云原生之旅 - 14）遵循 GitOps 实践的好工具 ArgoCD

前言

Argo CD 是一款基于 kubernetes 的声明式的Gitops 持续部署工具。

应用程序定义、配置和环境都是声明式的，并受版本控制
应用程序部署和生命周期管理都是自动化的、可审计的，并且易于理解。

本文使用 ArgoCD + Kustomize 实现自动化部署Kubernetes工作流。

## 本文同步发表于知乎 https://zhuanlan.zhihu.com/p/584881969

安装 Argo CD

kubectl create namespace argocd

kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

命令行工具 Argo CD CLI

MacOS 安装

brew install argocd

访问 Argo CD

Option 1: Service Type Load Balancer

You can change Service Type to Load Balancer

kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "LoadBalancer"}}'

Option 2: (Recommend) 使用 Gateway

1. 使用 Ingress-nginx 可参考云原生之旅 - 8）云原生时代的网关 Ingress Nginx

# Ingress-Nginx installed first

---

apiVersion: networking.k8s.io/v1

kind: Ingress

metadata:

  annotations:

    ingress.kubernetes.io/force-ssl-redirect: "true"

    ingress.kubernetes.io/ssl-redirect: "true"

    kubernetes.io/ingress.class: nginx

    # If you encounter a redirect loop or are getting a 307 response code

    # then you need to force the nginx ingress to connect to the backend using HTTPS.

    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" # argocd backend using HTTPS

    # face to internet, recommend update to restrict access

    nginx.ingress.kubernetes.io/whitelist-source-range: |

      0.0.0.0/0

  name: ingress-argocd

  namespace: dmz

spec:

  rules:

  - host: argocd.wadexu.cloud

    http:

      paths:

      - backend:

          service:

            name: argocd-ext-svc

            port:

              number: 8080

        path: /

        pathType: Prefix

  tls:

  - hosts:

    - argocd.wadexu.cloud

    secretName: tls-secret

---

# add externalName type svc in dmz namespace, so that Ingress (in dmz) can point to this svc in argocd ns

apiVersion: v1

kind: Service

metadata:

  name:  argocd-ext-svc

  namespace: dmz

spec:

  type: ExternalName

  externalName: argocd-server.argocd.svc.cluster.local

  ports:

  - name: http

    port: 8080

    targetPort: 80

    protocol: TCP

  selector:

    app.kubernetes.io/name: argocd-server

argocd_ingress.yaml

2. 使用 Emissary 参考云原生之旅 - 9）云原生时代网关的后起之秀Envoy Proxy 和基于Envoy 的 Emissary Ingress

Option 3: 端口转发

运行下面命令然后本地浏览器访问 `https://localhost:8080`

kubectl port-forward svc/argocd-server -n argocd 8080:443

The initial password for the admin account is auto-generated and stored as clear text in the field password in a secret named argocd-initial-admin-secret in your Argo CD installation namespace. You can simply retrieve this password using kubectl

kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo

域名取决于你在gateway里面的配置，Login now

argocd login https://argocd.wadexu.cloud

如果是端口转发，参考如下命令

kubectl port-forward svc/argocd-server -n argocd 8080:443

argocd login https://localhost:8080 --username admin --password <repalce_me>

更改密码

argocd account update-password

注册 external Cluster

(Optional) 这一步是为了deploy到到外部的cluster，如果仅仅deploy到和Argo CD一起的cluster 则使用 https://kubernetes.default.svc

# list context

kubectx

argocd cluster add xxx_context

创建 Application

Creating Apps Via CLI

kubectl config set-context --current --namespace=argocd

argocd app create my-app --repo https://github.com/wadexu007/learning_by_doing.git --path Kustomize/demo-manifests/services/demo-app/dev --dest-server https://kubernetes.default.svc --dest-namespace demo

Sync (Deploy) Application

Syncing via CLI

argocd app get my-app

argocd app sync my-app

通过UI 创建和Sync Application 也非常简单。详见官方文档。

## 本文同步发表于知乎 https://zhuanlan.zhihu.com/p/584881969

Argo CD supports several different ways in which Kubernetes manifests can be defined:

Kustomize applications (我的例子）
Helm charts
A directory of YAML/JSON/Jsonnet manifests, including Jsonnet.
Any custom config management tool configured as a config management plugin

感谢阅读，如果您觉得本文的内容对您的学习有所帮助，您可以打赏和推荐，您的鼓励是我创作的动力。