ArgoCD Setup Guide for AWS
Complete guide for setting up ArgoCD on AWS EKS
ArgoCD Setup Guide for AWS
This guide provides detailed instructions for setting up ArgoCD on Amazon EKS, including AWS-specific configurations and integrations.
Video Tutorial
Learn more about setting up ArgoCD on AWS in this comprehensive video tutorial:
Prerequisites
- AWS CLI installed and configured
- kubectl configured for EKS
- eksctl installed
- Helm (optional)
- AWS IAM permissions
EKS Cluster Setup
1. Create EKS Cluster
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: argocd-cluster
region: us-west-2
nodeGroups:
- name: ng-1
instanceType: m5.large
desiredCapacity: 3
volumeSize: 80
iam:
withAddonPolicies:
autoScaler: true
albIngress: true
cloudWatch: true2. Install AWS Load Balancer Controller
apiVersion: v1
kind: ServiceAccount
metadata:
name: aws-load-balancer-controller
namespace: kube-system
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::ACCOUNT_ID:role/aws-load-balancer-controller
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: aws-load-balancer-controller
namespace: kube-system
spec:
interval: 1h
chart:
spec:
chart: aws-load-balancer-controller
version: '1.4.1'
sourceRef:
kind: HelmRepository
name: eks-charts
namespace: flux-system
values:
clusterName: argocd-cluster
serviceAccount:
create: false
name: aws-load-balancer-controllerArgoCD Installation
1. Install ArgoCD
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml2. AWS ALB Configuration
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: argocd-server-ingress
namespace: argocd
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/backend-protocol: HTTPS
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:region:account-id:certificate/certificate-id
spec:
rules:
- host: argocd.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: argocd-server
port:
number: 443AWS IAM Integration
1. IRSA Setup
apiVersion: v1
kind: ServiceAccount
metadata:
name: argocd-application-controller
namespace: argocd
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::ACCOUNT_ID:role/argocd-application-controller
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: argocd-server
namespace: argocd
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::ACCOUNT_ID:role/argocd-server2. IAM Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"eks:DescribeCluster",
"eks:ListClusters",
"s3:GetObject",
"s3:PutObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:eks:*:*:cluster/*",
"arn:aws:s3:::argocd-artifacts/*"
]
}
]
}AWS Secrets Management
1. AWS Secrets Manager Integration
apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
name: aws-secrets
namespace: argocd
spec:
provider:
aws:
service: SecretsManager
region: us-west-2
auth:
jwt:
serviceAccountRef:
name: argocd-server2. External Secrets Configuration
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: argocd-secrets
namespace: argocd
spec:
refreshInterval: 1h
secretStoreRef:
name: aws-secrets
kind: SecretStore
target:
name: argocd-secret
data:
- secretKey: admin.password
remoteRef:
key: argocd/admin-password
- secretKey: server.secretkey
remoteRef:
key: argocd/server-secretkeyAWS S3 Integration
1. Backup Configuration
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-cm
namespace: argocd
data:
backup.destination: s3://argocd-backup/
backup.schedule: "0 * * * *"2. S3 IAM Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::argocd-backup",
"arn:aws:s3:::argocd-backup/*"
]
}
]
}Monitoring Integration
1. CloudWatch Configuration
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-cm
namespace: argocd
data:
aws.cloudwatch.enabled: "true"
aws.cloudwatch.region: "us-west-2"
aws.cloudwatch.logGroup: "argocd"2. CloudWatch Metrics
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: argocd-metrics
namespace: argocd
spec:
selector:
matchLabels:
app.kubernetes.io/name: argocd-metrics
endpoints:
- port: metrics
interval: 30s
metricRelabelings:
- sourceLabels: [__name__]
regex: 'argocd_.*'
action: keepAuto Scaling Configuration
1. HPA Setup
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: argocd-server
namespace: argocd
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: argocd-server
minReplicas: 2
maxReplicas: 5
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 802. Cluster Autoscaler
apiVersion: apps/v1
kind: Deployment
metadata:
name: cluster-autoscaler
namespace: kube-system
spec:
template:
spec:
containers:
- name: cluster-autoscaler
image: k8s.gcr.io/autoscaling/cluster-autoscaler:v1.22.2
command:
- ./cluster-autoscaler
- --v=4
- --stderrthreshold=info
- --cloud-provider=aws
- --skip-nodes-with-local-storage=false
- --nodes=2:10:eks-ng-1Best Practices Checklist
- Use IRSA for AWS authentication
- Configure ALB for ingress
- Setup backup to S3
- Enable CloudWatch monitoring
- Configure auto scaling
- Implement secrets management
- Enable encryption
- Regular backups
- Monitor costs
- Security compliance
Cost Optimization
1. Instance Selection
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: argocd-cluster
nodeGroups:
- name: ng-1
instanceTypes: ["t3.large", "t3a.large"]
desiredCapacity: 3
spotInstances: true
spotAllocationStrategy: capacity-optimized2. Resource Limits
apiVersion: v1
kind: LimitRange
metadata:
name: argocd-limits
namespace: argocd
spec:
limits:
- default:
cpu: 500m
memory: 512Mi
defaultRequest:
cpu: 200m
memory: 256Mi
type: ContainerConclusion
This guide provides a comprehensive setup for running ArgoCD on AWS EKS. Regular monitoring and updates are essential for optimal performance.