Skip to main content

GitOps-Driven Management of VKS Clusters: Enabling GitOps on VCF 9.0 (Part 03)

 

GitOps-Driven Management of VKS Clusters: Enabling GitOps on VCF 9.0 (Part 03)


In the Part-02 blog, we walked through the process of deploying an Argo CD instance within a vSphere Namespace on VMware Cloud Foundation (VCF) 9.0, enabling a GitOps-based approach to manage Kubernetes workloads in a vSphere environment. With Argo CD successfully installed, we now have a powerful toolset to drive declarative infrastructure and application delivery.

In this blog post, we’ll take the next step by demonstrating how to provision and manage VKS clusters directly through the Argo CD UI and CLI. This allows us to fully operationalise GitOps within the private cloud, delivering consistency, scalability, and automation across the Kubernetes lifecycle.

Importance of Managing the Kubernetes Cluster with a Gitops Approach

Adopting a GitOps-based approach for managing Kubernetes clusters enables declarative, version-controlled, and automated operations by leveraging Git as the source of truth for the desired cluster state.

All Kubernetes manifests — including deployments, services, and configuration — are stored and versioned in a Git repository, allowing infrastructure changes to follow the same review, approval, and rollback processes as application code. By decoupling deployments from imperative cluster creation and manual interventions, GitOps delivers a scalable, consistent, and repeatable operational model for Kubernetes across development, staging, and production environments.

Foundational Guide to Deploying and Operating VKS via Argo CD

  • Supervisor Cluster:- Ensure the vSphere Supervisor Cluster is enabled and in a healthy state.
  • Argo CD Operator + Argo CD instance:- Argo CD Operator and instance must be active and in a healthy state within the Supervisor Cluster.
  • CLI:- Ensure the Argo CD CLI and the kubectl / VCF are installed on the bootstrap node.
  • Git Repository Access:- Make sure a Git repository is available to store the configuration YAML files and is accessible from the Supervisor Cluster. This repository will serve as the source of truth for all your GitOps-driven deployments.

Here we will cover two key scenarios to showcase the full potential of Argo CD in managing VMware Kubernetes Clusters (VKS)

  1. Provisioning a new VKS cluster using the Argo CD CLI.
  2. Creating a new VKS cluster through the Argo CD UI for a more visual and user-friendly approach.

Attaching vSphere Namespace on Supervisor to ArgoCD

As the Supervisor Cluster serves as the management plane for overseeing the lifecycle of workload clusters, we will now attach all relevant vSphere namespaces that need to be managed by the Argo CD instance.


 ****** Login to the Supervisor Cluster *********

# kubectl vsphere login --server xx.xx.xx.xx --vsphere-username administrator@vsphere.local --insecure-skip-tls-verify

Password:
Logged in successfully.

You have access to the following contexts:
   carbon
   svc-argocd-service-domain-c10

*** Login to the Argo CD CLI ******

# argocd login 192.168.30.10 --insecure
Username: admin
Password:

'admin: login' logged in successfully


****** Attach the vSphere Namespace on the Supervisor to the ArgoCD Instance ****

# argocd cluster add <supervisor-vip-ip> --namespace <namespace>

WARNING: This will create a service account `argocd-manager` on the cluster referenced by context `xx.xx.xx.xx` with full namespace-level privileges. Do you want to continue [y/N]? y
supervisor cluster
--system-namespace is not supported when it is Supervisor Cluster, we will create serviceaccount argocd-manager in ArgoCD namespace kubernetes resource management
Start permission checking for managing namespace of Supervisor Cluster
INFO[0009] ServiceAccount "argocd-manager" created in namespace "xxxxx"
INFO[0009] RoleBinding "xxxx/xxxx-argocd-manager-role-binding" created
INFO[0009] Created bearer token secret for ServiceAccount "argocd-manager"
Namespace <xxxxxxx>from Cluster 'https://xx.xx.xx.xx:443' added

Provisioning VKS Clusters via Argo CD CLI

To streamline and automate cluster lifecycle operations, we can create VKS (VMware Kubernetes Service) clusters directly using the Argo CD CLI. This approach enables declarative management of cluster resources, making it easier to integrate cluster creation into GitOps workflows. By leveraging Argo CD’s CLI capabilities, we can define and deploy cluster configurations stored in Git repositories, ensuring consistent and repeatable cluster provisioning.

To create a workload cluster YAML file, refer to the Workload Cluster Creation YAML guide. This resource provides detailed information on the required parameters and associated options, which can be used to define and customise your workload cluster configuration effectively.

In this example, I’ve created a sample workload cluster YAML file and uploaded it to GitHub. This file will be used to demonstrate the creation of clusters using both the Argo CD CLI and UI.


*** Argo CD command line to create the application using CLI *******

# argocd app create vks-cli --repo https://github.com/xxxxxx/vks-argocd-cluster.git --path create-tkg-cluster-yaml-files --dest-server https://<supervisor-ip>:443 --dest-namespace carbon --sync-policy automated

application 'vks-cli' created


**** Verifying the application status ********


# argocd app list
NAME            CLUSTER                   NAMESPACE  PROJECT  STATUS  HEALTH   SYNCPOLICY  CONDITIONS  REPO                                                       PATH                           TARGET
carbon/vks-cli  https://xx.xx.xx.xx:443  carbon      default  Synced  Healthy  Auto        <none>      https://github.com/xxxxxx/vks-argocd-cluster.git  create-tkg-cluster-yaml-files

The Application will start to create on the UI.

Press enter or click to view image in full size

VKS clusters provisioned successfully.

Press enter or click to view image in full size
Kubernetes Clusters created successfully & managed by the ArgoCD instance

Provisioning VKS Clusters via Argo CD UI

Argo CD’s intuitive web-based UI makes it simple to provision VKS (VMware Kubernetes Service) clusters with minimal manual effort. By linking your Git repository that contains the workload cluster YAML definitions, you can visually manage and deploy clusters directly from the Argo CD dashboard. The UI allows you to select the appropriate project, set synchronization policies, and monitor the deployment status in real time. This user-friendly interface is ideal for teams who prefer a visual approach to GitOps while still benefiting from automated, declarative cluster management.

  • Log in to Argo CD UI
Press enter or click to view image in full size
  • Click on “Settings” → “ Repositories” → “Connect Repo”. Enter the details and click Connect, and then click “ Create”.
Press enter or click to view image in full size
Connecting the repository to the ArgoCD instance
Press enter or click to view image in full size
Github repo successfully connected
  • Click on “Application” → “New App” & Enter the details as shown below
Press enter or click to view image in full size
Press enter or click to view image in full size
Press enter or click to view image in full size
Application created successfully and synced

VKS clusters provisioned successfully.

Press enter or click to view image in full size
VKS Clusters created successfully & managed by the ArgoCD instance

Conclusion

In this blog, we explored how integrating Argo CD with VMware Kubernetes Service (VKS) enables a robust and flexible GitOps workflow for managing both cluster lifecycles and application deployments. Whether you prefer the automation of the CLI or the visual simplicity of the UI, Argo CD ensures consistent, repeatable, and version-controlled operations throughout your vSphere environment.

In the next blog, we’ll dive into more advanced topics, including integrating Argo CD with an OIDC provider for authentication and configuring Argo CD to use a custom certificate for secure access.

Comments

Post a Comment

Popular posts from this blog

Quick Guide to VCF Automation for VCD Administrators

  Quick Guide to VCF Automation for VCD Administrators VMware Cloud Foundation 9 (VCF 9) has been  released  and with it comes brand new Cloud Management Platform –  VCF Automation (VCFA)  which supercedes both Aria Automation and VMware Cloud Director (VCD). This blog post is intended for those people that know VCD quite well and want to understand how is VCFA similar or different to help them quickly orient in the new direction. It should be emphasized that VCFA is a new solution and not just rebranding of an old one. However it reuses a lot of components from its predecessors. The provider part of VCFA called Tenenat Manager is based on VCD code and the UI and APIs will be familiar to VCD admins, while the tenant part inherist a lot from Aria Automation and especially for VCD end-users will look brand new. Deployment and Architecture VCFA is generaly deployed from VCF Operations Fleet Management (former Aria Suite LCM embeded in VCF Ops. Fleet Management...
Post a Comment
Read more
  Issue with Aria Automation Custom form Multi Value Picker and Data Grid https://knowledge.broadcom.com/external/article?articleNumber=345960 Products VMware Aria Suite Issue/Introduction Symptoms: Getting  error " Expected Type String but was Object ", w hen trying to use Complex Types in MultiValue Picker on the Aria for Automation Custom Form. Environment VMware vRealize Automation 8.x Cause This issue has been identified where the problem appears when a single column Multi Value Picker or Data Grid is used. Resolution This is a known issue. There is a workaround.  Workaround: As a workaround, try adding one empty column in the Multivalue picker without filling the options. So we can add one more column without filling the value which will be hidden(there is a button in the designer page that will hide the column). This way the end user will receive the same view.  
Post a Comment
Read more
  "Cloud zone insights not available yet, please check after some time" message on Aria Automation https://knowledge.broadcom.com/external/article?articleNumber=314894 Products VMware Aria Suite Issue/Introduction Symptoms: The certificate for Aria operations has been replaced since it was initially added to Aria Automation as an integration. When accessing the Insights pane under  Cloud Assembly  ->  Infrastructure  ->  Cloud Zone  ->  Insights  the following message is displayed:   "Cloud zone insights not available yet, please check after some time." The  /var/log/services-logs/prelude/hcmp-service-app/file-logs/hcmp-service-app.log  file contains ssl errors similar to:   2022-08-25T20:06:43.989Z ERROR hcmp-service [host='hcmp-service-app-xxxxxxx-xxxx' thread='Thread-56' user='' org='<org_id>' trace='<trace_id>' parent='<parent_id>' span='<span_id>'] c.v.a.h.a.common.AlertEnu...
Post a Comment
Read more