Argo Continuous Delivery (Argo CD) is a declarative, Kubernetes-native continuous deployment tool that can read and pull code from Git repositories and deploy it to your cluster. Because of that, you can integrate Argo CD into your GitOps pipeline to automate the deployment and synchronization of your apps.

Before you begin

  1. Install the following command line tools:

    • kubectl, the Kubernetes command line tool. Download the kubectl version that is within one minor version of the Kubernetes clusters you plan to use.
    • argocd, the Argo CD command line tool.

  2. Create or use an existing Kubernetes cluster.

Set up Argo CD

  1. Install the custom resources of the Kubernetes Gateway API.

      kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml

    Example output:

      customresourcedefinition.apiextensions.k8s.io/gatewayclasses.gateway.networking.k8s.io created
customresourcedefinition.apiextensions.k8s.io/gateways.gateway.networking.k8s.io created
customresourcedefinition.apiextensions.k8s.io/httproutes.gateway.networking.k8s.io created
customresourcedefinition.apiextensions.k8s.io/referencegrants.gateway.networking.k8s.io created

  2. Install Argo CD in your cluster.

      kubectl create namespace argocd
until kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.12.3/manifests/install.yaml > /dev/null 2>&1; do sleep 2; done
# wait for deployment to complete
kubectl -n argocd rollout status deploy/argocd-applicationset-controller
kubectl -n argocd rollout status deploy/argocd-dex-server
kubectl -n argocd rollout status deploy/argocd-notifications-controller
kubectl -n argocd rollout status deploy/argocd-redis
kubectl -n argocd rollout status deploy/argocd-repo-server
kubectl -n argocd rollout status deploy/argocd-server

  3. Update the default Argo CD password for the admin user to solo.io.

      # bcrypt(password)=$2a$10$79yaoOg9dL5MO8pn8hGqtO4xQDejSEVNWAGQR268JHLdrCw6UCYmy
# password: solo.io
kubectl -n argocd patch secret argocd-secret \
  -p '{"stringData": {
    "admin.password": "$2a$10$79yaoOg9dL5MO8pn8hGqtO4xQDejSEVNWAGQR268JHLdrCw6UCYmy",
    "admin.passwordMtime": "'$(date +%FT%T%Z)'"
  }}'

  4. Port-forward the Argo CD server on port 9999.

      kubectl port-forward svc/argocd-server -n argocd 9999:443

  5. Open the Argo CD UI.

  6. Log in with the admin username and solo.io password.

Install Gloo Gateway

  1. Create an Argo CD application to install the Gloo Gateway Helm chart.

      kubectl apply -f- <<EOF
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: gloo-gateway-oss-helm
  namespace: argocd
spec:
  destination:
    namespace: gloo-system
    server: https://kubernetes.default.svc
  project: default
  source:
    chart: gloo
    helm:
      skipCrds: false
      values: |
        kubeGateway:
          # Enable K8s Gateway integration
          enabled: true
        gatewayProxies:
          gatewayProxy:
            disabled: true
        gloo:
          disableLeaderElection: true
        discovery:
          # For demo purposes, disable discovery
          enabled: false
    repoURL: https://storage.googleapis.com/solo-public-helm
    targetRevision: 1.18.0-beta34
  syncPolicy:
    automated:
      # Prune resources during auto-syncing (default is false)
      prune: true 
      # Sync the app in part when resources are changed only in the target Kubernetes cluster
      # but not in the git source (default is false).
      selfHeal: true 
    syncOptions:
    - CreateNamespace=true 
EOF

  2. Verify that the gloo control plane is up and running.

      kubectl get pods -n gloo-system

    Example output:

      NAME                                  READY   STATUS      RESTARTS   AGE
gateway-certgen-wfz9z                 0/1     Completed   0          35s
gloo-78f4cc8fc6-6hmsq                 1/1     Running     0          21s
gloo-resource-migration-sx5z4         0/1     Completed   0          48s
gloo-resource-rollout-28gj6           0/1     Completed   0          21s
gloo-resource-rollout-check-tjdp7     0/1     Completed   0          2s
gloo-resource-rollout-cleanup-nj4t8   0/1     Completed   0          39s

  3. Verify that the gloo-gateway GatewayClass is created. You can optionally take a look at how the gateway class is configured by adding the -o yaml option to your command.

      kubectl get gatewayclass gloo-gateway

  4. Open the Argo CD UI and verify that you see the Argo CD application with a Healthy and Synced status.

  1. Use the following YAML file to create an Argo CD application and deploy the Gloo Gateway Enterprise Helm chart. Make sure to enter your license key in the license_key field.

      kubectl apply -f- <<EOF
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: gloo-gateway-ee-helm
  namespace: argocd
spec:
  destination:
    namespace: gloo-system
    server: https://kubernetes.default.svc
  project: default
  source:
    chart: gloo-ee
    helm:
      skipCrds: false
      values: |
        gloo:
          discovery:
            enabled: false
          disableLeaderElection: true
          gatewayProxies:
            gatewayProxy:
              disabled: true
          kubeGateway:
            enabled: true
        gloo-fed:
          enabled: false
          glooFedApiserver:
            enable: false
        grafana:
          defaultInstallationEnabled: false
        license_key: <enterprise-license-key>
        observability:
          enabled: false
        prometheus:
          enabled: false
        settings:
          disableKubernetesDestinations: true
    repoURL: https://storage.googleapis.com/gloo-ee-helm
    targetRevision: 1.18.0-beta2
  syncPolicy:
    automated:
      # Prune resources during auto-syncing (default is false)
      prune: true 
      # Sync the app in part when resources are changed only in the target Kubernetes cluster
      # but not in the git source (default is false).
      selfHeal: true 
    syncOptions:
    - CreateNamespace=true
EOF

  2. Verify that the gloo control plane is up and running.

      kubectl get pods -n gloo-system

    Example output:

      NAME                                  READY   STATUS      RESTARTS   AGE
extauth-6f8db7b756-5q4rz              1/1     Running     0          110s
gloo-8bbd4bcc5-bbqs7                  1/1     Running     0          110s
gloo-resource-migration-fcrlr         0/1     Completed   0          2m17s
gloo-resource-rollout-check-88fmv     0/1     Completed   0          84s
gloo-resource-rollout-cleanup-9n2pf   0/1     Completed   0          2m7s
gloo-resource-rollout-kljnz           0/1     Completed   0          110s
rate-limit-56694f94d4-2jgwx           1/1     Running     0          110s
redis-54757c7964-k2tk2                1/1     Running     0          110s

  3. Verify that the gloo-gateway GatewayClass is created. You can optionally take a look at how the gateway class is configured by adding the -o yaml option to your command.

      kubectl get gatewayclass gloo-gateway

  4. Open the Argo CD UI and verify that you see the Argo CD application with a Healthy and Synced status.

Set up an API gateway

  1. Create a gateway resource and configure an HTTP listener. The following gateway can serve HTTP resources from all namespaces.

      kubectl apply -n gloo-system -f- <<EOF
kind: Gateway
apiVersion: gateway.networking.k8s.io/v1
metadata:
  name: http
spec:
  gatewayClassName: gloo-gateway
  listeners:
  - protocol: HTTP
    port: 8080
    name: http
    allowedRoutes:
      namespaces:
        from: All
EOF

  2. Verify that the gateway is created successfully. You can also review the external address that is assigned to the gateway. Note that depending on your environment it might take a few minutes for the load balancer service to be assigned an external address.

      kubectl get gateway http -n gloo-system

    Example output:

      NAME   CLASS          ADDRESS                                                                  PROGRAMMED   AGE
http   gloo-gateway   a3a6c06e2f4154185bf3f8af46abf22e-139567718.us-east-2.elb.amazonaws.com   True         93s

Deploy a sample app

  1. Create the httpbin namespace.

      kubectl create ns httpbin

  2. Deploy the httpbin app.

      kubectl -n httpbin apply -f https://raw.githubusercontent.com/solo-io/gloo-mesh-use-cases/main/policy-demo/httpbin.yaml

  3. Verify that the httpbin app is running.

      kubectl -n httpbin get pods

    Example output:

      NAME                      READY   STATUS    RESTARTS   AGE
httpbin-d57c95548-nz98t   3/3     Running   0          18s

Expose the app on the gateway

  1. Create an HTTPRoute resource to expose the httpbin app on the gateway. The following example exposes the app on the wwww.example.com domain.

      kubectl apply -f- <<EOF
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
  name: httpbin
  namespace: httpbin
  labels:
    example: httpbin-route
spec:
  parentRefs:
    - name: http
      namespace: gloo-system
  hostnames:
    - "www.example.com"
  rules:
    - backendRefs:
        - name: httpbin
          port: 8000
EOF
    SettingDescription
    spec.parentRefsThe name and namespace of the gateway resource that serves the route. In this example, you use the HTTP gateway that you created earlier.
    spec.hostnamesA list of hostnames that the route is exposed on.
    spec.rules.backendRefsThe Kubernetes service that serves the incoming request. In this example, requests to www.example.com are forwarded to the httpbin app on port 9000. Note that you must create the HTTP route in the same namespace as the service that serves that route. To create the HTTP route resource in a different namespace, you must create a ReferenceGrant resource to allow the HTTP route to forward requests to a service in a different namespace. For more information, see the Kubernetes API Gateway documentation.

  2. Verify that the HTTPRoute is applied successfully.

      kubectl get -n httpbin httproute/httpbin -o yaml

  3. Send a request to the httpbin app.

    1. Get the external address of the gateway and save it in an environment variable.

        export INGRESS_GW_ADDRESS=$(kubectl get svc -n gloo-system gloo-proxy-http -o=jsonpath="{.status.loadBalancer.ingress[0]['hostname','ip']}")
echo $INGRESS_GW_ADDRESS

    2. Send a request to the httpbin app and verify that you get back a 200 HTTP response code. Note that it might take a few seconds for the load balancer service to become fully ready and accept traffic.

        curl -i http://$INGRESS_GW_ADDRESS:8080/headers -H "host: www.example.com:8080"

      Example output:

        HTTP/1.1 200 OK
server: envoy
date: Wed, 17 Jan 2024 17:32:21 GMT
content-type: application/json
content-length: 211
access-control-allow-origin: *
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2

    1. Port-forward the gloo-proxy-http pod on port 8080.

        kubectl port-forward deployment/gloo-proxy-http -n gloo-system 8080:8080

    2. Send a request to the httpbin app and verify that you get back a 200 HTTP response code.

        curl -i localhost:8080/headers -H "host: www.example.com"

      Example output:

        HTTP/1.1 200 OK
server: envoy
date: Wed, 17 Jan 2024 17:32:21 GMT
content-type: application/json
content-length: 211
access-control-allow-origin: *
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2

Next steps

Now that you have Gloo Gateway set up and running, check out the following guides to expand your API gateway capabilities.

  • Check out this blog post to learn how you can use Argo CD to deploy an application and how to manually sync the app with your cluster. This blog post also includes other guides for how to set up request matching, apply policies, or rollout a new version of an app.
  • Learn more about Gloo Gateway’s features and benefits.
  • Add routing capabilities to your httpbin route by using the Traffic management guides.
  • Explore ways to make your routes more resilient by using the Resiliency guides.
  • Secure your routes with external authentication and rate limiting policies by using the Security guides.

Cleanup

If you no longer need this quick-start Gloo Gateway environment, you can uninstall your setup by following these steps:

  1. Port-forward the Argo CD server on port 9999.

      kubectl port-forward svc/argocd-server -n argocd 9999:443

  2. Open the Argo CD UI.

  3. Log in with the admin username and solo.io password.

  4. Find the application that you want to delete and click x.

  5. Select Foreground and click Ok.

  6. Verify that the pods were removed from the gloo-system namespace.

      kubectl get pods -n gloo-system

    Example output:

      No resources found in gloo-system namespace.

  1. Port-forward the Argo CD server on port 9999.

      kubectl port-forward svc/argocd-server -n argocd 9999:443

  2. Log in to the Argo CD UI.

      argocd login localhost:9999 --username admin --password solo.io --insecure

  3. Delete the application.

    • Open source:

        argocd app delete gloo-gateway-oss-helm --cascade --server localhost:9999 --insecure

    • Enterprise:

        argocd app delete gloo-gateway-ee-helm --cascade --server localhost:9999 --insecure

    Example output:

      Are you sure you want to delete 'gloo-gateway-oss-helm' and all its resources? [y/n] y
application 'gloo-gateway-oss-helm' deleted

  4. Verify that the pods were removed from the gloo-system namespace.

      kubectl get pods -n gloo-system

    Example output:

      No resources found in gloo-system namespace.