- Install ArgoCD on your cluster:
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml- Wait for all pods to be ready:
kubectl get pods -n argocd --watchCreate a file named argocd-ingress.yaml with the following content (update the host to your new domain):
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: argocd-ingress
namespace: argocd
annotations:
networking.gke.io/managed-certificates: argocd-cert
labels:
app: argocd
spec:
rules:
- host: your-new-domain.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: argocd-server
port:
number: 80kubectl apply -f argocd-ingress.yaml -n argocdCreate a file named argocd-cert.yaml:
apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
name: argocd-cert
namespace: argocd
spec:
domains:
- your-new-domain.example.comkubectl apply -f argocd-cert.yaml -n argocdCreate a file named argocd-healthcheck-config.yaml:
apiVersion: cloud.google.com/v1
kind: BackendConfig
metadata:
name: argocd-healthcheck-config
namespace: argocd
spec:
healthCheck:
type: HTTP
requestPath: /healthz
port: 8080kubectl apply -f argocd-healthcheck-config.yaml -n argocdEdit the argocd-server service to use the BackendConfig:
kubectl edit svc argocd-server -n argocdAdd or update the annotation:
annotations:
cloud.google.com/backend-config: '{"default": "argocd-healthcheck-config"}'If you experience redirect loops or health check failures due to HTTPS redirects:
kubectl edit configmap argocd-cmd-params-cm -n argocdAdd:
data:
server.insecure: "true"kubectl rollout restart deployment argocd-server -n argocdkubectl describe ingress argocd-ingress -n argocd- Look for the
Addressfield to get the external IP. - Check for errors in the
Eventssection.
kubectl describe managedcertificate argocd-cert -n argocd- Ensure
Certificate StatusandDomain StatusareActive.
kubectl describe ingress argocd-ingress -n argocd | grep backends- Ensure your backend is
HEALTHY. - If not, check pod logs, service endpoints, and health check configuration.
- Ensure Google health check IP ranges are allowed:
35.191.0.0/16130.211.0.0/22
- Once the Ingress has an external IP, update your DNS record for the domain to point to that IP.
- Verify DNS propagation:
nslookup your-new-domain.example.comor
dig your-new-domain.example.com- Open your browser and navigate to
https://your-new-domain.example.com. - If you set ArgoCD to insecure mode, you may need to use
http://or adjust your Ingress for HTTPS redirection.
- Ingress not getting an IP:
- Wait a few minutes for GKE to provision the load balancer.
- Check for errors in the Ingress events.
- Backend is UNHEALTHY:
- Ensure the health check path (
/healthz) returns200 OK. - Ensure the health check port matches your pod’s target port.
- Check firewall rules for health check traffic.
- Consider setting ArgoCD to insecure mode if redirect loops occur.
- Ensure the health check path (
- ManagedCertificate not active:
- Check for errors in the ManagedCertificate events.
- Ensure your domain is correctly spelled and matches the Ingress host.
- DNS not resolving:
- Double-check your DNS record and wait for propagation.
| Step | Command/Action | Notes |
|---|---|---|
| Deploy ArgoCD | kubectl apply -n argocd -f ... |
Use official manifests |
| Create Ingress | kubectl apply -f argocd-ingress.yaml -n argocd |
Update host and labels |
| Create ManagedCert | kubectl apply -f argocd-cert.yaml -n argocd |
Update domain |
| Create BackendConfig | kubectl apply -f argocd-healthcheck-config.yaml -n argocd |
Ensure port and path are correct |
| Update Service | kubectl edit svc argocd-server -n argocd |
Add BackendConfig annotation |
| Set Insecure (opt.) | kubectl edit configmap argocd-cmd-params-cm -n argocd |
Add server.insecure: "true" |
| Restart ArgoCD (opt.) | kubectl rollout restart deployment argocd-server -n argocd |
Apply insecure config |
| Check Ingress | kubectl describe ingress argocd-ingress -n argocd |
Look for IP and errors |
| Check ManagedCert | kubectl describe managedcertificate argocd-cert -n argocd |
Look for Active status |
| Check Backend Health | kubectl describe ingress argocd-ingress -n argocd | grep backends |
Ensure HEALTHY |
| Update DNS | Update DNS record to Ingress IP | Use nslookup/dig to verify |
| Test Access | Open browser to https://your-new-domain.example.com |
Use http if insecure mode enabled |
- ArgoCD Official Docs: [Getting Started]1, [Installation]2
- GKE and ArgoCD Guides: [GitLab’s GKE + ArgoCD]3, [GKE Multi-Cluster with ArgoCD]4
- Troubleshooting: See events and logs for errors, check health check and firewall settings.
This repository contains example applications for demoing ArgoCD functionality. Feel free to register this repository to your ArgoCD instance, or fork this repo and push your own commits to explore ArgoCD and GitOps!
| Application | Description |
|---|---|
| guestbook | A hello word guestbook app as plain YAML |
| helm-guestbook | The guestbook app as a Helm chart |
| jsonnet-guestbook | The guestbook app as a raw jsonnet |
| jsonnet-guestbook-tla | The guestbook app as a raw jsonnet with support for top level arguments |
| kustomize-guestbook | The guestbook app as a Kustomize 2 app |
| pre-post-sync | Demonstrates Argo CD PreSync and PostSync hooks |
| sync-waves | Demonstrates Argo CD sync waves with hooks |
| helm-dependency | Demonstrates how to customize an OTS (off-the-shelf) helm chart from an upstream repo |
| sock-shop | A microservices demo app (https://microservices-demo.github.io) |
| plugins | Apps which demonstrate config management plugins usage |
| blue-green | Demonstrates how to implement blue-green deployment using Argo Rollouts |
| apps | An app composed of other apps |
Footnotes
-
https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/ ↩
-
https://about.gitlab.com/blog/2024/01/31/quick-setup-of-a-gke-cluster-with-argocd-pre-installed-using-terraform/ ↩
-
https://cloud.google.com/blog/products/containers-kubernetes/empower-your-teams-with-self-service-kubernetes-using-gke-fleets-and-argo-cd ↩