云原生之旅 - 14）遵循 GitOps 實踐的好工具 ArgoCD

前言

Argo CD 是一款基于 kubernetes 的宣告式的Gitops 持續部署工具，

1. 應用程式定義、配置和環境都是宣告式的，并受版本控制
2. 應用程式部署和生命周期管理都是自動化的、可審計的，并且易于理解，

本文使用 ArgoCD + Kustomize 實作自動化部署Kubernetes作業流，

## 本文同步發表于知乎 https://zhuanlan.zhihu.com/p/584881969

 

安裝 Argo CD

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

 

命令列工具 Argo CD CLI

MacOS 安裝

brew install argocd

　　

訪問 Argo CD

Option 1: Service Type Load Balancer

You can change Service Type to Load Balancer 

kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "LoadBalancer"}}'

　　

Option 2: (Recommend) 使用 Gateway

1. 使用 Ingress-nginx 可參考 云原生之旅 - 8）云原生時代的網關 Ingress Nginx

# Ingress-Nginx installed first
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    ingress.kubernetes.io/force-ssl-redirect: "true"
    ingress.kubernetes.io/ssl-redirect: "true"
    kubernetes.io/ingress.class: nginx

    # If you encounter a redirect loop or are getting a 307 response code 
    # then you need to force the nginx ingress to connect to the backend using HTTPS.
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" # argocd backend using HTTPS

    # face to internet, recommend update to restrict access
    nginx.ingress.kubernetes.io/whitelist-source-range: | 
      0.0.0.0/0

  name: ingress-argocd
  namespace: dmz
spec:
  rules:
  - host: argocd.wadexu.cloud
    http:
      paths:
      - backend:
          service:
            name: argocd-ext-svc
            port:
              number: 8080
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - argocd.wadexu.cloud
    secretName: tls-secret

---
# add externalName type svc in dmz namespace, so that Ingress (in dmz) can point to this svc in argocd ns
apiVersion: v1
kind: Service
metadata:
  name:  argocd-ext-svc
  namespace: dmz
spec:
  type: ExternalName
  externalName: argocd-server.argocd.svc.cluster.local
  ports:
  - name: http
    port: 8080
    targetPort: 80
    protocol: TCP
  selector:
    app.kubernetes.io/name: argocd-server

argocd_ingress.yaml

2. 使用 Emissary 參考 云原生之旅 - 9）云原生時代網關的后起之秀Envoy Proxy 和基于Envoy 的 Emissary Ingress

 

Option 3: 埠轉發

運行下面命令然后本地瀏覽器訪問 `https://localhost:8080`

kubectl port-forward svc/argocd-server -n argocd 8080:443

 

The initial password for the admin account is auto-generated and stored as clear text in the field password in a secret named argocd-initial-admin-secret in your Argo CD installation namespace. You can simply retrieve this password using kubectl

kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo

域名取決于你在gateway里面的配置，Login now

argocd login https://argocd.wadexu.cloud

如果是埠轉發，參考如下命令

kubectl port-forward svc/argocd-server -n argocd 8080:443
argocd login https://localhost:8080 --username admin --password <repalce_me> 

更改密碼

argocd account update-password

 

注冊 external Cluster

(Optional) 這一步是為了deploy到到外部的cluster，如果僅僅deploy到和Argo CD一起的cluster 則使用 https://kubernetes.default.svc

# list context
kubectx

argocd cluster add xxx_context

 

創建 Application

Creating Apps Via CLI

kubectl config set-context --current --namespace=argocd

argocd app create my-app --repo https://github.com/wadexu007/learning_by_doing.git --path Kustomize/demo-manifests/services/demo-app/dev --dest-server https://kubernetes.default.svc --dest-namespace demo

 

Sync (Deploy) Application

Syncing via CLI

argocd app get my-app
argocd app sync my-app

 

通過UI 創建和Sync Application 也非常簡單，詳見官方檔案，

## 本文同步發表于知乎 https://zhuanlan.zhihu.com/p/584881969

 

更多

Argo CD supports several different ways in which Kubernetes manifests can be defined:

• Kustomize applications (我的例子）
• Helm charts
• A directory of YAML/JSON/Jsonnet manifests, including Jsonnet.
• Any custom config management tool configured as a config management plugin

  感謝閱讀，如果您覺得本文的內容對您的學習有所幫助，您可以打賞和推薦，您的鼓勵是我創作的動力，     Learning by Doing

轉載請註明出處，本文鏈接：https://www.uj5u.com/qita/536883.html

標籤：其他

上一篇：作業匯報

下一篇：爺不伺候了