1- # OCM and Argo CD Agent Integration for Highly Scalable Application Deployment
1+ # OCM Argo CD Advanced Pull Model (Argo CD Agent)
22
33
44## Table of Contents
@@ -27,6 +27,9 @@ Once set up, it will also guide you through deploying applications using the con
2727
2828![ OCM with Argo CD Agent Architecture] ( ./assets/argocd-agent-ocm-architecture.drawio.png )
2929
30+ See [ argocd-pull-integration] ( https://github.com/open-cluster-management-io/argocd-pull-integration )
31+ for full details.
32+
3033## Benefits of Using the OCM Argo CD Agent AddOn
3134
3235- ** Centralized Deployment:**
@@ -73,135 +76,43 @@ Refer to the [Quick Start guide](https://open-cluster-management.io/docs/getting
7376- The Hub cluster must have a load balancer.
7477Refer to the [ Additional Resources] ( #additional-resources ) for more details.
7578
76- - Generate the necessary cryptographic keys and certificates (CA, TLS, and JWT)
77- to secure communication and authentication between the Argo CD Agent components (hub principal and spoke agents).
78- Refer to the [ Additional Resources] ( #additional-resources ) for more details.
79-
8079- [ Helm CLI] ( https://helm.sh/ ) .
8180
8281
8382## Setup Guide
8483
85- ### Deploy Argo CD on the Hub Cluster
86-
87- Deploy an Argo CD instance on the hub cluster,
88- excluding compute intensive components like the application controller.
89-
90- ``` shell
91- # kubectl config use-context <hub-cluster>
92- kubectl create namespace argocd
93- kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
94-
95- kubectl scale -n argocd statefulset argocd-application-controller --replicas=0
96- ```
97-
98- See the
99- [ Argo CD website] ( https://argo-cd.readthedocs.io/en/stable/getting_started/#1-install-argo-cd )
100- for more details.
101-
102- Validate that the Argo CD pods are running:
103-
104- ``` shell
105- kubectl -n argocd get pod
106-
107- NAME READY STATUS RESTARTS AGE
108- argocd-applicationset-controller-5985fcc8f9-99qkh 1/1 Running 0 31s
109- argocd-dex-server-58f697b95f-xx7ld 1/1 Running 0 31s
110- argocd-redis-66d85c4b6d-hmcdg 1/1 Running 0 31s
111- argocd-repo-server-7fcd864f4c-vpfst 1/1 Running 0 31s
112- argocd-server-85db89dd5-qbgsm 1/1 Running 0 31s
113- ```
114-
115- This may take a few minutes to complete.
116-
11784### Deploy OCM Argo CD AddOn on the Hub Cluster
11885
119- Clone the ` addon-contrib ` repo:
120-
121- ``` shell
122- git clone git@github.com:open-cluster-management-io/addon-contrib.git
123- cd addon-contrib/argocd-agent-addon
124- ```
125-
126- Deploy the OCM Argo CD AddOn on the hub cluster.
127- This will deploy opinionated Argo CD instances to all managed clusters,
128- including compute intensive components like the application controller.
129-
13086``` shell
13187# kubectl config use-context <hub-cluster>
132- helm -n argocd install argocd-addon charts/argocd-addon
88+ helm repo add ocm https://open-cluster-management.io/helm-charts
89+ helm repo update
90+ helm search repo ocm
91+ helm install argocd-agent-addon ocm/argocd-agent-addon
13392```
13493
135- Validate that the Argo CD AddOn is successfully deployed and available:
94+ Validate that the Argo CD Agent AddOn is successfully deployed and available:
13695
13796``` shell
97+ # kubectl config use-context <hub-cluster>
13898kubectl get managedclusteraddon --all-namespaces
13999
140- NAMESPACE NAME AVAILABLE DEGRADED PROGRESSING
141- cluster1 argocd True False
100+ NAMESPACE NAME AVAILABLE DEGRADED PROGRESSING
101+ cluster1 argocd-agent-addon True False
142102```
143103
144104This may take a few minutes to complete.
145105
146- ### Deploy OCM Argo CD Agent AddOn on the Hub Cluster
147-
148- To deploy the OCM Argo CD Agent AddOn on the hub cluster, follow the steps below. This process deploys:
149- - The ** Argo CD Agent principal component** on the hub cluster.
150- - The ** Argo CD Agent agent component** on all managed clusters.
151-
152- Run the following ` helm ` command:
153-
154- ``` shell
155- helm -n argocd install argocd-agent-addon charts/argocd-agent-addon \
156- --set-file agent.secrets.cacrt=/tmp/ca.crt \
157- --set-file agent.secrets.cakey=/tmp/ca.key \
158- --set-file agent.secrets.tlscrt=/tmp/tls.crt \
159- --set-file agent.secrets.tlskey=/tmp/tls.key \
160- --set-file agent.secrets.jwtkey=/tmp/jwt.key \
161- --set agent.principal.server.address=" 172.18.255.200" \
162- --set agent.mode=" managed" # or "autonomous" for autonomous mode
163- ```
164-
165106Validate that the Argo CD Agent principal pod is running:
166107
167108``` shell
109+ # kubectl config use-context <hub-cluster>
168110kubectl -n argocd get pod
169111
170112NAME READY STATUS RESTARTS AGE
171113argocd-agent-principal-5c47c7c6d5-mpts4 1/1 Running 0 88s
172114```
173115
174- Validate that the Argo CD Agent Addon is successfully deployed and available:
175-
176- ``` shell
177- kubectl get managedclusteraddon --all-namespaces
178-
179- NAMESPACE NAME AVAILABLE DEGRADED PROGRESSING
180- cluster1 argocd True False
181- cluster1 argocd-agent True False
182- ```
183-
184- This may take a few minutes to complete.
185-
186- ** Notes:**
187-
188- 1 . Refer to the [ Additional Resources] ( #additional-resources )
189- section for examples on generating the necessary cryptographic keys and certificates.
190-
191- 2 . The ` agent.principal.server.address ` value must correspond to the external IP of the ` argocd-agent-principal ` service.
192- Use the following command to retrieve it:
193-
194- ``` shell
195- kubectl -n argocd get svc argocd-agent-principal
196-
197- Example output:
198- NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
199- argocd-agent-principal LoadBalancer 10.96.149.226 172.18.255.200 443:32104/TCP 37h
200- ```
201-
202- 3 . For details on operational modes and guidance on selecting the appropriate ` agent.mode ` (e.g., ` managed ` or ` autonomous ` ),
203- refer to the [ Argo CD Agent website] ( https://argocd-agent.readthedocs.io/latest/concepts/agent-modes/ ) .
204-
205116## Deploying Applications
206117
207118### Managed Mode
@@ -227,7 +138,7 @@ spec:
227138 targetRevision: HEAD
228139 path: guestbook
229140 destination:
230- server: https://kubernetes.default.svc
141+ server: https://<principal-external-ip:port>?agentName=<managed cluster name> # For example, https://172.18.255.200:443?agentName=cluster1
231142 namespace: guestbook
232143 syncPolicy:
233144 syncOptions:
@@ -257,50 +168,6 @@ NAME SYNC STATUS HEALTH STATUS
257168guestbook Synced Healthy
258169```
259170
260- ### Autonomous Mode
261-
262- Refer to the [ Argo CD Agent website] ( https://argocd-agent.readthedocs.io/latest/concepts/agent-modes/ )
263- for more details about the ` autonomous ` mode.
264-
265- To deploy an Argo CD Application in ` autonomous ` mode using the Argo CD Agent,
266- create the application on the ` managed ` cluster:
267-
268- ``` shell
269- # kubectl config use-context <managed-cluster>
270- kubectl apply -f - << EOF
271- apiVersion: argoproj.io/v1alpha1
272- kind: Application
273- metadata:
274- name: guestbook
275- namespace: argocd
276- spec:
277- project: default
278- source:
279- repoURL: https://github.com/argoproj/argocd-example-apps
280- targetRevision: HEAD
281- path: guestbook
282- destination:
283- server: https://kubernetes.default.svc
284- namespace: guestbook
285- syncPolicy:
286- syncOptions:
287- - CreateNamespace=true
288- automated:
289- prune: true
290- EOF
291- ```
292-
293- Validate that the application has been successfully synchronized back to the hub cluster:
294-
295- ``` shell
296- # kubectl config use-context <hub-cluster>
297- kubectl -n cluster1 get app
298-
299- NAME SYNC STATUS HEALTH STATUS
300- guestbook Synced Healthy
301- ```
302-
303-
304171## Additional Resources
305172
306173### Deploy MetalLB on a KinD Cluster
@@ -334,28 +201,3 @@ spec:
334201 - kind-address-pool
335202EOF
336203```
337-
338- ### Generate Keys and Certificates (CA, TLS, and JWT)
339-
340- Run the following commands to generate the necessary cryptographic keys and certificates (CA, TLS, and JWT):
341-
342- ``` shell
343- openssl genrsa -out /tmp/jwt.key 2048
344- openssl genpkey -algorithm RSA -out /tmp/ca.key
345- openssl req -new -x509 -key /tmp/ca.key -out /tmp/ca.crt -days 365 -subj " /C=/ST=/L=/O=/OU=/CN=CA"
346- openssl genpkey -algorithm RSA -out /tmp/tls.key
347- openssl req -new -key /tmp/tls.key -out /tmp/tls.csr -subj " /C=/ST=/L=/O=/OU=/CN=principal"
348- cat << EOF > /tmp/openssl_ext.cnf
349- [ req ]
350- distinguished_name = req_distinguished_name
351- x509_extensions = v3_req
352- prompt = no
353-
354- [ req_distinguished_name ]
355- CN = principal
356-
357- [ v3_req ]
358- subjectAltName = IP:172.18.255.200 # Replace with the intented Argo CD Agent principal IP
359- EOF
360- openssl x509 -req -in /tmp/tls.csr -CA /tmp/ca.crt -CAkey /tmp/ca.key -CAcreateserial -out /tmp/tls.crt -days 365 -extfile /tmp/openssl_ext.cnf -extensions v3_req
361- ```
0 commit comments