Skip to main content

Argo CD Installation with Ansible

471 words·
Argo CD Argo CD CLI Ansible Kubernetes
Table of Contents

Argo CD Installation
#

Latest Release
#

Latest Release: https://github.com/argoproj/argo-cd/releases


Ansible Playbook
# 

---
- name: ArgoCD Setup
  hosts: localhost
  connection: local
  gather_facts: false
  become: false
  vars:
    # ArgoCD Configuration
    kubernetes_namespace: "argocd"
    argocd_manifest_version: "v3.2.0"
    # Ingress Configuration
    kubernetes_ingress_class: "nginx-metallb"
    kubernetes_cluster_issuer: "cluster-issuer-dns01"
    kubernetes_ingress_url: "argocd.jklug.work"

  roles:
    - argocd_setup

# Run Ansible playbook:
ansible-playbook playbooks/argocd_setup.yml -i inventory



Ansible Role
#

Tasks
#

  • tasks/main.yml
# ArgoCD Setup

- name: Create namespace
  kubernetes.core.k8s:
    api_version: v1
    kind: Namespace
    name: "{{ kubernetes_namespace }}"
    state: present

- name: Apply ArgoCD
  kubernetes.core.k8s:
    state: present
    src: "https://raw.githubusercontent.com/argoproj/argo-cd/{{ argocd_manifest_version }}/manifests/install.yaml"
    namespace: "{{ kubernetes_namespace }}"

- name: Apply ArgoCD Ingress
  kubernetes.core.k8s:
    state: present
    definition: "{{ lookup('template', 'argocd-ingress.yml.j2') }}"

Templates
#

  • templates/argocd-ingress.yml.j2
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: argocd-server-ingress
  namespace: {{ kubernetes_namespace }}
  annotations:
    cert-manager.io/cluster-issuer: "{{ kubernetes_cluster_issuer }}"
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
  ingressClassName: "{{ kubernetes_ingress_class }}"
  rules:
  - host: {{ kubernetes_ingress_url }}
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: argocd-server
            port:
              name: https
  tls:
  - hosts:
    - {{ kubernetes_ingress_url }}
    secretName: argocd-tls-secret  # Do not change, the secret is provided by Argo CD

Fetch Admin PW
# 

# Default user
admin

# Fetech ininit admin pw
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d



Argo CD CLI Installation
#

Ansible Playbook
# 

---
- name: Install ArgoCD CLI
  hosts: localhost
  become: true
  gather_facts: false
  vars:
    argocd_cli_version: "v3.2.0"  # Latest release https://github.com/argoproj/argo-cd/tags

  tasks:
    - name: Install ArgoCD CLI
      ansible.builtin.get_url:
        url: https://github.com/argoproj/argo-cd/releases/download/{{ argocd_cli_version }}/argocd-linux-amd64
        dest: /usr/local/bin/argocd
        mode: '0755'

# Run Ansible Playbook: 
ansible-playbook playbooks/argocd_cli.yml -i inventory

Verify Installation
# 

# List ArgoCD CLI version
argocd version --client

# Shell output:
argocd: v3.2.0+66b2f30
  BuildDate: 2025-11-04T15:21:01Z
  GitCommit: 66b2f302d91a42cc151808da0eec0846bbe1062c
  GitTreeState: clean
  GoVersion: go1.25.0
  Compiler: gc
  Platform: linux/amd64



Host Keys
#

Add Host Keys
# 

# Add GitLab host keys
argocd cert add-ssh --batch gitlab.jklug.work

# Shell output:
Enter SSH known hosts entries, one per line. Press CTRL-D when finished.

# Restart ArgoCD
kubectl -n argocd rollout restart deploy/argocd-repo-server

Verify Host Keys
# 

# Verify the host keys in the configmap
kubectl -n argocd get cm argocd-ssh-known-hosts-cm -o yaml

# Shell output:
apiVersion: v1
data:
  ssh_known_hosts: |
    ...
    gitlab.jklug.work ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDmfG7yRUVIfHrU6jc4CF2V4AdeYoc1BjV/mTgpMRZ+KaMA8bC6NnvVAi/M8wSmZJoY4MRKj1qEG7umzDswJRYU=
    gitlab.jklug.work ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDH7TgfrH3Lr57oYxVORBRv9pazhdrHNILmGwiTUe4AZCioPgcPir9XY/zuG69eF76e058cHLw5ik0+qbT+i400CW2/xbd+yXmDUQaOPsv+qe6NHCOdrAjVDNf4zWt5VSSqBsIYu+zEoz89r6n0GCMvaTrBAmaXVzhRMub5t7X+ShTsdlumB0cOp2wd4AmUc+4jcKkvYW2kgb5I3gRSaAlB0mhEo5adqCTKWFdowSUUaRCJB86LkDxqyf9FGgIW4PIs1UnrmGFQSynlWw7wKupfcGJTBB7Efx2W/2O4mqTBI5dJ1qDXp304Af9py8EVQepcC3TFe+41ouvm1VPBDOPh925lUQlfxZ4Ua8VrAwDAPEOXNCzEnw0V5IQHqrgoy14eAFN2jj4Pv05xkwW/GaDB6fJ/6O7fUpGKbSPK+5kb5NZoNTirLNzwg1+kyLNKepywjrU31uw/QvJ2KGHPeIMbCvGOwyfAYDS8rM47cBzRFRlqLdw6Zv32qe4m6b+MUk8=
    gitlab.jklug.work ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL80NqOsf1Sp2qrMJ+JXYxYmUA3v10k0t+NIBnXnz/R9
kind: ConfigMap
metadata:
  creationTimestamp: "2025-11-17T15:26:37Z"
  labels:
    app.kubernetes.io/name: argocd-ssh-known-hosts-cm
    app.kubernetes.io/part-of: argocd
  name: argocd-ssh-known-hosts-cm
  namespace: argocd
  resourceVersion: "3364740"
  uid: ee07bda4-e649-4d33-985d-ad42d0b614b9



Argo CD Update
#

Watch Rollout
# 

# Watch rollout after the update
kubectl -n argocd rollout status deploy/argocd-server
kubectl -n argocd rollout status deploy/argocd-repo-server
kubectl -n argocd rollout status statefulset.apps/argocd-application-controller

Admin PW
#

If necessary fetch the new admin pw and change it back to the old version via the ArgoCD UI:

# Default user
admin

# Fetch admin pw
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

Refresh Repositores
#

If the host keys were manually added, refresh the repository list like this:

  • Go to “Settings” > “Repositories”

  • Click “REFRESH LIST”