Argo CD部署
系统环境
kubernetes :v1.20.4
argocd :latest (v2.6.1)
ArgoCD简介
Argo CD 是一个为 Kubernetes 而生的,遵循声明式 GitOps 理念的持续部署(CD)工具。Argo CD 可在 Git 存储库更改时自动同步和部署应用程序
ArgoCD部署
yaml部署
[root@k8s01 argo]# kubectl create namespace argocd
[root@k8s01 argo]# kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
helm部署
[root@k8s01 argo]# kubectl create namespace argocd
namespace/argocd created
[root@k8s01 argo]# kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
customresourcedefinition.apiextensions.k8s.io/applications.argoproj.io created
customresourcedefinition.apiextensions.k8s.io/applicationsets.argoproj.io created
customresourcedefinition.apiextensions.k8s.io/appprojects.argoproj.io created
...
networkpolicy.networking.k8s.io/argocd-notifications-controller-network-policy created
networkpolicy.networking.k8s.io/argocd-redis-network-policy created
networkpolicy.networking.k8s.io/argocd-repo-server-network-policy created
networkpolicy.networking.k8s.io/argocd-server-network-policy created
查看被安装的资源(如遇argocd-dex-server镜像拉群失败可改成bitnami/dex:2.37.0)
[root@k8s01 argo]# kubectl get -n argocd all
NAME READY STATUS RESTARTS AGE
pod/argocd-application-controller-0 1/1 Running 0 96s
pod/argocd-applicationset-controller-655f5c6755-qlts5 1/1 Running 0 97s
pod/argocd-dex-server-58bccd7b46-zg67g 1/1 Running 0 97s
pod/argocd-notifications-controller-76c9c86cbd-k8bz4 1/1 Running 0 97s
pod/argocd-redis-6bf7d576c7-rsrrv 1/1 Running 0 97s
pod/argocd-repo-server-bcd778fc6-s5f2b 1/1 Running 0 97s
pod/argocd-server-7c5bb46549-vkmgv 1/1 Running 0 97s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/argocd-applicationset-controller ClusterIP 10.96.75.194 <none> 7000/TCP,8080/TCP 97s
service/argocd-dex-server ClusterIP 10.96.253.50 <none> 5556/TCP,5557/TCP,5558/TCP 97s
service/argocd-metrics ClusterIP 10.96.25.207 <none> 8082/TCP 97s
service/argocd-notifications-controller-metrics ClusterIP 10.96.139.239 <none> 9001/TCP 97s
service/argocd-redis ClusterIP 10.96.73.116 <none> 6379/TCP 97s
service/argocd-repo-server ClusterIP 10.96.107.125 <none> 8081/TCP,8084/TCP 97s
service/argocd-server ClusterIP 10.96.92.80 <none> 80/TCP,443/TCP 97s
service/argocd-server-metrics ClusterIP 10.96.211.54 <none> 8083/TCP 97s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/argocd-applicationset-controller 1/1 1 1 97s
deployment.apps/argocd-dex-server 0/1 1 0 97s
deployment.apps/argocd-notifications-controller 1/1 1 1 97s
deployment.apps/argocd-redis 1/1 1 1 97s
deployment.apps/argocd-repo-server 1/1 1 1 97s
deployment.apps/argocd-server 1/1 1 1 97s
NAME DESIRED CURRENT READY AGE
replicaset.apps/argocd-applicationset-controller-655f5c6755 1 1 1 97s
replicaset.apps/argocd-dex-server-58bccd7b46 1 1 0 97s
replicaset.apps/argocd-notifications-controller-76c9c86cbd 1 1 1 97s
replicaset.apps/argocd-redis-6bf7d576c7 1 1 1 97s
replicaset.apps/argocd-repo-server-bcd778fc6 1 1 1 97s
replicaset.apps/argocd-server-7c5bb46549 1 1 1 97s
NAME READY AGE
statefulset.apps/argocd-application-controller 1/1 96s
ArgoCD访问
访问Argocd的方法有两种
Web UI
Argocd CLI
Web UI访问
可以通过域名或者ip:nodeport方式登录
获取admin密码如下:
[root@k8s01 argo]# kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d && echo
kbWhsmRujJx8xpO9
ArgoCD CLI访问
下载客户端
[root@k8s01 argo]# wget https://github.com/argoproj/argo-cd/releases/download/v2.6.1/argocd-linux-amd64
[root@k8s01 argo]# cp argocd-linux-amd64 /usr/local/bin/argocd
[root@k8s01 argo]# chmod 777 /usr/local/bin/argocd
登录
#一键登录
# argocd login <argocd-server> --grpc-web
[root@k8s01 argo]# argocd login <argocd-server> --username admin --password $(kubectl --kubeconfig=$KCONFIG -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d ) --insecure --grpc-web
修改密码
[root@k8s01 argo]# argocd login <argocd-server>
[root@k8s01 argo]# argocd account list
[root@k8s01 argo]# argocd account update-password \
--account <name> \
--current-password <current-admin> \
--new-password <new-user-password>
使用CLI创建测试应用
创建Argocd应用
使用界面化及Cli 命令行方式创建演示,更多命令行说明可参考官网文档
添加kubernetes集群
默认情况下Argocd已经将当前k8s集群添加到了Clusters列表中,如果想CD到其他集群需要执行命令添加
[root@k8s01 argo]# argocd cluster add $clustername --kubeconfig kube.config
# $clustername是kube.config中/contexts/name字段的值 (集群名称)
[root@k8s01 argo]# argocd cluster add k8s-test --kubeconfig test-k8s.kube.config
INFO[0001] ServiceAccount "argocd-manager" already exists in namespace "kube-system"
INFO[0001] ClusterRole "argocd-manager-role" updated
INFO[0001] ClusterRoleBinding "argocd-manager-role-binding" updated
Cluster 'https://192.168.*.*:6443' added
#验证
[root@k8s01 argo]# argocd cluster list
SERVER NAME VERSION STATUS MESSAGE PROJECT
https://192.168.***.***:6443 k8s-test Unknown
https://kubernetes.default.svc in-cluster 1.20 Successful
添加Repositories
[root@k8s01 ~]# argocd repo add http://git.******.com/devops/pipeline-cd.git --username admin --password ******
Repository 'http://git.******.com/devops/pipeline-cd.git' added
#验证
[root@k8s01 ~]# argocd repo list
TYPE NAME REPO INSECURE OCI LFS CREDS STATUS MESSAGE PROJECT
git http://git.******.com/devops/pipeline-cd.git false false alse true Successful
添加Applications
[root@k8s01 ~]# cat test.yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: devops-argocd
namespace: argocd
spec:
project: default # 定义的项目名
source:
repoURL: http://git.******.com/devops/pipeline-cd.git # git地址
targetRevision: master # git分支
path: manifests # git路径对应到目录下的配置
destination:
server: https://192.168.***.***:6443 # k8s api
namespace: pre-env # 名称空间
[root@k8s01 ~]# kubectl apply -f test.yaml
application.argoproj.io/devops-argocd-test created
#验证
[root@k8s01 ~]# argocd app list
NAME CLUSTER NAMESPACE PROJECT STATUS HEALTH SYNCPOLICY CONDITIONS REPO PATH TARGET
argocd/devops-argocd https://192.168.x.x:6443 pre-env default OutOfSync Missing <none> <none> http://git.******.com/devops/pipeline-cd.git manifests master
devops-argocd模板(git仓库模版格式如下)
[root@k8s01 ~]# tree manifests
manifests
manifests/deployment.yaml
[root@k8s01 ~]# cat manifests/deployment.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: demo-test
name: demo-test
spec:
replicas: 1
selector:
matchLabels:
app: demo-test
template:
metadata:
labels:
app: demo-test
spec:
containers:
- image: nginx:1.18.0
imagePullPolicy: IfNotPresent
name: demo-test
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
labels:
app: demo-test
name: demo-test
spec:
ports:
- name: tcp-80
port: 80
protocol: TCP
targetPort: 80
nodePort: 33380
selector:
app: demo-test
type: NodePort
同步Applications
添加应用后,默认需要手动sync下,可以使用Web UI 点击SYNC同步,或者使用命令行同步
[root@k8s01 ~]# argocd app list
NAME CLUSTER NAMESPACE PROJECT STATUS HEALTH SYNCPOLICY CONDITIONS REPO PATH TARGET
argocd/devops-argocd https://192.168.***.***:6443 my-app default OutOfSync Missing <none> <none> http://git.******.com/devops/pipeline-cd.git manifests master
[root@k8s01 ~]# argocd app sync devops-argocd
Web UI 此时显示绿色状态
集群查看应用状态
[root@k8s01 ~]# kubectl get -n pre-env all
NAME READY STATUS RESTARTS AGE
pod/demo-test-77bcd76478-cp29w 1/1 Running 0 95s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/demo-test NodePort 10.96.59.98 <none> 80:33380/TCP 95s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/demo-test 1/1 1 1 95s
NAME DESIRED CURRENT READY AGE
replicaset.apps/demo-test-77bcd76478 1 1 1 95s
验证CD功能
测试CD流程
ArgoCD默认情况下每3分钟会检测Git仓库一次,用于判断应用实际状态是否和Git中声明的期望状态一致,如果不一致,状态就转换为OutOfSync。默认情况下并不会触发更新,除非通过syncPolicy配置了自动同步。如果嫌周期性同步太慢了,也可以通过设置Webhook来使Git仓库更新时立即触发同步,具体的使用方式在后面的续教程
手动触发(SYNC)
仓库将manifests/deployment.yaml中image由1.18.0改为1.19.0并提交master分支
3分钟左右agrocd会检测到,并将App状态转换为OutOfSync
此时就需要手动点击SYNC 将更改同步到目标集群
自动触发
为应用开启自动同步,开启后检测到状态不一致将会自动同步,无需手动sync,配置自动同步运行如下:
[root@k8s01 ~]# argocd app set devops-argocd --sync-policy automated
或者
[root@k8s01 ~]# kubectl -n argocd edit app devops-argocd-test
...
spec:
syncPolicy:
automated: {}
...
测试:
仓库将manifests/deployment.yaml中 image 由1.19.0改回1.18.0,并将replicas改为2 ,提交master分支
3分钟左右agrocd会检测到,并自动同步到目标集群
基础元素说明
PRUNE: 删除没有存在价值的对象
DRY RUN:干运行(试运行)。禁止ApplicationSet创建、修改或删除所有应用程序
https://github.com/argoproj/argo-cd/issues/12592
APPLY ONLY:如果选择“Apply Only”,那么Argo CD将跳过前后同步挂钩,只运行kubectl申请应用程序资源。
FORCE:强制执行。但是,需要注意的是,当补丁重试5次后遇到冲突时,强制操作会删除资源。
SKIP SCHEMA VALIDATION: 是否跳过模式验证
AUTO-CREATE NAMESPACE:自动创建命名空间
PRUNE LAST:此特性允许在部署其他资源并恢复正常之后,以及在所有其他波成功完成之后,将资源修剪作为同步操作的最后隐式波进行。
APPLY OUT OF SYNC ONLY:使用自动同步进行同步时,Argo CD会应用应用程序中的每个对象,对于包含数千个对象的应用程序,这需要相当长的时间,并且会给 api 服务器带来不适当的压力。 启用选择性同步选项,该选项将仅同步不同步的资源
RESPECT IGNORE DIFFERENCES:此同步选项用于使 Argo CD 在同步阶段也考虑属性中进行的配置
默认情况下,Argo CD 仅使用配置来计算实时状态和所需状态之间的差异,该状态定义了应用程序是否同步。但是,在同步阶段,所需状态将按原样应用。修补程序是使用实时状态、所需状态和注释之间的 3 向合并来计算的。这有时会导致不希望的结果。
SERVER-SIDE APPLY:默认情况下,Argo CD 执行操作来应用 Git 中存储的配置。 这是一个客户端操作,它依赖于注释来存储以前的资源状态
资源太大,无法容纳 262144 字节允许的注释大小。在这种情况下 服务器端应用可用于避免此问题,因为在这种情况下不使用注释。
REPLACE:替换资源,而不是修改资源(更新)在同步过程中,将使用“kubectl 替换/创建”命令同步资源。 此同步选项可能具有破坏性,并可能导致必须重新创建资源,这可能会导致应用程序中断
RETRY:重试策略