Argo-cd: Cannot use Google managed certificate for argocd
I am trying to setup argocd on GKE .
I am trying to use nodeport + ingress and then reserving global static ip and use google managed certificate for SSL .
Tried many times but it just doesnt work . Do you have any good guide on how to achieve this ?
Apparently dont want to use type loadbalancer and nginx ingress controlled.
chiragthaker
All 6 comments
Can I recommend you check in the the docs: http://bit.ly/argocd-docs
If that fails, try Slack: http://bit.ly/argocd-slack
alexec
on 30 Oct 2019
No luck with slack channel and document either , but this doesn-t work with GCP ingress + nodeport , probably some wrong config.
Here is my service.yaml for GCP using nodeport:
apiVersion: v1
kind: Service
metadata:
name: argocd-server
namespace: argocd
annotations:
# note: for info on HTTP2, see https://github.com/GoogleCloudPlatform/kubernetes-engine-samples/blob/master/hello-app-tls/manifests/helloweb-ingress-tls.yaml
cloud.google.com/app-protocols: '{"https":"HTTPS","http":"HTTP"}'
spec:
# for GKE/GCP ingress, the service type needs to be nodeport
type: NodePort
ports:
- name: https
port: 443
targetPort: 8443 - name: http
port: 80
targetPort: 8080
selector:
app.kubernetes.io/name: argocd-server
Here is my ingress for GCP :
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: argocd-server-ingress
annotations:
kubernetes.io/ingress.class: "gce"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: argocd
spec:
backend:
serviceName: argocd-server
servicePort: https
tls:
- secretName: argocd-secret
rules: - host: correct hostname here..
http:
paths:
- backend:
serviceName: argocd-server
servicePort: https
path: /*
- backend:
chiragthaker
on 1 Nov 2019
I just tried to use GCE Ingess and NodePort for argocd-server and it seems the health check is broken because /healthz returns redirect
curl -I localhost:5580/healthz
HTTP/1.1 307 Temporary Redirect
Content-Type: text/html; charset=utf-8
Location: https://localhost:5580/healthz
Date: Tue, 10 Dec 2019 11:11:34 GMT
Certificates are created properly as that is not part of argocd but gce, but the ingress does fail with UNEALTHY because health check gets 307 :-/
apiVersion: v1
kind: Service
metadata:
name: argocd
labels:
app.kubernetes.io/name : argocd-server
app.kubernetes.io/part-of : argocd
app.kubernetes.io/component : server
annotations:
cloud.google.com/neg: '{"ingress": true}'
spec:
ports:
- port: 80
targetPort: 8080
protocol: TCP
name: "http"
- port: 443
targetPort: 8080
protocol: TCP
name: "https"
selector:
app.kubernetes.io/name : argocd-server
type: NodePort
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: argocd-ingress
annotations:
ingress.kubernetes.io/ssl-redirect: "true"
kubernetes.io/ingress.global-static-ip-name: "argocd-ip"
networking.gke.io/managed-certificates: "argocd-healthplusai-cert"
labels:
app.kubernetes.io/name: argocd-server
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: server
spec:
backend:
serviceName: argocd
servicePort: 80
rules:
- host: <my.domain>
http:
paths:
- path: /
backend:
serviceName: argocd
servicePort: 80
apiVersion: networking.gke.io/v1beta1
kind: ManagedCertificate
metadata:
name: argocd-healthplusai-cert
spec:
domains:
- <my.domain>
md5-98f9d9a7ae99605d810d6db76687fe3f
spec:
containers:
- command:
- argocd-server
- --staticassets
- /shared/app
- --insecure
Luxas98
on 10 Dec 2019
Is there some new solution for this?
gpkc
on 27 Sep 2020
waiting for some better solution on this
ajitkumar2797
on 8 Oct 2020
Would be nice for a GKE native integration to this.
codeBehindMe
on 30 Oct 2020
Related issues
alexmt
路
18Comments
jessesuen
路
24Comments
afanrasool
路
26Comments
toolbar23
路
22Comments
jl431
路
18Comments
Most helpful comment
I just tried to use GCE Ingess and NodePort for argocd-server and it seems the health check is broken because /healthz returns redirect
Certificates are created properly as that is not part of argocd but gce, but the ingress does fail with UNEALTHY because health check gets 307 :-/