Published: Aug 2, 2022 by Isaac Johnson
Recently, Codefresh launched a hosted Gitops solution backed by ArgoCD. I became aware of their latest offering from TechCrunch who interviewed their COSO Dan Garfied. Codefresh first launched a GitOps solution based on ArgoCD back in 2020 but just rolled it out publicly now. While the company has it’s own CI solution, it’s easy to integrate with other CI frameworks.
Today we’ll look at Argo through Codefresh and what it offers at the free tier. We’ll set up a couple sample apps on a new K3s cluster and lastly look at multi-cluster deployments.
Go to Codefresh to sign up
We can use various AuthN methods such as Google or Github
The flow is pretty straightforward with a signup screen
However, boo! for not accepting .science domains. I had to use gmail instead.
Once signed up, we are presented with the dashboard. Our first step is to install the Codefresh runtime.
Then connect to a git provider, like Github
We need to authorize it (and to any organizations we wish to include)
Unlike other Argo offerings, Codefresh will store it’s actual configuration as code in a Github repo. Consider this an “Argo Configuration” repo.
Here we create a configuration repository
Which we can see reflected in Github
Next, we want to connect a cluster
Our first step is to install the CLI
Interestingly, the download for Windows was a tgz that I needed to use WSL to extract. I then needed to give it an “.exe” extension to run.
C:\Users\isaac\Downloads>cf-windows-amd64.exe config create-context codefresh --api-key asdfasfasfsadfasdfas.asdfasdfasdfsadfsadf level=info msg="New context created: \"codefresh\"" level=info msg="Switched to context: codefresh"
In WSL, the cf binary works the same
$ cf config create-context codefresh --api-key asdfasfasfsadfasdfas.asdfasdfasdfsadfsadf INFO New context created: "codefresh" INFO Switched to context: codefresh
We can then add a cluster with
cf cluster add codefresh-hosted
We see what was installed
$ cf cluster add codefresh-hosted ext77 INFO Building "add-cluster" manifests serviceaccount/argocd-manager-1659314524497 created clusterrole.rbac.authorization.k8s.io/argocd-manager-role-1659314524497 created clusterrolebinding.rbac.authorization.k8s.io/argocd-manager-role-binding-1659314524497 created configmap/csdp-add-cluster-cm-1659314524497 created secret/csdp-add-cluster-secret-1659314524497 created job.batch/csdp-add-cluster-job-1659314524497 created INFO Attempt #1/1 succeeded: ===== ServiceAccount: argocd-manager-1659314524497 Ingress URL: https://mr-62e3d9f588d8af3a8b8581d3-d6dd0e5.cf-cd.com Context Name: ext77 Server: https://220.127.116.11:25560 Found ServiceAccount secret argocd-manager-1659314524497-token-dpkks Cluster "18.104.22.168:25560" set. User "argocd-manager-1659314524497" set. Context "ext77" created. STATUS_CODE: 201 deleting token secret csdp-add-cluster-secret-1659314524497 secret "csdp-add-cluster-secret-1659314524497" deleted ===== cluster ext77 was added successfully to runtime codefresh-hosted
And now we can verify that cluster was added
Our next step is to add an application
Choose “Add Application” from the application menu
We give the app a name and YAML file. The next screen allows us to enter standard Argo details.
We can then decide where to save the Manifest file
We see that the application was added
I had errors since I hardcoded the “test” namespace on main. I changed the app and committed it
And now we can see it progressing (after I created the “test” namespace)
Now my error is around the lack of credentials (403) accessing my Azure CR
We can change branches to switch applications. Here I switched to the kaniko branch
we can see it sync
I can check the pod details for manifest
When it didn’t come up for a while, i went to the cluster to check on it.
We can see it’s due to my missing secret
$ kubectl describe pod kaniko -n test | tail -n 7 Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 7m11s default-scheduler Successfully assigned test/kaniko to isaac-macbookair Warning FailedMount 2m50s (x2 over 5m8s) kubelet Unable to attach or mount volumes: unmounted volumes=[kaniko-secret], unattached volumes=[kaniko-secret dockerfile-storage kube-api-access-jdkmf]: timed out waiting for the condition Warning FailedMount 59s (x11 over 7m11s) kubelet MountVolume.SetUp failed for volume "kaniko-secret" : secret "kanikoharborcred" not found Warning FailedMount 35s kubelet Unable to attach or mount volumes: unmounted volumes=[kaniko-secret], unattached volumes=[dockerfile-storage kube-api-access-jdkmf kaniko-secret]: timed out waiting for the condition
I need to copy over the missing secret
builder@DESKTOP-72D2D9T:~/Workspaces/jekyll-blog$ kubectx mac81 Switched to context "mac81". builder@DESKTOP-72D2D9T:~/Workspaces/jekyll-blog$ kubectl get secret kanikoharborcred -n test -o yaml > khc.test.yaml builder@DESKTOP-72D2D9T:~/Workspaces/jekyll-blog$ kubectx mac77 Switched to context "mac77". builder@DESKTOP-72D2D9T:~/Workspaces/jekyll-blog$ kubectl apply -f khc.test.yaml secret/kanikoharborcred created
Once I fixed the secret and membership on the project, the container started to build
Then once the pods found their registry credential, they could launch
We can see it’s serving traffic by looking at live logs
From our Dashboard we can see the successful deployment
we can go to Runtimes to add more clusters
We can change namespace and/or cluster in the edit application page
We can add more applications for the same repository, but a new cluster
They have a series of integrations already setup and a few “coming soon”
Obviously, I care deeply about monitoring so adding Github integration (likely for PR flows) will be key as well as Datadog for monitoring.
Let’s add a JIRA integration
As mine is hosted, I’ll need to create an API token in the API Token section of user settings
We can then use it in the Integration settings
You can use
Test Connection to see if the API token is valid and that Codefresh can connect
The UI took a few to realize I had a new Integration. At first I thought my settings were eaten. But it just was a delay between saving and seeing it reflected in the Integrations area
This integration really just applies to the Github Action and Codefresh CI pipeline, not Argo
Let’s also add Dockerhub
Like before, we enter a username and password (or token). We can
Test Connection here as well
Codefresh Github Action
For instance, there is a
codefresh-report-image Github action
Which can tie a Dockerhub image with JIRA and Codedfresh.
- name: report image by action with: CF_HOST: "https://my-runtime-url" CF_API_KEY: $ #Codefresh Integrations to USE CF_CONTAINER_REGISTRY_INTEGRATION: "dockerhub" CF_JIRA_INTEGRATION: "jira" CF_IMAGE: $/my-image-name:tag CF_GITHUB_TOKEN: $ #Jira issues that match CF_JIRA_MESSAGE: "CR-12293" CF_JIRA_PROJECT_PREFIX: "CR" uses: codefresh-io/codefresh-report-image@latest
From my examples above, that might easily look like:
- name: report image by action with: CF_HOST: "https://mr-62e3d9f588d8af3a8b8581d3-d6dd0e5.cf-cd.com" CF_API_KEY: $ #Codefresh Integrations to USE CF_CONTAINER_REGISTRY_INTEGRATION: "mydockerhub" CF_JIRA_INTEGRATION: "hosted" CF_IMAGE: idjohnson/my-image-name:tag CF_GITHUB_TOKEN: $ #Jira issues that match CF_JIRA_MESSAGE: "TPK-1234" CF_JIRA_PROJECT_PREFIX: "TPK" uses: codefresh-io/codefresh-report-image@latest
I can see the settings in the Github Actions Configuration page
To use, I’ll add the secrets I don’t already have into my Github actions secrets area
I also need to create a quick JIRA ticket to use for testing
which will be
My Github Action now looks like (this does not match the image I’m building, ghrunner, but it’s just a test). The file itself is “testing-ghrunner.yml” so the modification should trigger the run.
name: GitHub Actions TEST on: push: paths: - "**/testing-ghrunner.yml" jobs: HostedActions: runs-on: self-hosted steps: - name: report image by action with: CF_HOST: "https://mr-62e3d9f588d8af3a8b8581d3-d6dd0e5.cf-cd.com" CF_API_KEY: $ #Codefresh Integrations to USE CF_CONTAINER_REGISTRY_INTEGRATION: "mydockerhub" CF_JIRA_INTEGRATION: "hostedjira" CF_IMAGE: idjohnson/dockerwithtests2:latest CF_GITHUB_TOKEN: $ #Jira issues that match CF_JIRA_MESSAGE: "TPK-2" CF_JIRA_PROJECT_PREFIX: "TPK" uses: codefresh-io/codefresh-report-image@latest
When completed, I did not see annotations or notes added in Github Pull Requests or SHAs. I saw nothing added in JIRA, however I do see information stored in Codefresh:
I do not see a way to upgrade in the UI, but I can see pricing on their pricing page
I cannot really see a reason one would move from the current 10 user 1 pipeline account to a Team at $50/user/mo that just adds a bit more retention and one more runtime. I hope they rethink their offering since the only other choice is “Enterprise” with that magic “Call Us” price that I never will do.
We have signed up and created a Codefresh ArgoCD Project from scratch. We onboarded two clsuters and launched two different variants of a Docker with Tests repo. We looked at Dashboards and Integrations and explored the free/open-source project offering.
Overall, I was quite impressed with all that we get. To date, I have used Koncrete.dev when I needed a quick Argo CD demo. However they have a light wrapper around ArgoCD and just allow one application and cluster. I am not complaining at all - free is free. However, this new CF offering offers way more at the free tier.
It’s pretty clear from the various sections of the tool that they want you to start with the free tier and be won over to try the rest of their commercial products. For instance, if you want to add more than 10 users or more than one concurrent pipeline, you need to use a Team or Enterprise account
I look forward to coming back and exploring their CI offering more.