Skip to main content
Version: master

Argo CD

Loft provides several points of integration with Argo CD, a popular GitOps tool for Kubernetes. This Argo CD integration is designed to help users take advantage not just of the speed and ease of creating virtual clusters, but also of Argo CD for managing and deploying applications within those virtual clusters.

Argo CD integration is enabled on a per-project basis -- the project layer is where admins tell Loft where the Argo CD deployment lives. Once a project has been enabled for Argo CD integration, virtual clusters within that project can be selectively imported into Argo CD. Importing a virtual cluster means that the virtual cluster will show up as a registered cluster within Argo CD, that is, a valid destination to which Argo CD can deploy applications.

Loft also provides the ability to use Loft as an SSO provider for Argo CD to allow users to authenticate via Loft. After enabling this setting, users who browse to the Argo CD instance will see a button to login via Loft. All members of the project will be able to log in via Loft and gain access to Argo CD. For more information, see Configuring SSO

Finally, Loft Projects can be imported into Argo CD's App Projects. This is an advanced feature allowing users to set metadata fields to apply the Argo CD App Project object, Argo CD RBAC roles to apply, and an array of permissible source repositories that may be accessed within the project.

Enable Argo CD for the Project

To enable Argo CD for a Project and configure where the project's Argo CD instance is running, follow these instructions:

  1. Navigate to the Projects view using the menu on the left.
  2. Select the project you'd like to configure using the drop down menu.
  3. Click on Project Settings.
  4. Click on Argo CD
  5. Toggle the Enable Argo CD Integration switch to enable Argo CD for the project. Additional configuration options will appear.
  6. Under Where is Argo CD running? use the drop down to select whether Argo CD is installed on a cluster or on a virtual Cluster.
  7. In the Where is Argo CD running? input, select the cluster or virtual cluster where Argo CD is installed.
  8. In the ArgoCD Namespace input, type in the namespace where Argo CD is installed.
  9. Optionally, Enable SSO integration to login to your ArgoCD instance using Loft credentials. For more info, see the section Configuring SSO section below.

Import a Virtual Cluster into Argo CD

Importing a virtual cluster into Argo CD makes it available as a registered cluster in Argo CD. Once imported, Argo will be able to deploy and synchronize applications to the virtual cluster.

To import a virtual cluster into Argo CD in a project with Argo CD enabled

  1. Navigate to the Projects view using the menu on the left.
  2. Select the project you'd like to configure using the drop down menu.
  3. Click on Virtual Clusters.
  4. Toggle the Add to Argo CD slider to import the virtual cluster.
Import when creating the virtual cluster

When creating virtual clusters within an Argo CD enabled project, you may also select the Add to Argo CD slider in the Argo CD section of the create window.

Manually Importing the virtual cluster

Virtual clusters can be manually set to be imported into Argo CD (when in an Argo CD enabled project) by setting the loft.sh/import-argocd label to true.

Syncing labels to the cluster secret of the imported virtual cluster

Loft will sync all labels applied to the virtualclusterinstance to the cluster secret for this virtual cluster in ArgoCD. Based on this the applicationsets can identify the clusters into which to deploy the applications.

Configuring SSO

This allows users to login to the ArgoCD instance using their Loft credentials.

Loft Host Config Required

This requires loftHost key to be configured first. See docs under Admin > Config. This is sometimes taken care of while setting up the domain and configuring Extrernal Access. The loft domain must be resolvable from the ArgoCD instance and the browsers of any user logging in via this method.

  1. From the Argo CD tab under Project Settings, toggle the Enable SSO Integration. Additional configuration options will appear
  2. In the ArgoCD Url input, add the URL where ArgoCD is available. This URL must be publicly resolvable.
  3. Under Assigned Roles, use the drop down to select the Argo CD roles that Loft will assign to members when logging in to Argo CD via SSO

Disable the Argo CD Integration

You may disable the Argo CD integration at a per virtual cluster or per project level by toggling the same sliders used to enable it. Disabling the integration at the virtual cluster level simply removes it as a registered cluster in Argo CD. Disabling the integration at the project level removes all virtual clusters from Argo CD, so be careful when disabled Argo at this level.