By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Access ArgoCD Web UI using Ingress Controller on EC2 Windows server

0

Hi AWS, I am trying to access ArgoCD Web UI using Ingress Controller and I did it on a Windows machine. The way I am deploying both ArgoCD and Ingress Controller is through Helm charts. The steps I performed so far:

  1. Create a cluster using kind kind create cluster --name=argocd-poc kubectl config set-context kind-argocd-poc kubectl config use-context kind-argocd-poc

  2. Install ArgoCD using Helm Chart a. Add ArgoCD repo: helm repo add argo https://argoproj.github.io/argo-helm b. List the Helm repo: helm repo list c. Convert the argo-cd Helm chart to a Kubernetes manifest : helm template argo argo/argo-cd --output-dir argocd-manifests d. Customize Helm Chart Configuration Values

values.yaml

server:
  service:
    type: NodePort
    nodePortHttp: 30080
    nodePortHttps: 30443

e. Deploy Argo CD
  `kubectl create ns argocd`
   `helm install --values values.yaml argocd argo/argo-cd --namespace argocd`

f. On a successfull deployment, we should see the following output as attached in the screenshot 1. The command I ran is `kubectl get all -n argocd`.

Screenshot 1

g. Then I tried to access ArgoCD Web UI using port forwarding: `kubectl port-forward svc/argocd-server -n argocd 8080:443` and I was able to access it using the username `admin` and password generated using the command `kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 --decode ; echo` as shown in the screenshot 2.

Screenshot 2

  1. Install Ingress Controller using Helm a. Add the Helm repo: helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx b. Create the namespace for the Ingress controller: kubectl create ns ingress-nginx c. Install the Controller using the repo added above: helm install ingress-nginx ingress-nginx/ingress-nginx -n ingress-nginx
    d. On a successfull deployment, we should see the following output as attached in the screenshot 3.

Screenshot 3

  1. I updated values.yaml file created in Step 2 and added code for Ingress resource object and now the updated values.yaml file looks like:
server:
  service:
    type: NodePort
    nodePortHttp: 30080
    nodePortHttps: 30443
  extraArgs:
    - --insecure
  ingress:
    enabled: true
    ingressClassName: nginx
    annotations:
      nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
      nginx.ingress.kubernetes.io/ssl-redirect: "false"
      nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
      nginx.ingress.kubernetes.io/ssl-passthrough: "false"
    hosts:
      - localhost
    paths:
      - /
    pathType: Prefix

configs:
  params:
    server.insecure: true

NOTE: Nor the DNS record neither TLS secret is created. I used localhost as host as the Windows server is private.

Then I ran the following command: helm upgrade argocd argo/argo-cd -n argocd -f values.yaml and got the output as shown in the screenshot 4.

Screenshot 4

  1. After that I checked the ingress in the namespace argocd using the kubernetes command kubectl get ingress -n argocd and got this output
NAME            CLASS   HOSTS                ADDRESS   PORTS   AGE
argocd-server   nginx   argocd.example.com             80      60s

  1. Then I checked the Ingress Controller pod using the set of commands and got the output mentioned below.

    a. kubectl get pods -n ingress-nginx

   NAME                                        READY   STATUS    RESTARTS   AGE
   ingress-nginx-controller-6df48c5677-lst68   1/1     Running   0          17m

b. kubectl logs ingress-nginx-controller-6df48c5677-lst68 -n ingress-nginx

   -------------------------------------------------------------------------------
   NGINX Ingress controller
     Release:       v1.11.3
     Build:         0106de65cfccb74405a6dfa7d9daffc6f0a6ef1a
     Repository:    https://github.com/kubernetes/ingress-nginx
     nginx version: nginx/1.25.5

   -------------------------------------------------------------------------------

   W1015 16:13:40.500280      10 client_config.go:659] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not 
   work.
   I1015 16:13:40.500921      10 main.go:205] "Creating API client" host="https://10.96.0.1:443"
   I1015 16:13:40.512192      10 main.go:248] "Running in Kubernetes cluster" major="1" minor="29" git="v1.29.2" state="clean" 
   commit="4b8e819355d791d96b7e9d9efe4cbafae2311c88" platform="linux/amd64"
   I1015 16:13:40.621711      10 main.go:101] "SSL fake certificate created" file="/etc/ingress-controller/ssl/default-fake-certificate.pem"
   I1015 16:13:40.650114      10 ssl.go:535] "loading tls certificate" path="/usr/local/certificates/cert" key="/usr/local/certificates/key"
   I1015 16:13:40.666316      10 nginx.go:271] "Starting NGINX Ingress controller"
   I1015 16:13:40.679800      10 event.go:377] Event(v1.ObjectReference{Kind:"ConfigMap", Namespace:"ingress-nginx", Name:"ingress-nginx- 
  controller", UID:"00bb0539-3529-4fd8-a734-d0a4aa329d68", APIVersion:"v1", ResourceVersion:"2050", FieldPath:""}): type: 'Normal' reason: 'CREATE' 
   ConfigMap ingress-nginx/ingress-nginx-controller
   I1015 16:13:41.866452      10 nginx.go:317] "Starting NGINX process"
   I1015 16:13:41.866622      10 leaderelection.go:254] attempting to acquire leader lease ingress-nginx/ingress-nginx-leader...
   I1015 16:13:41.867284      10 nginx.go:337] "Starting validation webhook" address=":8443" certPath="/usr/local/certificates/cert" 
   keyPath="/usr/local/certificates/key"
   I1015 16:13:41.867615      10 controller.go:193] "Configuration changes detected, backend reload required"
   I1015 16:13:41.884155      10 leaderelection.go:268] successfully acquired lease ingress-nginx/ingress-nginx-leader
   I1015 16:13:41.884294      10 status.go:85] "New leader elected" identity="ingress-nginx-controller-6df48c5677-lst68"
   I1015 16:13:41.933110      10 controller.go:213] "Backend successfully reloaded"
   I1015 16:13:41.933250      10 controller.go:224] "Initial sync, sleeping for 1 second"
   I1015 16:13:41.933389      10 event.go:377] Event(v1.ObjectReference{Kind:"Pod", Namespace:"ingress-nginx", Name:"ingress-nginx-controller- 
  6df48c5677-lst68", UID:"726459a6-ec0b-49a8-8088-91bfcbb256da", APIVersion:"v1", ResourceVersion:"2079", FieldPath:""}): type: 'Normal' reason: 
  'RELOAD' NGINX reload triggered due to a change in configuration
   I1015 16:18:50.960604      10 main.go:107] "successfully validated configuration, accepting" ingress="argocd/argocd-server"
   I1015 16:18:50.975143      10 store.go:440] "Found valid IngressClass" ingress="argocd/argocd-server" ingressclass="nginx"
   I1015 16:18:50.977056      10 controller.go:193] "Configuration changes detected, backend reload required"
   I1015 16:18:50.982852      10 event.go:377] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"argocd", Name:"argocd-server", UID:"a8a060fe- 
  8b28-4044-a624-bc20b1aac849", APIVersion:"networking.k8s.io/v1", ResourceVersion:"2717", FieldPath:""}): type: 'Normal' reason: 'Sync' Scheduled 
   for sync
   I1015 16:18:51.114048      10 controller.go:213] "Backend successfully reloaded"
   I1015 16:18:51.114460      10 event.go:377] Event(v1.ObjectReference{Kind:"Pod", Namespace:"ingress-nginx", Name:"ingress-nginx-controller- 
   6df48c5677-lst68", UID:"726459a6-ec0b-49a8-8088-91bfcbb256da", APIVersion:"v1", ResourceVersion:"2079", FieldPath:""}): type: 'Normal' reason: 
   'RELOAD' NGINX reload triggered due to a change in configuration
  1. Then I checked the Node IP using Kubernetes command: kubectl get nodes -o wide
NAME                            STATUS   ROLES           AGE   VERSION   INTERNAL-IP   EXTERNAL-IP   OS-IMAGE                         KERNEL-VERSION                     CONTAINER-RUNTIME
argocd-bootcamp-control-plane   Ready    control-plane   53m   v1.29.2   172.19.0.2    <none>        Debian GNU/Linux 12 (bookworm)   5.15.133.1-microsoft-standard-WSL2   containerd://1.7.13

But while I was trying to access ArgoCD using http://172.19.0.2: 80, where 172.19.0.2 is the INTERNAL-IP, I am getting the error the site is not reached as shown in screenshot below.

Screenshot 5

Please suggest.

Topics
ContainersCompute
Tags
ContainersKubernetesWindows
Language
English
profile picture
arglaws1995
asked 7 months ago511 views
1 Answer
0

Based on the information provided, there are a few issues that need to be addressed to successfully access the ArgoCD Web UI using the Ingress Controller on your EC2 Windows server:

  1. Ingress Host Configuration: In your values.yaml file, you've set the host to "localhost". However, when you check the ingress, it shows "argocd.example.com". This mismatch could be causing issues. Update your values.yaml to use a consistent hostname, preferably one that resolves to your EC2 instance's IP address.

  2. Node IP Accessibility: The internal IP (172.19.0.2) you're trying to access is likely not directly reachable from your Windows machine. This IP is internal to the Kubernetes cluster running in Kind.

  3. Port Configuration: Your ingress is configured for port 80, but you're not specifying a port in your access URL. Try using port 30080 or 30443, which you've configured as NodePorts in your ArgoCD service.

  4. Windows and Kind Interaction: Running Kind on Windows can sometimes lead to networking complexities. The Kubernetes nodes are running inside Docker, which is running inside WSL2, creating multiple network layers.

To resolve these issues and access ArgoCD, try the following:

  1. Update your values.yaml file to use a consistent hostname, such as "argocd.local" or your EC2 instance's public DNS name.

  2. Update your local hosts file (C:\Windows\System32\drivers\etc\hosts) to map this hostname to 127.0.0.1.

  3. Use port forwarding to expose the Ingress Controller's NodePort to your Windows host: kubectl port-forward -n ingress-nginx service/ingress-nginx-controller 8080:80

  4. Access ArgoCD using the URL: http://argocd.local:8080 (or whatever hostname you've configured)

If you're still unable to access ArgoCD, you may need to check your EC2 instance's security group to ensure the necessary ports are open, and verify that your Windows firewall isn't blocking the connection.

Remember that running Kubernetes in Kind on Windows is primarily for development and testing. For production use, consider using a managed Kubernetes service like Amazon EKS, which would simplify many of these networking complexities.
Sources
Argo CD Application Controller Scalability Testing on Amazon EKS | AWS Open Source Blog
How to Enable Secure Self-Service Amazon EKS Cluster Provisioning with ArgoCD, Kyverno, and Nirmata Policy Manager | AWS Partner Network (APN) Blog
Community | mTLS in Amazon EKS Fargate with NGINX Ingress Controller and ACM PCA
Community | mTLS in Amazon EKS Fargate with NGINX Ingress Controller and ACM PCA
Install AWS Load Balancer Controller with Helm - Amazon EKS

profile picture
re:Post Agent
answered 7 months ago
  • arglaws1995
    7 months ago

    Can an expert from AWS community review this and help me out?

  • Gary Mclean EXPERT
    7 months ago

    As Per AI, 172.19.0.2 is a private internal IP only and cant be accessed across the internet. you need a public IP

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content