traffic from the ALB using HTTP2. Can use GRPC as well if you want to leverage GRPC specific features
  labels:
    app: argogrpc
  name: argogrpc
  namespace: argocd
spec:
  ports:
    - name: "443"
      port: 443
      protocol: TCP
      targetPort: 8080
  selector:
    app.kubernetes.io/name: argocd-server
  sessionAffinity: None
  type: NodePort$ kubectl apply -f argogrpc.yaml

Next we are going to create ingress with following manifest.

$ cat ingress.yamlapiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    alb.ingress.kubernetes.io/backend-protocol: HTTPS
    alb.ingress.kubernetes.io/target-type: 'ip'
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/inbound-cidrs: 0.0.0.0/0
    # Use this annotation (which must match a service name) to route traffic to HTTP2 backends.
    alb.ingress.kubernetes.io/conditions.argogrpc: |
      [{"field":"http-header","httpHeaderConfig":{"httpHeaderName": "Content-Type", "values":["application/grpc"]}}]
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
    alb.ingress.kubernetes.io/subnets: < YOUR SUBNETS >
  name: argocd
  namespace: argocd
spec:
  rules:
    - host: argocd.your.domain
      http:
        paths:
          - backend:
              service:
                name: argogrpc
                port:
                  number: 443
            pathType: ImplementationSpecific
          - backend:
              service:
                name: argocd-server
                port:
                  number: 443
            pathType: ImplementationSpecific$ kubectl apply -f ingress.yaml

It seems to associate acm automatically based on host. Let me know if it doesn’t work in your case. Also please update your subnet befor apply.

As I have external-dns in place, it automatically updated route53. That should be it. Give it a few mins to load balancer become healthy.

Tip : To get default user admin’s password execute the following command

$ kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
Argo Cd
Alb
Ingress

--

--

Timam

Written by Timam

12 Followers

Command Engineer, HTML Programmer

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams