ArgoCD Setup Guide for IBM Cloud

This guide provides detailed instructions for setting up ArgoCD on IBM Cloud Kubernetes Service (IKS), including IBM Cloud-specific configurations and integrations.

Prerequisites

• IBM Cloud CLI installed and configured
• kubectl configured for IKS
• IBM Cloud account with required permissions
• Helm (optional)

IKS Cluster Setup

1. Create IKS Cluster

ibmcloud ks cluster create classic \
  --name argocd-cluster \
  --zone dal10 \
  --machine-type b3c.4x16 \
  --workers 3 \
  --version latest

2. Configure Network Policies

apiVersion: security.cloud.ibm.com/v1
kind: NetworkPolicy
metadata:
  name: argocd-network-policy
  namespace: argocd
spec:
  podSelector:
    matchLabels:
      app.kubernetes.io/name: argocd-server
  policyTypes:
  - Ingress
  - Egress
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: kube-system
    ports:
    - protocol: TCP
      port: 443

ArgoCD Installation

1. Install ArgoCD

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

2. Configure IBM Cloud Load Balancer

apiVersion: v1
kind: Service
metadata:
  name: argocd-server
  namespace: argocd
  annotations:
    service.kubernetes.io/ibm-load-balancer-cloud-provider-ip-type: "public"
    service.kubernetes.io/ibm-load-balancer-cloud-provider-vpc: "true"
    service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: "proxy-protocol"
spec:
  type: LoadBalancer
  ports:
  - port: 443
    targetPort: 8080
    protocol: TCP
    name: https
  selector:
    app.kubernetes.io/name: argocd-server

IBM Cloud Integration

1. IBM Cloud Object Storage Integration

apiVersion: v1
kind: Secret
metadata:
  name: ibm-cos-credentials
  namespace: argocd
type: Opaque
stringData:
  access-key-id: your-access-key
  secret-access-key: your-secret-key
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-cm
  namespace: argocd
data:
  backup.destination: s3://argocd-backup
  backup.schedule: "0 * * * *"
  aws.endpoint: s3.us-south.cloud-object-storage.appdomain.cloud

2. IBM Container Registry Integration

apiVersion: v1
kind: Secret
metadata:
  name: registry-credentials
  namespace: argocd
type: kubernetes.io/dockerconfigjson
stringData:
  .dockerconfigjson: |
    {
      "auths": {
        "us.icr.io": {
          "auth": "base64-encoded-credentials"
        }
      }
    }

IBM Cloud Monitoring

1. IBM Cloud Monitoring Configuration

apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-cm
  namespace: argocd
data:
  monitoring.enabled: "true"
  monitoring.endpoint: "https://monitoring.cloud.ibm.com"

2. Sysdig Integration

apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  name: argocd-metrics
  namespace: argocd
  labels:
    sysdig: "true"
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: argocd-metrics
  endpoints:
  - port: metrics
    interval: 30s

Auto Scaling Configuration

1. Horizontal Pod Autoscaling

apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: argocd-server
  namespace: argocd
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: argocd-server
  minReplicas: 2
  maxReplicas: 5
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: 80

2. Cluster Autoscaler

apiVersion: v1
kind: ConfigMap
metadata:
  name: ibm-cluster-autoscaler
  namespace: kube-system
data:
  workerPoolsConfig.json: |
    [{
      "name": "default",
      "minSize": 3,
      "maxSize": 6,
      "enabled": true
    }]

IBM Cloud Key Protect Integration

1. Key Protect Setup

apiVersion: ibmcloud.ibm.com/v1
kind: KeyProtect
metadata:
  name: argocd-key-protect
  namespace: argocd
spec:
  instanceId: your-key-protect-instance-id
  iamApiKey: your-iam-api-key

2. Secret Management

apiVersion: ibmcloud.ibm.com/v1
kind: Secret
metadata:
  name: argocd-secrets
  namespace: argocd
spec:
  type: keyProtect
  keyProtectInstance: argocd-key-protect
  keys:
    - name: admin-password
      keyId: your-key-id
    - name: server-secretkey
      keyId: your-key-id

Backup Configuration

1. IBM Cloud Object Storage Backup

apiVersion: batch/v1
kind: CronJob
metadata:
  name: argocd-backup
  namespace: argocd
spec:
  schedule: "0 2 * * *"
  jobTemplate:
    spec:
      template:
        spec:
          containers:
          - name: argocd-backup
            image: argoproj/argocd:latest
            command:
            - argocd
            - admin
            - backup
            env:
            - name: AWS_ACCESS_KEY_ID
              valueFrom:
                secretKeyRef:
                  name: ibm-cos-credentials
                  key: access-key-id
            - name: AWS_SECRET_ACCESS_KEY
              valueFrom:
                secretKeyRef:
                  name: ibm-cos-credentials
                  key: secret-access-key
            - name: AWS_ENDPOINT_URL
              value: https://s3.us-south.cloud-object-storage.appdomain.cloud
          restartPolicy: OnFailure

Security Configuration

1. IBM Cloud Security Groups

apiVersion: security.cloud.ibm.com/v1
kind: SecurityGroup
metadata:
  name: argocd-security-group
spec:
  vpc: your-vpc-id
  rules:
  - direction: inbound
    protocol: tcp
    portMin: 443
    portMax: 443

2. IAM Integration

apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-cm
  namespace: argocd
data:
  oidc.config: |
    name: IBM Cloud
    issuer: https://iam.cloud.ibm.com/identity
    clientID: your-client-id
    clientSecret: $oidc.ibm.clientSecret
    requestedScopes: ["openid", "email", "profile"]

Cost Optimization

1. Worker Node Configuration

apiVersion: apps/v1
kind: Deployment
metadata:
  name: argocd-server
spec:
  template:
    spec:
      nodeSelector:
        ibm-cloud.kubernetes.io/worker-pool-name: standard-pool

2. Resource Quotas

apiVersion: v1
kind: ResourceQuota
metadata:
  name: argocd-quota
  namespace: argocd
spec:
  hard:
    requests.cpu: "4"
    requests.memory: 8Gi
    limits.cpu: "8"
    limits.memory: 16Gi

Best Practices Checklist

1. ✅ Use managed IKS cluster
2. ✅ Configure load balancer
3. ✅ Setup Object Storage backup
4. ✅ Enable monitoring
5. ✅ Configure auto scaling
6. ✅ Implement Key Protect
7. ✅ Enable encryption
8. ✅ Regular monitoring
9. ✅ Cost management
10. ✅ Security compliance

Performance Optimization

1. Load Balancer Optimization

apiVersion: v1
kind: Service
metadata:
  name: argocd-server
  annotations:
    service.kubernetes.io/ibm-load-balancer-cloud-provider-zone: "dal10"
    service.kubernetes.io/ibm-load-balancer-cloud-provider-vlan: "public"

2. Resource Management

apiVersion: apps/v1
kind: Deployment
metadata:
  name: argocd-server
spec:
  template:
    spec:
      containers:
      - name: argocd-server
        resources:
          requests:
            cpu: 200m
            memory: 256Mi
          limits:
            cpu: 500m
            memory: 512Mi

Troubleshooting

1. Common Issues

1. Load Balancer Issues

# Check load balancer status
ibmcloud ks nlb-dns ls --cluster argocd-cluster
kubectl describe service argocd-server -n argocd

2. Worker Node Issues

# Check worker node status
ibmcloud ks worker ls --cluster argocd-cluster
kubectl get nodes

2. Logging with LogDNA

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: logdna-agent
  namespace: ibm-observe
spec:
  template:
    spec:
      containers:
      - name: logdna-agent
        env:
        - name: LOGDNA_INGESTION_KEY
          valueFrom:
            secretKeyRef:
              name: logdna-agent-key
              key: logdna-ingestion-key

Conclusion

This guide provides a comprehensive setup for running ArgoCD on IBM Cloud Kubernetes Service. Regular monitoring and updates are essential for optimal performance.

Additional Resources

• IKS Documentation
• IBM Cloud Monitoring
• IBM Cloud Object Storage