how to enable public access to Argo CD - Container Service for Kubernetes

To use Argo CD to submit or access applications in an associated cluster of Distributed Cloud Container Platform for Kubernetes (ACK One), you need to enable public access to Argo CD. This topic describes how to enable public access to Argo CD on a Fleet instance.

Prerequisites

The Fleet management feature is enabled. For more information, see Enable multi-cluster management.
Two clusters (the service provider cluster and service consumer cluster) are associated with the Fleet instance. For more information, see Associate clusters with a Fleet instance.
The kubeconfig file of the Fleet instance is obtained in the Distributed Cloud Container Platform for Kubernetes (ACK One) console and a kubectl client is connected to the Fleet instance.
Enable GitOps for the Fleet instance in ACK One.
Alibaba Cloud CLI 3.0.172 or later is installed and credentials are configured.

Enable public access to Argo CD

Use the console

Log on to the ACK One console. In the left-side navigation pane, choose Fleet > Multi-cluster Applications.
On the Multi-cluster Applications page, click Access Control.
In the dialog box that appears, turn on Enable Access Control and enter the public IP address or CIDR block of the user agent into the Access Control field.
Note
- The public IP address or CIDR block of the user agent can access Argo CD over the Internet only after you add it to the access control list.
- You can run the curl ifconfig.me command to query the public IP address of the user agent or contact the network administrator to obtain the public IP address.
- Separate multiple IP addresses or CIDR blocks with carriage returns. You can add up to 50 IP addresses or CIDR blocks.
Click OK.

Use the CLI

Run the following command to query the basic information about the cluster and record the cluster ID.
```
aliyun adcp DescribeHubClusters
```
Run the following command to query the public IP address of the user agent.
For security purposes, you need to allow only the specified public CIDR block to access Argo CD over the Internet.
You can run the following command to query the public IP address of the user agent or contact the network administrator to obtain the public IP address.
```
curl ifconfig.me
```
Run the following command to enable public access to Argo CD and configure access control.
For example, if the public CIDR block of the user agent is 10.100.XX.XX/24, run the following command to allow the CIDR block to access the Argo CD UI over the Internet.
```
aliyun adcp UpdateHubClusterFeature --RegionId regionId --ClusterId **** --PublicAccessEnabled true --AccessControlList "[\"10.100.XX.XX/24\"]" --ArgoCDEnabled true 
```

Access Argo CD

After public access to Argo CD is enabled, you can click GitOps Console on the Multi-cluster Applications page to quickly access Argo CD.