雲原生之旅
2022-11-20 12:01:00
前言
Argo CD 是一款基於 kubernetes 的宣告式的Gitops 持續部署工具。
- 應用程式定義、設定和環境都是宣告式的,並受版本控制
- 應用程式部署和生命週期管理都是自動化的、可審計的,並且易於理解。
本文使用 ArgoCD + Kustomize 實現自動化部署Kubernetes工作流。
## 本文同步發表於知乎 https://zhuanlan.zhihu.com/p/584881969
安裝 Argo CD
kubectl create namespace argocd kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
命令列工具 Argo CD CLI
MacOS 安裝
brew install argocd
存取 Argo CD
Option 1: Service Type Load Balancer
You can change Service Type to Load Balancer
kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "LoadBalancer"}}'
Option 2: (Recommend) 使用 Gateway
1. 使用 Ingress-nginx 可參考 雲原生之旅 - 8)雲原生時代的閘道器 Ingress Nginx
# Ingress-Nginx installed first
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
ingress.kubernetes.io/force-ssl-redirect: "true"
ingress.kubernetes.io/ssl-redirect: "true"
kubernetes.io/ingress.class: nginx
# If you encounter a redirect loop or are getting a 307 response code
# then you need to force the nginx ingress to connect to the backend using HTTPS.
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" # argocd backend using HTTPS
# face to internet, recommend update to restrict access
nginx.ingress.kubernetes.io/whitelist-source-range: |
0.0.0.0/0
name: ingress-argocd
namespace: dmz
spec:
rules:
- host: argocd.wadexu.cloud
http:
paths:
- backend:
service:
name: argocd-ext-svc
port:
number: 8080
path: /
pathType: Prefix
tls:
- hosts:
- argocd.wadexu.cloud
secretName: tls-secret
---
# add externalName type svc in dmz namespace, so that Ingress (in dmz) can point to this svc in argocd ns
apiVersion: v1
kind: Service
metadata:
name: argocd-ext-svc
namespace: dmz
spec:
type: ExternalName
externalName: argocd-server.argocd.svc.cluster.local
ports:
- name: http
port: 8080
targetPort: 80
protocol: TCP
selector:
app.kubernetes.io/name: argocd-server
2. 使用 Emissary 參考 雲原生之旅 - 9)雲原生時代閘道器的後起之秀Envoy Proxy 和基於Envoy 的 Emissary Ingress
Option 3: 埠轉發
執行下面命令然後本地瀏覽器存取 `https://localhost:8080`
kubectl port-forward svc/argocd-server -n argocd 8080:443
The initial password for the admin account is auto-generated and stored as clear text in the field password in a secret named argocd-initial-admin-secret in your Argo CD installation namespace. You can simply retrieve this password using kubectl
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo
域名取決於你在gateway裡面的設定,Login now
argocd login https://argocd.wadexu.cloud
如果是埠轉發,參考如下命令
kubectl port-forward svc/argocd-server -n argocd 8080:443 argocd login https://localhost:8080 --username admin --password <repalce_me>
更改密碼
argocd account update-password
註冊 external Cluster
(Optional) 這一步是為了deploy到到外部的cluster,如果僅僅deploy到和Argo CD一起的cluster 則使用 https://kubernetes.default.svc
# list context kubectx argocd cluster add xxx_context
建立 Application
Creating Apps Via CLI
kubectl config set-context --current --namespace=argocd argocd app create my-app --repo https://github.com/wadexu007/learning_by_doing.git --path Kustomize/demo-manifests/services/demo-app/dev --dest-server https://kubernetes.default.svc --dest-namespace demo
Sync (Deploy) Application
Syncing via CLI
argocd app get my-app argocd app sync my-app
通過UI 建立和Sync Application 也非常簡單。詳見官方檔案。
## 本文同步發表於知乎 https://zhuanlan.zhihu.com/p/584881969
更多
Argo CD supports several different ways in which Kubernetes manifests can be defined:
- Kustomize applications (我的例子)
- Helm charts
- A directory of YAML/JSON/Jsonnet manifests, including Jsonnet.
- Any custom config management tool configured as a config management plugin
感謝閱讀,如果您覺得本文的內容對您的學習有所幫助,您可以打賞和推薦,您的鼓勵是我創作的動力。
Learning by Doing