Codefresh.io and Argo CD

Published: Aug 2, 2022 by Isaac Johnson

Recently, Codefresh launched a hosted Gitops solution backed by ArgoCD. I became aware of their latest offering from TechCrunch who interviewed their COSO Dan Garfied. Codefresh first launched a GitOps solution based on ArgoCD back in 2020 but just rolled it out publicly now. While the company has it’s own CI solution, it’s easy to integrate with other CI frameworks.

Today we’ll look at Argo through Codefresh and what it offers at the free tier. We’ll set up a couple sample apps on a new K3s cluster and lastly look at multi-cluster deployments.

Signup

Go to Codefresh to sign up

/content/images/2022/07/cfargo-01.png

We can use various AuthN methods such as Google or Github

/content/images/2022/07/cfargo-02.png

The flow is pretty straightforward with a signup screen

/content/images/2022/07/cfargo-03.png

However, boo! for not accepting .science domains. I had to use gmail instead.

/content/images/2022/07/cfargo-04.png

Once signed up, we are presented with the dashboard. Our first step is to install the Codefresh runtime.

/content/images/2022/07/codefresh-10.png

Then connect to a git provider, like Github

/content/images/2022/07/codefresh-11.png

We need to authorize it (and to any organizations we wish to include)

/content/images/2022/07/codefresh-12.png

Configuration Repositories

Unlike other Argo offerings, Codefresh will store it’s actual configuration as code in a Github repo. Consider this an “Argo Configuration” repo.

Here we create a configuration repository

/content/images/2022/07/codefresh-13.png

Which we can see reflected in Github

/content/images/2022/07/codefresh-27.png

Next, we want to connect a cluster

/content/images/2022/07/codefresh-14.png

Our first step is to install the CLI

/content/images/2022/07/codefresh-15.png

Interestingly, the download for Windows was a tgz that I needed to use WSL to extract. I then needed to give it an “.exe” extension to run.

/content/images/2022/07/codefresh-16.png

C:\Users\isaac\Downloads>cf-windows-amd64.exe config create-context codefresh --api-key  asdfasfasfsadfasdfas.asdfasdfasdfsadfsadf
level=info msg="New context created: \"codefresh\""
level=info msg="Switched to context: codefresh"

In WSL, the cf binary works the same

$ cf config create-context codefresh --api-key  asdfasfasfsadfasdfas.asdfasdfasdfsadfsadf
INFO New context created: "codefresh"
INFO Switched to context: codefresh

Adding Clusters

We can then add a cluster with cf cluster add codefresh-hosted

/content/images/2022/07/codefresh-17.png

We see what was installed

$ cf cluster add codefresh-hosted
ext77
INFO Building "add-cluster" manifests
serviceaccount/argocd-manager-1659314524497 created
clusterrole.rbac.authorization.k8s.io/argocd-manager-role-1659314524497 created
clusterrolebinding.rbac.authorization.k8s.io/argocd-manager-role-binding-1659314524497 created
configmap/csdp-add-cluster-cm-1659314524497 created
secret/csdp-add-cluster-secret-1659314524497 created
job.batch/csdp-add-cluster-job-1659314524497 created
INFO Attempt #1/1 succeeded:
=====
ServiceAccount: argocd-manager-1659314524497
Ingress URL: https://mr-62e3d9f588d8af3a8b8581d3-d6dd0e5.cf-cd.com
Context Name: ext77
Server: https://73.242.50.46:25560
Found ServiceAccount secret argocd-manager-1659314524497-token-dpkks
Cluster "73.242.50.46:25560" set.
User "argocd-manager-1659314524497" set.
Context "ext77" created.
STATUS_CODE: 201

deleting token secret csdp-add-cluster-secret-1659314524497
secret "csdp-add-cluster-secret-1659314524497" deleted
=====

cluster ext77 was added successfully to runtime codefresh-hosted

And now we can verify that cluster was added

/content/images/2022/07/codefresh-18.png

Add Application

Our next step is to add an application

/content/images/2022/07/codefresh-19.png

Choose “Add Application” from the application menu

/content/images/2022/07/codefresh-20.png

We give the app a name and YAML file. The next screen allows us to enter standard Argo details.

/content/images/2022/07/codefresh-21.png

We can then decide where to save the Manifest file

/content/images/2022/07/codefresh-22.png

We see that the application was added

/content/images/2022/07/codefresh-23.png

I had errors since I hardcoded the “test” namespace on main. I changed the app and committed it

/content/images/2022/07/codefresh-24.png

And now we can see it progressing (after I created the “test” namespace)

/content/images/2022/07/codefresh-25.png

Now my error is around the lack of credentials (403) accessing my Azure CR

/content/images/2022/07/codefresh-26.png

Updating Applications

We can change branches to switch applications. Here I switched to the kaniko branch

/content/images/2022/07/codefresh-28.png

we can see it sync

/content/images/2022/07/codefresh-29.png

I can check the pod details for manifest

/content/images/2022/07/codefresh-30.png

and logs

/content/images/2022/07/codefresh-31.png

When it didn’t come up for a while, i went to the cluster to check on it.

We can see it’s due to my missing secret

$ kubectl describe pod kaniko -n test | tail -n 7
Events:
  Type     Reason       Age                   From               Message
  ----     ------       ----                  ----               -------
  Normal   Scheduled    7m11s                 default-scheduler  Successfully assigned test/kaniko to isaac-macbookair
  Warning  FailedMount  2m50s (x2 over 5m8s)  kubelet            Unable to attach or mount volumes: unmounted volumes=[kaniko-secret], unattached volumes=[kaniko-secret dockerfile-storage kube-api-access-jdkmf]: timed out waiting for the condition
  Warning  FailedMount  59s (x11 over 7m11s)  kubelet            MountVolume.SetUp failed for volume "kaniko-secret" : secret "kanikoharborcred" not found
  Warning  FailedMount  35s                   kubelet            Unable to attach or mount volumes: unmounted volumes=[kaniko-secret], unattached volumes=[dockerfile-storage kube-api-access-jdkmf kaniko-secret]: timed out waiting for the condition

I need to copy over the missing secret

builder@DESKTOP-72D2D9T:~/Workspaces/jekyll-blog$ kubectx mac81
Switched to context "mac81".
builder@DESKTOP-72D2D9T:~/Workspaces/jekyll-blog$ kubectl get secret kanikoharborcred -n test -o yaml > khc.test.yaml
builder@DESKTOP-72D2D9T:~/Workspaces/jekyll-blog$ kubectx mac77
Switched to context "mac77".
builder@DESKTOP-72D2D9T:~/Workspaces/jekyll-blog$ kubectl apply -f khc.test.yaml
secret/kanikoharborcred created

Once I fixed the secret and membership on the project, the container started to build

/content/images/2022/07/codefresh-32.png

Then once the pods found their registry credential, they could launch

/content/images/2022/07/codefresh-33.png

We can see it’s serving traffic by looking at live logs

/content/images/2022/07/codefresh-34.png

Dashboards

From our Dashboard we can see the successful deployment

/content/images/2022/07/codefresh-35.png

we can go to Runtimes to add more clusters

/content/images/2022/07/codefresh-36.png

We can change namespace and/or cluster in the edit application page

/content/images/2022/07/codefresh-37.png

We can add more applications for the same repository, but a new cluster

/content/images/2022/07/codefresh-38.png

Next steps

They have a series of integrations already setup and a few “coming soon”

/content/images/2022/07/codefresh-39.png

Obviously, I care deeply about monitoring so adding Github integration (likely for PR flows) will be key as well as Datadog for monitoring.

JIRA

Let’s add a JIRA integration

/content/images/2022/07/codefresh-41.png

As mine is hosted, I’ll need to create an API token in the API Token section of user settings

/content/images/2022/07/codefresh-42.png

We can then use it in the Integration settings

/content/images/2022/07/codefresh-43.png

You can use Test Connection to see if the API token is valid and that Codefresh can connect

/content/images/2022/07/codefresh-44.png

The UI took a few to realize I had a new Integration. At first I thought my settings were eaten. But it just was a delay between saving and seeing it reflected in the Integrations area

/content/images/2022/07/codefresh-45.png

This integration really just applies to the Github Action and Codefresh CI pipeline, not Argo

Dockerhub

Let’s also add Dockerhub

/content/images/2022/07/codefresh-46.png

Like before, we enter a username and password (or token). We can Test Connection here as well

/content/images/2022/07/codefresh-47.png

Codefresh Github Action

For instance, there is a codefresh-report-image Github action

/content/images/2022/07/codefresh-40.png

Which can tie a Dockerhub image with JIRA and Codedfresh.

- name: report image by action
      with:
        CF_HOST: "https://my-runtime-url"
        CF_API_KEY: $
        
        #Codefresh Integrations to USE
        CF_CONTAINER_REGISTRY_INTEGRATION: "dockerhub"
        CF_JIRA_INTEGRATION: "jira"
    
        CF_IMAGE: $/my-image-name:tag
        
        CF_GITHUB_TOKEN: $
    
        #Jira issues that match
        CF_JIRA_MESSAGE: "CR-12293"
        CF_JIRA_PROJECT_PREFIX: "CR"
      uses: codefresh-io/codefresh-report-image@latest

From my examples above, that might easily look like:

- name: report image by action
      with:
        CF_HOST: "https://mr-62e3d9f588d8af3a8b8581d3-d6dd0e5.cf-cd.com"
        CF_API_KEY: $
        
        #Codefresh Integrations to USE
        CF_CONTAINER_REGISTRY_INTEGRATION: "mydockerhub"
        CF_JIRA_INTEGRATION: "hosted"
    
        CF_IMAGE: idjohnson/my-image-name:tag
        
        CF_GITHUB_TOKEN: $
    
        #Jira issues that match
        CF_JIRA_MESSAGE: "TPK-1234"
        CF_JIRA_PROJECT_PREFIX: "TPK"
      uses: codefresh-io/codefresh-report-image@latest

I can see the settings in the Github Actions Configuration page

/content/images/2022/07/codefresh-48.png

To use, I’ll add the secrets I don’t already have into my Github actions secrets area

/content/images/2022/07/codefresh-49.png

I also need to create a quick JIRA ticket to use for testing

/content/images/2022/07/codefresh-50.png

which will be TPK-2

/content/images/2022/07/codefresh-51.png

My Github Action now looks like (this does not match the image I’m building, ghrunner, but it’s just a test). The file itself is “testing-ghrunner.yml” so the modification should trigger the run.

name: GitHub Actions TEST
on:
  push:
    paths:
    - "**/testing-ghrunner.yml"

jobs:
  HostedActions:
    runs-on: self-hosted
    steps:
      - name: report image by action
        with:
          CF_HOST: "https://mr-62e3d9f588d8af3a8b8581d3-d6dd0e5.cf-cd.com"
          CF_API_KEY: $
          
          #Codefresh Integrations to USE
          CF_CONTAINER_REGISTRY_INTEGRATION: "mydockerhub"
          CF_JIRA_INTEGRATION: "hostedjira"
      
          CF_IMAGE: idjohnson/dockerwithtests2:latest
          
          CF_GITHUB_TOKEN: $
      
          #Jira issues that match
          CF_JIRA_MESSAGE: "TPK-2"
          CF_JIRA_PROJECT_PREFIX: "TPK"
        uses: codefresh-io/codefresh-report-image@latest

When completed, I did not see annotations or notes added in Github Pull Requests or SHAs. I saw nothing added in JIRA, however I do see information stored in Codefresh:

/content/images/2022/07/codefresh-54.png

Pricing

I do not see a way to upgrade in the UI, but I can see pricing on their pricing page

/content/images/2022/07/codefresh-53.png

I cannot really see a reason one would move from the current 10 user 1 pipeline account to a Team at $50/user/mo that just adds a bit more retention and one more runtime. I hope they rethink their offering since the only other choice is “Enterprise” with that magic “Call Us” price that I never will do.

Summary

We have signed up and created a Codefresh ArgoCD Project from scratch. We onboarded two clsuters and launched two different variants of a Docker with Tests repo. We looked at Dashboards and Integrations and explored the free/open-source project offering.

Overall, I was quite impressed with all that we get. To date, I have used Koncrete.dev when I needed a quick Argo CD demo. However they have a light wrapper around ArgoCD and just allow one application and cluster. I am not complaining at all - free is free. However, this new CF offering offers way more at the free tier.

It’s pretty clear from the various sections of the tool that they want you to start with the free tier and be won over to try the rest of their commercial products. For instance, if you want to add more than 10 users or more than one concurrent pipeline, you need to use a Team or Enterprise account

/content/images/2022/07/codefresh-52.png

I look forward to coming back and exploring their CI offering more.

argocd kubernetes gitops codefresh

Have something to add? Feedback? Try our new forums

Isaac Johnson

Isaac Johnson

Cloud Solutions Architect

Isaac is a CSA and DevOps engineer who focuses on cloud migrations and devops processes. He also is a dad to three wonderful daughters (hence the references to Princess King sprinkled throughout the blog).

Theme built by C.S. Rhymes