ArogoCD | Notion

kubectl create ns argocd

helm repo add argo <https://argoproj.github.io/argo-helm>
helm repo update argo

cat <<\\EOF> argocd-value.yaml
configs:
  cm:
    accounts.image-updater: apiKey
    timeout.reconciliation: 60s
  rbac:
    policy.csv: |
      p, role:image-updater, applications, get, */*, allow
      p, role:image-updater, applications, update, */*, allow
      g, image-updater, role:image-updater
    policy.default: role.readonly
  params:
    server.insecure: true
EOF

helm install argocd argo/argo-cd \\
    --create-namespace \\
    --namespace argocd \\
    --values argocd-value.yaml

curl -sSL -o argocd-linux-amd64 <https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64>
sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd
rm -rf argocd-linux-amd64

sudo dnf install -y expect
# kubectl port-forward svc/argocd-server -n argocd --address=0.0.0.0 8080:443 > /dev/null &
kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "LoadBalancer"}}'
ARGO_PW=(`kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d`)
echo y | argocd login --insecure --username admin --password $ARGO_PW 127.0.0.1:8080  # ID : admin
expect -c "
spawn argocd account update-password
expect -re \\".*Enter.*\\"
send \\"$ARGO_PW\\r\\"
expect -re \\".*Enter.*\\"
send \\"Skill53##\\r\\"
expect -re \\".*Confirm.*\\"
send \\"Skill53##\\r\\"
interact
"

eksctl create iamserviceaccount \\
    --cluster gwangju-eks-cluster \\
    --name argocd-image-updater \\
    --namespace argocd \\
    --attach-policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly \\
    --approve

cat <<\\EOF> argocd-image-updater-values.yaml
config:
  argocd:
    grpcWeb: true
    serverAddress: "<http://argocd-server.argocd>"
    insecure: true
    plaintext: true
  logLevel: debug
  registries:
    - name: ECR
      api_url: "https://ACCOUNT_ID.dkr.ecr.REGION_CODE.amazonaws.com"
      prefix: "ACCOUNT_ID.dkr.ecr.REGION_CODE.amazonaws.com"
      ping: true
      insecure: false
      credentials: "ext:/scripts/auth1.sh"
      credsexpire: 10h
authScripts:
  enabled: true
  scripts:
    auth1.sh: |
      #!/bin/sh
      aws ecr --region REGION_CODE get-authorization-token --output text --query 'authorizationData[].authorizationToken' | base64 -d
EOF

AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query "Account" --output text)
AWS_DEFAULT_REGION=$(aws configure set region ap-northeast-2 && aws configure get region --output text)

Delete Token

sed -i "s|ACCOUNT_ID|$AWS_ACCOUNT_ID|g" argocd-image-updater-values.yaml
sed -i "s|REGION_CODE|$AWS_DEFAULT_REGION|g" argocd-image-updater-values.yaml