and Argo CD

Published: Aug 2, 2022 by Isaac Johnson

Recently, Codefresh launched a hosted Gitops solution backed by ArgoCD. I became aware of their latest offering from TechCrunch who interviewed their COSO Dan Garfied. Codefresh first launched a GitOps solution based on ArgoCD back in 2020 but just rolled it out publicly now. While the company has it’s own CI solution, it’s easy to integrate with other CI frameworks.

Today we’ll look at Argo through Codefresh and what it offers at the free tier. We’ll set up a couple sample apps on a new K3s cluster and lastly look at multi-cluster deployments.


Go to Codefresh to sign up


We can use various AuthN methods such as Google or Github


The flow is pretty straightforward with a signup screen


However, boo! for not accepting .science domains. I had to use gmail instead.


Once signed up, we are presented with the dashboard. Our first step is to install the Codefresh runtime.


Then connect to a git provider, like Github


We need to authorize it (and to any organizations we wish to include)


Configuration Repositories

Unlike other Argo offerings, Codefresh will store it’s actual configuration as code in a Github repo. Consider this an “Argo Configuration” repo.

Here we create a configuration repository


Which we can see reflected in Github


Next, we want to connect a cluster


Our first step is to install the CLI


Interestingly, the download for Windows was a tgz that I needed to use WSL to extract. I then needed to give it an “.exe” extension to run.


C:\Users\isaac\Downloads>cf-windows-amd64.exe config create-context codefresh --api-key  asdfasfasfsadfasdfas.asdfasdfasdfsadfsadf
level=info msg="New context created: \"codefresh\""
level=info msg="Switched to context: codefresh"

In WSL, the cf binary works the same

$ cf config create-context codefresh --api-key  asdfasfasfsadfasdfas.asdfasdfasdfsadfsadf
INFO New context created: "codefresh"
INFO Switched to context: codefresh

Adding Clusters

We can then add a cluster with cf cluster add codefresh-hosted


We see what was installed

$ cf cluster add codefresh-hosted
INFO Building "add-cluster" manifests
serviceaccount/argocd-manager-1659314524497 created created created
configmap/csdp-add-cluster-cm-1659314524497 created
secret/csdp-add-cluster-secret-1659314524497 created
job.batch/csdp-add-cluster-job-1659314524497 created
INFO Attempt #1/1 succeeded:
ServiceAccount: argocd-manager-1659314524497
Ingress URL:
Context Name: ext77
Found ServiceAccount secret argocd-manager-1659314524497-token-dpkks
Cluster "" set.
User "argocd-manager-1659314524497" set.
Context "ext77" created.

deleting token secret csdp-add-cluster-secret-1659314524497
secret "csdp-add-cluster-secret-1659314524497" deleted

cluster ext77 was added successfully to runtime codefresh-hosted

And now we can verify that cluster was added


Add Application

Our next step is to add an application


Choose “Add Application” from the application menu


We give the app a name and YAML file. The next screen allows us to enter standard Argo details.


We can then decide where to save the Manifest file


We see that the application was added


I had errors since I hardcoded the “test” namespace on main. I changed the app and committed it


And now we can see it progressing (after I created the “test” namespace)


Now my error is around the lack of credentials (403) accessing my Azure CR


Updating Applications

We can change branches to switch applications. Here I switched to the kaniko branch


we can see it sync


I can check the pod details for manifest


and logs


When it didn’t come up for a while, i went to the cluster to check on it.

We can see it’s due to my missing secret

$ kubectl describe pod kaniko -n test | tail -n 7
  Type     Reason       Age                   From               Message
  ----     ------       ----                  ----               -------
  Normal   Scheduled    7m11s                 default-scheduler  Successfully assigned test/kaniko to isaac-macbookair
  Warning  FailedMount  2m50s (x2 over 5m8s)  kubelet            Unable to attach or mount volumes: unmounted volumes=[kaniko-secret], unattached volumes=[kaniko-secret dockerfile-storage kube-api-access-jdkmf]: timed out waiting for the condition
  Warning  FailedMount  59s (x11 over 7m11s)  kubelet            MountVolume.SetUp failed for volume "kaniko-secret" : secret "kanikoharborcred" not found
  Warning  FailedMount  35s                   kubelet            Unable to attach or mount volumes: unmounted volumes=[kaniko-secret], unattached volumes=[dockerfile-storage kube-api-access-jdkmf kaniko-secret]: timed out waiting for the condition

I need to copy over the missing secret

builder@DESKTOP-72D2D9T:~/Workspaces/jekyll-blog$ kubectx mac81
Switched to context "mac81".
builder@DESKTOP-72D2D9T:~/Workspaces/jekyll-blog$ kubectl get secret kanikoharborcred -n test -o yaml > khc.test.yaml
builder@DESKTOP-72D2D9T:~/Workspaces/jekyll-blog$ kubectx mac77
Switched to context "mac77".
builder@DESKTOP-72D2D9T:~/Workspaces/jekyll-blog$ kubectl apply -f khc.test.yaml
secret/kanikoharborcred created

Once I fixed the secret and membership on the project, the container started to build


Then once the pods found their registry credential, they could launch


We can see it’s serving traffic by looking at live logs



From our Dashboard we can see the successful deployment


we can go to Runtimes to add more clusters


We can change namespace and/or cluster in the edit application page


We can add more applications for the same repository, but a new cluster


Next steps

They have a series of integrations already setup and a few “coming soon”


Obviously, I care deeply about monitoring so adding Github integration (likely for PR flows) will be key as well as Datadog for monitoring.


Let’s add a JIRA integration


As mine is hosted, I’ll need to create an API token in the API Token section of user settings


We can then use it in the Integration settings


You can use Test Connection to see if the API token is valid and that Codefresh can connect


The UI took a few to realize I had a new Integration. At first I thought my settings were eaten. But it just was a delay between saving and seeing it reflected in the Integrations area


This integration really just applies to the Github Action and Codefresh CI pipeline, not Argo


Let’s also add Dockerhub


Like before, we enter a username and password (or token). We can Test Connection here as well


Codefresh Github Action

For instance, there is a codefresh-report-image Github action


Which can tie a Dockerhub image with JIRA and Codedfresh.

- name: report image by action
        CF_HOST: "https://my-runtime-url"
        CF_API_KEY: $
        #Codefresh Integrations to USE
        CF_JIRA_INTEGRATION: "jira"
        CF_IMAGE: $/my-image-name:tag
        CF_GITHUB_TOKEN: $
        #Jira issues that match
        CF_JIRA_MESSAGE: "CR-12293"
      uses: codefresh-io/codefresh-report-image@latest

From my examples above, that might easily look like:

- name: report image by action
        CF_HOST: ""
        CF_API_KEY: $
        #Codefresh Integrations to USE
        CF_JIRA_INTEGRATION: "hosted"
        CF_IMAGE: idjohnson/my-image-name:tag
        CF_GITHUB_TOKEN: $
        #Jira issues that match
        CF_JIRA_MESSAGE: "TPK-1234"
      uses: codefresh-io/codefresh-report-image@latest

I can see the settings in the Github Actions Configuration page


To use, I’ll add the secrets I don’t already have into my Github actions secrets area


I also need to create a quick JIRA ticket to use for testing


which will be TPK-2


My Github Action now looks like (this does not match the image I’m building, ghrunner, but it’s just a test). The file itself is “testing-ghrunner.yml” so the modification should trigger the run.

name: GitHub Actions TEST
    - "**/testing-ghrunner.yml"

    runs-on: self-hosted
      - name: report image by action
          CF_HOST: ""
          CF_API_KEY: $
          #Codefresh Integrations to USE
          CF_JIRA_INTEGRATION: "hostedjira"
          CF_IMAGE: idjohnson/dockerwithtests2:latest
          CF_GITHUB_TOKEN: $
          #Jira issues that match
          CF_JIRA_MESSAGE: "TPK-2"
        uses: codefresh-io/codefresh-report-image@latest

When completed, I did not see annotations or notes added in Github Pull Requests or SHAs. I saw nothing added in JIRA, however I do see information stored in Codefresh:



I do not see a way to upgrade in the UI, but I can see pricing on their pricing page


I cannot really see a reason one would move from the current 10 user 1 pipeline account to a Team at $50/user/mo that just adds a bit more retention and one more runtime. I hope they rethink their offering since the only other choice is “Enterprise” with that magic “Call Us” price that I never will do.


We have signed up and created a Codefresh ArgoCD Project from scratch. We onboarded two clsuters and launched two different variants of a Docker with Tests repo. We looked at Dashboards and Integrations and explored the free/open-source project offering.

Overall, I was quite impressed with all that we get. To date, I have used when I needed a quick Argo CD demo. However they have a light wrapper around ArgoCD and just allow one application and cluster. I am not complaining at all - free is free. However, this new CF offering offers way more at the free tier.

It’s pretty clear from the various sections of the tool that they want you to start with the free tier and be won over to try the rest of their commercial products. For instance, if you want to add more than 10 users or more than one concurrent pipeline, you need to use a Team or Enterprise account


I look forward to coming back and exploring their CI offering more.

argocd kubernetes gitops codefresh

Isaac Johnson

Isaac Johnson

Cloud Solutions Architect

Isaac is a CSA and DevOps engineer who focuses on cloud migrations and devops processes. He also is a dad to three wonderful daughters (hence the references to Princess King sprinkled throughout the blog).

Theme built by C.S. Rhymes