Set the logs free for your Sitecore developers in Kubernetes using ArgoCD

Posted on by gorhal

Hello friends! I hope you are all good out there and are enjoying life 😀

I just watched an episode from the lovely series Ted Lasso.

If you are a football fan, you have to watch it. Football is life 😉

Before we start… Don’t forget the big event in Boston next week – Sitecore DX 2023 Boston

Let’s continue with today’s post 🙂

Today’s theme is all about logs – Set the logs free!

When working in a Kubernetes cluster it’s important to have logs available for the developers, especially in dev, test, and stage environments.

How can we make the logs available for the developers? There are many ways how to access logs in Kubernetes 🙂

However, I found a wonderful gem for accessing logs; I’m talking about ArgoCD. Yes, ArgoCD is used for deploying manifests to Kubernetes – GitOps (pulling changes from Git)

But… It’s also great for reading logs 🙂 

ArgoCD has a great CLI tool. Guess what you can do with it? Yes, you guessed correctly 🙂 Read logs!

The idea is this. We will let the developers access the pod logs using ArgoCD’s CLI tool.

*I will not go through how to setup ArgoCD, but it’s very straightforward – Getting Started

Let’s begin 🙂

First up is to create a user and set up read access in ArgoCD to some selected pods. This means we will create a new user => sitecoredevs and give it read access to some pods.

To add a user, we will have to grab argocd-cm (Configmap) from the Kubernetes cluster:

kubectl get configmap argocd-cm -n argocd -o yaml > argocd-cm.yaml

And here is the file:

apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-cm
  namespace: argocd
  labels:
    app.kubernetes.io/name: argocd-cm
    app.kubernetes.io/part-of: argocd

We will add a “Data” section and add the new user, let’s call it sitecoredevs:

data:
  accounts.sitecoredevs: apiKey, login

Here is the updated file:

apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-cm
  namespace: argocd
  labels:
    app.kubernetes.io/name: argocd-cm
    app.kubernetes.io/part-of: argocd
  data:
    accounts.sitecoredevs: apiKey, login

Next, we will apply the changes in Kubernetes by running the following:

kubectl apply -f argocd-cm.yml

The next step is to set the password to the new user. We will use the ArgoCD Cli tool for this.

Let’s download the CLI tool. You can follow the instructions in the docs => https://argo-cd.readthedocs.io/en/stable/cli_installation/

Or install it using chocolatey => choco install argocd-cli

Verify that it works by logging in to ArgoCD with the following command:

.\argocd-windows-amd64.exe login <hostname to ArgoCD> --username admin --grpc-web-root-path /

Cool! We are logged in as administrators. It is time to set the password for the new user with the following command:

.\argocd-windows-amd64.exe account update-password --account sitecoredevs --new-password <a password>

Now for the roles(RBAC), we will create a new role => “dev” and assign it to the new user.
Let’s grab argcd-rbac (RBAC ConfigMap): 

kubectl get configmap argocd-rbac-cm -n argocd -o yaml > argocd-rbac.yml

Here is the file:

apiVersion: v1
kind: ConfigMap
metadata:
  labels:
    app.kubernetes.io/name: argocd-rbac-cm
    app.kubernetes.io/part-of: argocd
  name: argocd-rbac-cm
  namespace: argocd

We will update the ConfigMap file with a “Data” section. Now we can add the new role “dev” and give it read(get) permission to the pods(CM, CD, all the ssr and nextjs pods)

data:
  policy.csv: |
    p, role:dev, applications, get, <your namespace>/pods-cm, allow
    p, role:dev, applications, get, <your namespace>/pods-cd, allow
    p, role:dev, applications, get, <your namespace>/ssrproxy-*, allow
    p, role:dev, applications, get, <your namespace>/nextjsproxy-*, allow
    g, sitecoredevs, role:dev
  policy.default: role:''

*the g, sitecoredevs, role:dev will assign the “dev” role to the new user “sitecoredevs”

Let’s apply the RBAC config map by running the following command:

kubectl apply -f argcd-rbac.yml

Wonderful!

Let us try it out 🙂 We will log in with the sitecoredevs user and grab the logs from the CM pod:

.\argocd-windows-amd64.exe login <hostname to ArgoCD> --insecure --username sitecoredevs --password <a password> --grpc-web-root-path /
.\argocd-windows-amd64.exe app logs pods-cm --follow

Success 🙂


To make it easier for the developers, we will use bat files. A bat file for each pod:

TestGetCDLog.bat
TestGetCMLog.bat
TestGetNextJsApp1Log.bat
TestGetNextJsApp2Log.bat

Here is an example of a bat file for viewing logs from CD:

.\argocd-windows-amd64.exe login <hostname to ArgoCD> --insecure --username sitecoredevs --password <a password> --grpc-web-root-path /
.\argocd-windows-amd64.exe app logs pods-cd --follow

Now the developers just have to click on the bat files to read the logs!

That’s all for now folks 😊

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.