Atlas Argo CD API Integration
This guide will help you configure Atlas to authenticate and proxy requests to the Argo CD API.
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It provides a web UI and a CLI for managing applications and their deployments.
Argo CD also provides a REST API for programmatic access to the Argo CD platform. This includes APIs for managing applications, repositories, and settings.
At the end of this guide, your running instance of Atlas will be configured to:
Proxy HTTP requests to the Argo CD API.
Authenticate these requests using one or more Argo CD API tokens.
Availability
Public alpha. This integration is available to all Atlas users, but the API may change.
Prerequisites
A running instance of Atlas. See installation guides for more details.
A running instance of Argo CD. See installation guides for more details.
The
argocd
CLI. See installation guides for more details.
Note: This guide currently requires TLS to be disabled on the
argo-server
service. In future releases, Atlas will support loading certificates to communicate with Argo CD over TLS.
Provision a Argo CD API token
Use
argocd
to log into an Argo CD instance with an account that hasrole:admin
privileges.Edit the user list in the Argo CD
ConfigMap
to create a service account for Atlas to use to authenticate with Argo CD. This service account must haveapiKey
authentication enabled. See Create new user guide for more details. Usually this involves changing theargocd-cm
ConfigMap
to add a new user to theusers
list. For example, the last two lines of thisConfigMap
add a user namedatlas
.Grant the service account appropriate privileges. Many times this role will be
role:admin
. Usually this means editing theargocd-rbac-cm
ConfigMap
to add the service account to thepolicy.csv
list. For example, the last two lines of thisConfigMap
:Check that
argo-server
is running without TLS. Usually this means settingserver.insecure
totrue
in theargocd-rbac-cm
ConfigMap
.Deploy the updated
ConfigMap
to Argo CD. This step will vary depending on how you deployed Argo CD. For some people, it will involve updating a Helm chart, for others it will involve runningkubectl apply -f
on a YAML file.Generate an API key for the service account. Save this API key somewhere safe for the subsequent steps.
Add Argo CD Integration to Atlas
Step 1: Add Argo CD API token to Atlas Deployment as an Environment Variable
Choose an environment variable name for the Argo CD API token. Generally this is something like
ARGOCD_TOKEN
.Add the Argo CD API token you provisioned as an environment variables to your Atlas deployment. The install guides have instructions for how to do this for each deployment method. For example, if you deployed Atlas using ECS, you might add an environment variable
ARGOCD_TOKEN
to the Pulumi configuration. If you deployed using Kubernetes, you might add theARGOCD_TOKEN
environment variable to a.env
file.Note the name of the environment variable you chose. We will use this in the next step to configure the HTTP adapter.
Step 2: Add Argo CD API token to Atlas Configuration
We can use the mom
CLI to add the Argo CD API token to the Atlas configuration. Run this command, changing
YOUR_ATLAS_CONFIG.yml
with the path to your Atlas configuration fileARGOCD_TOKEN
to the name of the environment variable you chose in the previous stepYOUR_ADAPTER_NAME
to the name you want to use for the HTTP adapter in Atlas, e.g.,argocd
YOUR_ARGOCD_SERVER
to the URL of your Argo CD server, e.g.,http://argocd-server.argocd.svc
.
The diff in your version control system should look something like this:
Step 3: Deploy the Updated Atlas Config
The install guides have instructions for how to deploy Atlas into a variety of environments, including Kubernetes and ECS.
Step 4: Test the Integration
Once deployed, we can use the mom curl
command to test the integration. Be sure to replace argocd
with the name you chose in the previous step if it is different.
Using the integration in a canvas
This integration can be used in Moment by creating a new cell in a Moment canvas, and pasting the following code. Note that you will need to assign httpAdapterName
to the name you chose for the HTTP adapter in the previous step, e.g., argocd
.
If the integration is working, you should see a JSON object with a list of Argo CD users.
Last updated