ArgoCD initial authentication workflow¶

This document outlines the steps to establish the first connection to a newly installed ArgoCD instance. The workflow primarily involves retrieving an automatically generated initial password for the default administrator account.

Prerequisites¶

Before attempting to authenticate, the ArgoCD instance must be installed into the Kubernetes cluster and accessible via the UI or CLI.^[400-devops__04-CI-CD-Pipelines__k8s-argocd__argocd-app-config__README.md]

Installation: ArgoCD is typically installed into its own namespace (commonly argocd) using the official manifests.^[400-devops__04-CI-CD-Pipelines__k8s-argocd__argocd-app-config__README.md]
Access: The UI or API is accessed via port-forwarding, for example, by forwarding the argocd-server service.^[400-devops__04-CI-CD-Pipelines__k8s-argocd__argocd-app-config__README.md]

Initial Admin Password¶

By default, ArgoCD creates a user named admin.^[400-devops__04-CI-CD-Pipelines__k8s-argocd__argocd-app-config__README.md] The password for this account is not manually set during installation but is stored as a Kubernetes Secret named argocd-initial-admin-secret.^[400-devops__04-CI-CD-Pipelines__k8s-argocd__argocd-app-config__README.md]

To log in for the first time, this secret must be retrieved and decoded.

Retrieval Command¶

The following command is used to extract the password from the Kubernetes Secret, decode it from Base64, and display it in the terminal:

[kubectl](<./kubectl.md>) -n [ArgoCD](<./argocd.md>) get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 --decode && echo

^[400-devops__04-CI-CD-Pipelines__k8s-argocd__argocd-app-config__README.md]

Post-Authentication¶

Once logged in, it is standard security practice to delete the initial admin secret or change the password to ensure the credentials remain secure.^[400-devops__04-CI-CD-Pipelines__k8s-argocd__argocd-app-config__README.md]

Kubernetes
[[Secrets management]]

Sources¶