Argo CD, Traefik, Let’s Encrypt on GCP Part 1

Note on install Argo CD, Traefik and Let’s Encrypt on GCP. Useful read as follow. It’s a long process so I divide to 2 parts.

Getting Started - Argo CD - Declarative GitOps CD for Kubernetes

Traefik Let's Encrypt Documentation - Traefik

Traefik CRD TLS Documentation - Traefik

First, Create K8S cluster on GCP. I use Standard.

Then, fill in your configuration for Cluster.

Next, Config Node pool and machine. This is a n experiment so I select smal node pool and machine because of the cost.

I use Private cluster. Set Control place IP range as you like.

Create Cluster and wait. This might take a few minutes.

Next, create nfs server to keep your acme data for Let’s Encrypt.

I use ubuntu 22.1 for this test.

After create your instance, we will ssh to install and setting for nfs server. This is a useful read.

How to Install and Configure an NFS Server on Ubuntu 22.04

ssh into your newly create instance and install nfs server.

sudo apt install nfs-kernel-server

Next, create folder to share.

sudo mkdir -p /mnt/nfs_share/acme

Create file acmes.json

sudo touch /mnt/nfs_share/acme/acmes.json 

Set Owner and Permission. The file acmes.json must be 600.

sudo chown -R nobody:nogroup /mnt/nfs_share/
sudo chmod 777 /mnt/nfs_share/
sudo chmod 600 /mnt/nfs_share/acme/acmes.json

Next, grant access to the client system for accessing the NFS server.

sudo nano /etc/exports

This will open nano. We will permit subnet 10.148.0.0/24 to access the NFS share.

/mnt/nfs_share 10.148.0.0/24(rw,sync,no_subtree_check)

Save and Exit nano. Restart nfs server.

sudo exportfs -a
sudo systemctl restart nfs-kernel-server

Next step, we will add NAT Gateway with Cloud NAT. If you don’t add NAT Gateway, you can not pull docker images outside google.

Create nat-router.

After create Cluster, NFS Server and NAT Router, we will create Argo CD in our cluster now. We create argocd namespace and apply Argo CD yaml.

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

If you got an error on argocd-repo-server pod, try using version 2.3.15 instead.

kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.3.15/manifests/install.yaml

I used Lens to monitor my cluser. You can any tools you want.

Lens | The Kubernetes IDE

K8S Lens with Google Cloud.

After applied yaml file, You can see that it will create multiple deployment in argocd namespace.

You can use port forward by command line or use UI in Lens to access argocd UI.

Username is admin

You can get argo cd password from command below.

kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}"| base64 -d;echo

Next Part we will connect to gitlab, deploy traefik and set example application.

Argo CD, Traefik, Let’s Encrypt on GCP Part 2