Skip to content

ArgoCD server service configuration

The ArgoCD API server is exposed within the cluster through a Service named argocd-server residing in the argocd namespace^[400-devops__04-CI-CD-Pipelines__ArgoCD.md#L31-32]. By default, this service might not be externally accessible; network access can be enabled by modifying its specification^[400-devops__04-CI-CD-Pipelines__ArgoCD.md#L31-32].

Access methods

Two primary methods are available for accessing the ArgoCD server: LoadBalancer or Port Forward^[400-devops__04-CI-CD-Pipelines__ArgoCD.md#L31-32].

LoadBalancer

To expose the service externally via a cloud provider's load balancer, the service type must be changed to LoadBalancer^[400-devops__04-CI-CD-Pipelines__ArgoCD.md#L31-32]. This is achieved using the kubectl patch command:

[kubectl](<./kubectl.md>) patch svc argocd-server -n [ArgoCD](<./argocd.md>) -p '{"spec": {"type": "LoadBalancer"}}'
^[400-devops__04-CI-CD-Pipelines__ArgoCD.md#L31-32]

Port Forward

For local or temporary access, kubectl port-forward can be used to map a local port to the service's secure port^[400-devops__04-CI-CD-Pipelines__ArgoCD.md#L31-32].

[kubectl](<./kubectl.md>) port-forward svc/argocd-server -n [ArgoCD](<./argocd.md>) 8080:443
^[400-devops__04-CI-CD-Pipelines__ArgoCD.md#L31-32]

This command forwards local port 8080 to port 443 (HTTPS) on the argocd-server service^[400-devops__04-CI-CD-Pipelines__ArgoCD.md#L31-32].

Initial authentication

Upon initial deployment, ArgoCD generates a random password for the admin user, stored in a secret named argocd-initial-admin-secret^[400-devops__04-CI-CD-Pipelines__ArgoCD.md#L33-34]. The password can be retrieved and decoded using the following command^[400-devops__04-CI-CD-Pipelines__ArgoCD.md#L33-34]:

[kubectl](<./kubectl.md>) -n [ArgoCD](<./argocd.md>) get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo
^[400-devops__04-CI-CD-Pipelines__ArgoCD.md#L33-34]

Sources

^[400-devops__04-CI-CD-Pipelines__ArgoCD.md]