GitOps实践之kubernetes部署Argocd

海哥  金牌会员 | 2022-12-14 19:16:24 | 显示全部楼层 | 阅读模式
打印 上一主题 下一主题
楼主

主题 826|帖子 826|积分 2478

1. 什么是Argocd

1.Argo CD是Kubernetes的一个声明性GitOps持续交付工具。
2.应用程序定义、配置和环境应该是声明性的和版本控制的。应用程序部署和生命周期管理应自动化、可审核且易于理解。
3.Argo CD 是以 Kubernetes 作为基础设施,遵循声明式 GitOps 理念的持续交付(continuous delivery, CD)工具,支持多种配置管理工具,包括 ksonnet/jsonnet、kustomize 和 Helm 等。它的配置和使用非常简单,并且自带一个简单易用的可视化界面。

4.按照官方定义,Argo CD 被实现为一个 Kubernetes 控制器,它会持续监控正在运行的应用,并将当前的实际状态与 Git 仓库中声明的期望状态进行比较,如果实际状态不符合期望状态,就会更新应用的实际状态以匹配期望状态。
5.Argo CD 会被部署在 Kubernetes 集群中,使用的是基于 Pull 的部署模式,它会周期性地监控应用的实际状态,也会周期性地拉取 Git 仓库中的配置清单,并将实际状态与期望状态进行比较,如果实际状态不符合期望状态,就会更新应用的实际状态以匹配期望状态。

官方文档: https://argo-cd.readthedocs.io/en/stable/
2. 安装Argocd

2.1 部署yaml
  1. kubectl create namespace argocd
  2. kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/core-install.yaml
  3. [root@kn-server-master01-13 argocd]# kubectl apply -n argocd -f  install.yaml
  4. customresourcedefinition.apiextensions.k8s.io/applications.argoproj.io created
  5. customresourcedefinition.apiextensions.k8s.io/applicationsets.argoproj.io created
  6. customresourcedefinition.apiextensions.k8s.io/appprojects.argoproj.io created
  7. serviceaccount/argocd-application-controller created
  8. serviceaccount/argocd-applicationset-controller created
  9. serviceaccount/argocd-dex-server created
  10. serviceaccount/argocd-notifications-controller created
  11. serviceaccount/argocd-redis created
  12. serviceaccount/argocd-repo-server created
  13. serviceaccount/argocd-server created
  14. role.rbac.authorization.k8s.io/argocd-application-controller created
  15. role.rbac.authorization.k8s.io/argocd-applicationset-controller created
  16. role.rbac.authorization.k8s.io/argocd-dex-server created
  17. role.rbac.authorization.k8s.io/argocd-notifications-controller created
  18. role.rbac.authorization.k8s.io/argocd-server created
  19. clusterrole.rbac.authorization.k8s.io/argocd-application-controller created
  20. clusterrole.rbac.authorization.k8s.io/argocd-server created
  21. rolebinding.rbac.authorization.k8s.io/argocd-application-controller created
  22. rolebinding.rbac.authorization.k8s.io/argocd-applicationset-controller created
  23. rolebinding.rbac.authorization.k8s.io/argocd-dex-server created
  24. rolebinding.rbac.authorization.k8s.io/argocd-notifications-controller created
  25. rolebinding.rbac.authorization.k8s.io/argocd-redis created
  26. rolebinding.rbac.authorization.k8s.io/argocd-server created
  27. clusterrolebinding.rbac.authorization.k8s.io/argocd-application-controller created
  28. clusterrolebinding.rbac.authorization.k8s.io/argocd-server created
  29. configmap/argocd-cm created
  30. configmap/argocd-cmd-params-cm created
  31. configmap/argocd-gpg-keys-cm created
  32. configmap/argocd-notifications-cm created
  33. configmap/argocd-rbac-cm created
  34. configmap/argocd-ssh-known-hosts-cm created
  35. configmap/argocd-tls-certs-cm created
  36. secret/argocd-notifications-secret created
  37. secret/argocd-secret created
  38. service/argocd-applicationset-controller created
  39. service/argocd-dex-server created
  40. service/argocd-metrics created
  41. service/argocd-notifications-controller-metrics created
  42. service/argocd-redis created
  43. service/argocd-repo-server created
  44. service/argocd-server created
  45. service/argocd-server-metrics created
  46. deployment.apps/argocd-applicationset-controller created
  47. deployment.apps/argocd-dex-server created
  48. deployment.apps/argocd-notifications-controller created
  49. deployment.apps/argocd-redis created
  50. deployment.apps/argocd-repo-server created
  51. deployment.apps/argocd-server created
  52. statefulset.apps/argocd-application-controller created
  53. networkpolicy.networking.k8s.io/argocd-application-controller-network-policy created
  54. networkpolicy.networking.k8s.io/argocd-applicationset-controller-network-policy created
  55. networkpolicy.networking.k8s.io/argocd-dex-server-network-policy created
  56. networkpolicy.networking.k8s.io/argocd-notifications-controller-network-policy created
  57. networkpolicy.networking.k8s.io/argocd-redis-network-policy created
  58. networkpolicy.networking.k8s.io/argocd-repo-server-network-policy created
  59. networkpolicy.networking.k8s.io/argocd-server-network-policy created
复制代码
Pod都已经running
  1. [root@kn-server-master01-13 argocd]# kubectl get pods -n argocd
  2. NAME                                               READY   STATUS    RESTARTS   AGE
  3. argocd-application-controller-0                    1/1     Running   0          8m11s
  4. argocd-applicationset-controller-fb8d96cb5-l9kxc   1/1     Running   0          8m12s
  5. argocd-dex-server-69f8bb9b-79wkz                   1/1     Running   0          8m12s
  6. argocd-notifications-controller-85fdd8f7d9-5hfjt   1/1     Running   0          8m12s
  7. argocd-redis-6d67ff987b-7rffz                      1/1     Running   0          8m11s
  8. argocd-repo-server-67566f5fb4-tvkds                1/1     Running   0          8m11s
  9. argocd-server-58dd4685bc-c8wlw                     1/1     Running   0          8m11s
复制代码
修改为Nodeport或者loadbalancer亦或者Ingress才可用访问Argocd WEBUI
  1. [root@kn-server-master01-13 argocd]# kubectl get svc -n argocd
  2. NAME                                      TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
  3. argocd-applicationset-controller          ClusterIP   10.96.233.34    <none>        7000/TCP,8080/TCP            8m35s
  4. argocd-dex-server                         ClusterIP   10.96.15.14     <none>        5556/TCP,5557/TCP,5558/TCP   8m35s
  5. argocd-metrics                            ClusterIP   10.96.99.245    <none>        8082/TCP                     8m35s
  6. argocd-notifications-controller-metrics   ClusterIP   10.96.154.168   <none>        9001/TCP                     8m35s
  7. argocd-redis                              ClusterIP   10.96.182.219   <none>        6379/TCP                     8m35s
  8. argocd-repo-server                        ClusterIP   10.96.108.40    <none>        8081/TCP,8084/TCP            8m35s
  9. argocd-server                             ClusterIP   10.96.164.184   <none>        80/TCP,443/TCP               8m35s
  10. argocd-server-metrics                     ClusterIP   10.96.83.5      <none>        8083/TCP                     8m35s
复制代码

3. 安装Argocd CLI

3.1 下载客户端的安装包
  1. [root@kn-server-master01-13 argocd]# wget  https://github.com/argoproj/argo-cd/releases/download/v2.5.3/argocd-linux-amd64
  2. --2022-12-04 09:56:47--  https://github.com/argoproj/argo-cd/releases/download/v2.5.3/argocd-linux-amd64
  3. 正在解析主机 github.com (github.com)... 20.205.243.166
  4. 正在连接 github.com (github.com)|20.205.243.166|:443... 已连接。
  5. 已发出 HTTP 请求,正在等待回应... 302 Found
  6. 位置:https://objects.githubusercontent.com/github-production-release-asset-2e65be/120896210/dc4d761d-ef5d-4f4c-8dc3-a72e134313c1?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20221204%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20221204T015648Z&X-Amz-Expires=300&X-Amz-Signature=ac9daeadb91a0f6b12cab84d5bc3b5d56abb78e960a93a62f68df9de904360bf&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=120896210&response-content-disposition=attachment%3B%20filename%3Dargocd-linux-amd64&response-content-type=application%2Foctet-stream [跟随至新的 URL]
  7. --2022-12-04 09:56:48--  https://objects.githubusercontent.com/github-production-release-asset-2e65be/120896210/dc4d761d-ef5d-4f4c-8dc3-a72e134313c1?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20221204%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20221204T015648Z&X-Amz-Expires=300&X-Amz-Signature=ac9daeadb91a0f6b12cab84d5bc3b5d56abb78e960a93a62f68df9de904360bf&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=120896210&response-content-disposition=attachment%3B%20filename%3Dargocd-linux-amd64&response-content-type=application%2Foctet-stream
  8. 正在解析主机 objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.108.133, 185.199.109.133, 185.199.110.133, ...
  9. 正在连接 objects.githubusercontent.com (objects.githubusercontent.com)|185.199.108.133|:443... 已连接。
  10. 已发出 HTTP 请求,正在等待回应... 200 OK
  11. 长度:133625646 (127M) [application/octet-stream]
  12. 正在保存至: “argocd-linux-amd64”
  14. 100%[==========================================================================================================================================================>] 133,625,646  595KB/s 用时 4m 18s
  16. 2022-12-04 10:01:07 (506 KB/s) - 已保存 “argocd-linux-amd64” [133625646/133625646])
复制代码
3.2 拷贝并赋权
  1. [root@kn-server-master01-13 argocd]# cp argocd-linux-amd64  /usr/local/bin/argocd
  2. [root@kn-server-master01-13 argocd]#  chmod +x /usr/local/bin/argocd
复制代码
4. 使用Argocd CLI

4.1 Argocd命令帮助
  1. [root@kn-server-master01-13 argocd]# argocd --help
  2. argocd controls a Argo CD server
  4. Usage:
  5.   argocd [flags]
  6.   argocd [command]
  8. Available Commands:
  9.   account     Manage account settings
  10.   admin       Contains a set of commands useful for Argo CD administrators and requires direct Kubernetes access
  11.   app         Manage applications
  12.   appset      Manage ApplicationSets
  13.   cert        Manage repository certificates and SSH known hosts entries
  14.   cluster     Manage cluster credentials
  15.   completion  output shell completion code for the specified shell (bash or zsh)
  16.   context     Switch between contexts
  17.   gpg         Manage GPG keys used for signature verification
  18.   help        Help about any command
  19.   login       Log in to Argo CD
  20.   logout      Log out from Argo CD
  21.   proj        Manage projects
  22.   relogin     Refresh an expired authenticate token
  23.   repo        Manage repository connection parameters
  24.   repocreds   Manage repository connection parameters
  25.   version     Print version information
  27. Flags:
  28.       --auth-token string               Authentication token
  29.       --client-crt string               Client certificate file
  30.       --client-crt-key string           Client certificate key file
  31.       --config string                   Path to Argo CD config (default "/root/.config/argocd/config")
  32.       --core                            If set to true then CLI talks directly to Kubernetes instead of talking to Argo CD API server
  33.       --grpc-web                        Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2.
  34.       --grpc-web-root-path string       Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. Set web root.
  35.   -H, --header strings                  Sets additional header to all requests made by Argo CD CLI. (Can be repeated multiple times to add multiple headers, also supports comma separated headers)
  36.   -h, --help                            help for argocd
  37.       --http-retry-max int              Maximum number of retries to establish http connection to Argo CD server
  38.       --insecure                        Skip server certificate and domain verification
  39.       --kube-context string             Directs the command to the given kube-context
  40.       --logformat string                Set the logging format. One of: text|json (default "text")
  41.       --loglevel string                 Set the logging level. One of: debug|info|warn|error (default "info")
  42.       --plaintext                       Disable TLS
  43.       --port-forward                    Connect to a random argocd-server port using port forwarding
  44.       --port-forward-namespace string   Namespace name which should be used for port forwarding
  45.       --server string                   Argo CD server address
  46.       --server-crt string               Server certificate file
  48. Use "argocd [command] --help" for more information about a command.
复制代码
4.2 命令行登陆Argocd

默认 admin 密码存放在 -cluster secret 里
  1. [root@kn-server-master01-13 ~]# kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo
  2. 56bRDj50k-a1LWpT
复制代码
  1. [root@kn-server-master01-13 argocd]# argocd login 10.0.0.14
  2. WARNING: server certificate had error: x509: cannot validate certificate for 10.0.0.14 because it doesn't contain any IP SANs. Proceed insecurely (y/n)? yes
  3. Username: admin
  4. Password:
  5. 'admin:login' logged in successfully
  6. Context '10.0.0.14' updated
复制代码
4.3 命令行修改Argocd登陆密码

由于Argocd的密码过于复杂,并不易于记住,所以修改Argocd登陆密码。
  1. [root@kn-server-master01-13 argocd]# argocd account update-password
  2. *** Enter password of currently logged in user (admin):  输入argocd的原密码
  3. *** Enter new password for user admin:
  4. *** Confirm new password for user admin:
  5. Password updated
  6. Context '10.0.0.14' updated   密码修改成功,WEBUI会自动刷新。
复制代码

另外Argocd可能在国内无法拖下镜像,需要镜像的可以留言,后续会将Argocd镜像上传至Docker Hub。

免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有账号?立即注册

x
回复

使用道具 举报

0 个回复

倒序浏览
返回列表

快速回复

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 or 立即注册

本版积分规则

海哥

金牌会员
这个人很懒什么都没写!

楼主热帖

标签云

挺好的 服务器
微信订阅号
微信服务号
微信客服
小程序
H5
关于我们 商务合作 网站地图
©Copyright 2022-2024 杭州祥升科技有限公司 版权所有 浙ICP备20004199号
快速回复 返回顶部 返回列表